diff --git a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
index 8c08569e30..681e7c27da 100644
--- a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73002265-876c-44dc-9a19-dcafc22b7779",
+    "id": "bundle--35951e7d-98ff-4baf-b64c-09fab1b85ed9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
index feb2cb237d..531876fbc1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
+++ b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d291b44-6fd4-4d81-8b4f-2a5ea12e3ca4",
+    "id": "bundle--dcb15db3-6fe9-4e32-9e8b-b51d703d81b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
index 80c2048752..040cbf06e2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
+++ b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28660bb2-c3c2-4743-ab91-7b20e4ac3051",
+    "id": "bundle--43a5d61a-7171-4988-9306-9f6a8d20a753",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
index a42623bdad..9e9d340ed5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--402bcd38-eaee-43b3-b8f7-4b531583b21b",
+    "id": "bundle--07b083b0-5fb0-43c9-8ed9-1adffe6eb464",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
index 239a97ea9c..09ea522908 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--557f6abf-786b-4e7a-8a16-9f419ed14476",
+    "id": "bundle--1208e4ae-7b8c-4bab-8e7a-077c863ad389",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
index c701c6cb67..ab46cdeadd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5a9f230-25a3-46de-8b4c-45fab35c56e8",
+    "id": "bundle--684addf4-02fc-4164-ae6e-4777197705b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
index d96f3eb117..50226cdd76 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c3a681c2-27d7-4b80-90d2-d648806bf6e4",
+    "id": "bundle--b0c0d348-8203-484d-9f58-79fa58fc3762",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
index 1cea559823..a0aa6b98d0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec7240c4-9ec1-40fc-998a-c8120f4f6259",
+    "id": "bundle--6eda4bc1-b851-4215-bc9d-6967fc7a194e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
index 5aa7ec78f6..617deaeda3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7900cfa8-ccc6-45ab-bf92-855b1b026ce6",
+    "id": "bundle--b808c883-46ff-40c5-a20f-17f30c103c24",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
index 302780f36a..413ce3cb56 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00ce2d31-fdee-4d36-8ff9-45179c602ed4",
+    "id": "bundle--077c3879-19ac-4d44-abbc-3da94fde3d86",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
index 88bc406715..276c681da7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
+++ b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d082bd02-8096-43b8-af0a-603f18eb8ed9",
+    "id": "bundle--59c5a24f-6155-4a57-b7ec-0840debb6f59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
index 33cd13ddfc..3393f87a66 100644
--- a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca10b00b-ae6e-453d-a360-0f8308ffc467",
+    "id": "bundle--a1fd677c-fbe3-46c4-a57c-a4e67366c41a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
index d973c21d16..c4893c8eca 100644
--- a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
+++ b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b62ebe8-aaab-4946-bc6f-7a50d7ac8aea",
+    "id": "bundle--0585b69d-8c4a-4941-81fc-975cd549bbcb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
index fb6fb20b11..2514d18d5f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e72ab6f4-aabf-4de3-b8a5-28e3ce1d1e22",
+    "id": "bundle--d1a0a29d-f7fe-405e-9d35-e7953897a2b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
index 726b6e65eb..5937ae6309 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eeec7cae-1baa-451b-97ab-1662ca85dd99",
+    "id": "bundle--9b942554-f7be-466b-8c6e-64ffd8fe977f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
index f3615d3bbb..d0153c0f08 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--972f1804-e356-45a1-a269-a3833684f234",
+    "id": "bundle--e71ee8e0-1acd-48f2-adf4-e49b8953dcec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
index cc966e7d2d..abd2240ee9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af48ac4d-bb1f-4030-b6ed-349cacbce986",
+    "id": "bundle--9a044fda-a6d3-4b46-926c-03ba778ab2c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
index 2aaa27099a..634a313200 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f5d9464-a65e-4d21-b82c-c98d5420cb44",
+    "id": "bundle--9509c326-27cc-4f6f-82e1-17c606c94843",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
index 9922c89c01..d5b05a703a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--911e2363-a301-4898-aeb6-078b9cd14c65",
+    "id": "bundle--212bf3a2-b3f2-4852-a07f-e11cec9f0848",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
index 738a0842fa..859b343702 100644
--- a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49758e81-17eb-43a5-8c7b-1d2ce6e684d4",
+    "id": "bundle--03a4835b-cb5d-4a5e-9176-e3fdc0b8fa15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
index ddf8621f05..c5add94b62 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4311240c-1804-4f2b-a0e2-5a0e4a90d4c7",
+    "id": "bundle--a4836c53-e0fc-43bb-b770-a11fe58c3d51",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
index 49aad049ef..d82c6e55bc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9670e5fb-90fd-4851-9883-8d41f9632cc9",
+    "id": "bundle--b58364bd-b58c-42d7-a68b-f7ac951ce7b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
index b971e2febf..ac2a6bc8be 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53310f6b-be11-4448-bbdc-21567c957520",
+    "id": "bundle--f5a3bcd8-7177-4fbf-887e-0f2f2f834214",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
index 1c74dc52f7..2397d8f5e2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
+++ b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--774e8d80-6890-452a-a0ee-6dfb46c8ec45",
+    "id": "bundle--46a39df5-8f04-4521-acca-0ac4e3e203f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
index 6db6263d35..29b8f4986a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
+++ b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--833f2659-bace-4daf-9360-67abbf78d37c",
+    "id": "bundle--2f545a6c-f298-4018-b265-b83251dca311",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
index f0f8ed46fe..dd93792a85 100644
--- a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d2d9f40-de11-41d0-92d6-bc5616157ee2",
+    "id": "bundle--e8d5fee6-aeb0-4811-b875-fc05fcf6a93e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
index 48ae2def9e..331df418bd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
+++ b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bd71dc6-7a91-44e1-87dc-4395ef40f95c",
+    "id": "bundle--17476ec8-ed72-4bf3-b52b-177d1b0b8b81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
index e9ced83c65..695b4c20f0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34c72620-1f70-4050-8d15-f3e6308ea69f",
+    "id": "bundle--189a7961-86dc-40b3-a2d3-6c47f956f631",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
index 78c2c34897..5325a84e95 100644
--- a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
+++ b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--276c005b-78a9-4ba4-be21-f893d4dbfae9",
+    "id": "bundle--f6b2ea80-a501-4685-a02b-3eb090bcb1dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
index 3f64a686e6..8d60a1c553 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59a6c337-b4a2-4dd8-8615-3b74df1913ae",
+    "id": "bundle--bb8a5714-0fe6-4ec5-993f-ab8d20a4d3f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
index c0c7e11d7d..062f3341de 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cfda4c0c-e547-4571-9e14-cd1ac36f6be2",
+    "id": "bundle--922d6261-8533-457d-9f10-deba88cddb0b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
index a00aaa7760..b864bfd55e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b61034a0-36e1-4d92-beeb-f99268e14c3e",
+    "id": "bundle--ad5b7e56-cfe6-4c0e-98a0-b522b93f90ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
index 88cf63e28a..de22943280 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6713a306-170c-40c5-9ec3-a779d50dcc60",
+    "id": "bundle--ad5fdf07-bf3f-4504-9b28-31ac314a1ac0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
index e6fc80b3f2..94c12367f2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--374d01e3-1b0f-40f1-bded-2a42982a8456",
+    "id": "bundle--63b00cb9-27d1-4674-9314-ed768931a31c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
index 637466f84d..8e42fbd131 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf8fab9a-02cb-44d7-8106-952a7c40d128",
+    "id": "bundle--e4b0a638-a3e7-4889-85b4-350bab16464e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
index 243e872566..43dbef40b6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ef32b98-eb61-43f0-ae8d-c0f226b56f37",
+    "id": "bundle--86664cab-53fd-424d-a47c-00d9221f743d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
index 61f5a2016e..a7513ed1ed 100644
--- a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
+++ b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a4ffa35-0211-40cf-bf1b-f3e8fdc348b4",
+    "id": "bundle--993f5f74-a33f-4699-b459-a9cc8bfd2b37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
index 4f3a1c25af..99ca33dee7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d8fb156-8785-4954-8a91-5363dad56f5f",
+    "id": "bundle--e46f96b4-077a-4654-897e-4a50d4de9d08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
index 14459c701c..546f1cfb36 100644
--- a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
+++ b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8b678c1-07d1-4971-9e69-1d773278aa06",
+    "id": "bundle--7702d0cf-3501-4164-88ce-5b540f606cc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
index 71a550c33b..276f40e1eb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebd422b0-bf8a-4fcc-9534-6566f7141f48",
+    "id": "bundle--c240bfcb-c28d-4e50-a384-07c8c78a228d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
index 49afdbd0ac..20c4dc0f02 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--efd23b8b-651b-4ee4-90be-5b144e40e5a6",
+    "id": "bundle--f1b49f85-a371-4042-a434-f25640ad6aa9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
index a3b7f4df8e..b823f74ecb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
+++ b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac4cf8b0-fdd6-4225-8770-33f202775e99",
+    "id": "bundle--7acc1f17-46cc-41d4-ac04-4005c2d679da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
index 27e34e70a3..f42a98e610 100644
--- a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0f04647-27a9-4919-bb60-258a7249f2e2",
+    "id": "bundle--1ef7f20d-61d2-4730-8281-de3f957ceed6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
index 755eeebe8a..93a86f8db0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c62c9ac-b9dd-4e38-bf26-3471487bbcad",
+    "id": "bundle--badb8679-b3be-4491-88e7-9d7f7fc838ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
index 20a2bdf370..1ed1449e82 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e7247f9-0717-4ca3-9455-13995fae8bf4",
+    "id": "bundle--6e60f354-3f46-48aa-b63c-8de6a60e8264",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
index c6f846887d..9f2e422fb4 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5709d32d-e096-4a81-9ce9-50da2b9f7123",
+    "id": "bundle--d980a263-ce8f-4275-854c-dbb20a623a9d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
index 126138bc8c..718455e6e4 100644
--- a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
+++ b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--528290e0-3b97-4239-8de5-a94986c0ec30",
+    "id": "bundle--53cf85c4-3e3f-4560-9701-e2d695796e1a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
index c7bb4ffc80..30d8e559c7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9684e66-fa5c-4a3e-8463-12827f344458",
+    "id": "bundle--5a7a243f-7f2b-4053-9eb5-e06af8793700",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
index 240798113c..b126007662 100644
--- a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
+++ b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e0ae2bd-b5c9-4c0a-b8df-b68424c55720",
+    "id": "bundle--93980654-a1c4-446d-aae4-5de17c8c8ead",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
index 52c3fe1327..1715ec00a5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23b7c727-5492-458e-abef-52ce75435fb2",
+    "id": "bundle--c9cba828-99e5-4895-aff8-eca4a0625d23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
index 2832277be7..e59459c655 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23c05b69-0fa2-4ab2-b2f5-af5c7382904a",
+    "id": "bundle--87c721d3-a673-4056-8b49-6f920124c00d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
index 1ca968c951..f0cd36c752 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--89ba096f-1c39-44ae-8d6f-9fa02e39ea52",
+    "id": "bundle--fefb7ab1-df62-444b-9219-6840949cefd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
index 3f6f820c2d..50458143bd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
+++ b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f903306c-51af-4163-b3fb-2e4e1ff2cc9c",
+    "id": "bundle--3ea96577-32be-477a-bcfb-4b36e6825637",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
index 1f4092821c..73d482d2c1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
+++ b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--efff8f0f-6d13-49e6-84aa-ab7831f8c4bc",
+    "id": "bundle--2adec53a-47d5-4513-adb6-29d28817e5fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
index 3d1098665e..c3bce262cd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2107341-c22d-4100-8c39-f4d662a1e3cb",
+    "id": "bundle--ad615261-8cee-41ca-af7a-6bffdf6b5c96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
index 277ae0f21b..9e5253a9ea 100644
--- a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--856861ae-9f64-4b8e-ac65-b6bafe369076",
+    "id": "bundle--47180ada-75c9-47be-add6-d8396711961a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
index 6377378668..2436ba3436 100644
--- a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
+++ b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b50a45f9-e2e1-461b-959c-abcd0b0be505",
+    "id": "bundle--ddf19aac-906d-42aa-974c-c7c5599c4ebd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
index 456f477faf..946eebfabf 100644
--- a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
+++ b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79c98063-7c43-4bf7-a907-2c6ff1f297a1",
+    "id": "bundle--05ba9318-bde6-4c90-8d0d-cdb40fbaa922",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
index aab552ca1b..3b0ccfdba3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--239d888c-962e-49b6-8873-2279c3c53d35",
+    "id": "bundle--99599fba-b66c-42ce-8242-bb588a51cb4e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
index 5180e88e75..01269eba42 100644
--- a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
+++ b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f04bdbd-39dc-47be-b765-4c53ea1fe57c",
+    "id": "bundle--9cf76c83-aa2d-4691-95ee-848c53bdeb8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
index 9a5438092a..2a8eaa84a9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e06ef7d2-2c80-4a3d-8391-9f8e5f6a0e36",
+    "id": "bundle--845f52eb-eb0a-4651-96a2-b72aa8e1c65f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
index 0d13d48861..f6296d631f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0691f0fd-00af-405f-8c68-0652978fb342",
+    "id": "bundle--2857396b-539a-4a64-882c-f49c51cad3ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
index 09c5e8242e..e26d4e3a14 100644
--- a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--774bbc4a-8ab3-4364-a376-2fff5c8bef91",
+    "id": "bundle--daea19ed-62d3-457e-8be1-eb91975d81dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
index 18cfb20c00..f010d1aae6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9700395f-64d1-45f5-86b5-d2df7b51db39",
+    "id": "bundle--b6204441-1ef2-433e-8f3a-02767e761251",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
index 0afdc449b8..f2860ec1f8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ffa7147-60de-461d-b148-b9390fc03ed8",
+    "id": "bundle--43c16539-c1d2-4f78-9988-431d40894e24",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
index e681840e91..e20684ea58 100644
--- a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98bc4c84-7243-4474-9b27-80bec690314f",
+    "id": "bundle--f999429f-4f7d-4846-aa1b-9204af3a29bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
index 80c3d4427f..a002f314f8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce40e1a2-781d-4596-adaa-74b0681176e8",
+    "id": "bundle--910e66ba-667f-4b7d-b002-b4385240ccc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
index b6371f55d5..36e17be162 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b135ced6-a64c-48ca-8e51-33c8aaa76277",
+    "id": "bundle--65367de4-be00-45fe-adef-2d5b9bef2f73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
index a3967755c4..faee58e765 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ab3df75-2367-410b-b8af-c313c923abe5",
+    "id": "bundle--fec21542-fbec-4d64-9ea0-0e3c619cd6d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
index 9d380e21e8..9012d7b44a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d4cbd12-390e-434b-9cf4-d0a25383f828",
+    "id": "bundle--50f238ba-0c45-42b7-bc81-90310b4c799a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
index 446ed2041d..b7519adbc8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc8401ed-a427-47a1-9188-2dbec0c34f85",
+    "id": "bundle--98b55f43-9fdd-4347-84c8-260b2dea9ca6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
index 331881b090..7737964e17 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--803d457a-ab39-4538-a24e-1173c5032e64",
+    "id": "bundle--71a970e3-09f0-469c-8466-36d076999670",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
index 3fc70c3506..6b76e0b269 100644
--- a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
+++ b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f0e893d-4352-4e8e-84a2-64688457836e",
+    "id": "bundle--03a6f9e1-11e8-4817-9c6d-1ad1baf2d11f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
index 2d5fae6e46..1cc21abd54 100644
--- a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd7b2822-3dc9-4e54-a8bf-79f0bde21eb4",
+    "id": "bundle--1ae27b0f-f736-499c-85cf-b6b9d5a17447",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
index c86c86e392..b8d15f9ead 100644
--- a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--270e0444-b59d-4446-abba-bb81aba386f9",
+    "id": "bundle--e59732a1-d608-4b8d-ae8d-3eda95857cad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
index 85b45f288b..9dc0420d4b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb4ad787-15c4-4f62-bdb1-3dfaac2e54e5",
+    "id": "bundle--29b59de6-9eb6-4048-a608-f4d78260aff2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
index 928a287477..b0a5a65a43 100644
--- a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
+++ b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba58366e-30ad-4d87-923e-b6f2628e3324",
+    "id": "bundle--f8ca0bea-1b32-45d3-9ddc-e30fc000801f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
index a0a3769ea5..9bb912c254 100644
--- a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ae57a91-9b60-4813-9ab7-c8a7f3d92f32",
+    "id": "bundle--64658dd6-a2f2-440b-8722-e24b8a05d108",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
index ca256c8bad..e93ef1b234 100644
--- a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--29e2cf43-ef23-4ca9-b68b-ca41fa9b8ae5",
+    "id": "bundle--27b64546-4401-4a42-9014-c135fac862a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
index ef82ea5139..9fe0ac3d6a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--480cce5d-2309-445e-baef-263f1868c252",
+    "id": "bundle--1a447255-6d94-4441-87d7-80bf4872fb88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
index 18d37f4aad..7310600006 100644
--- a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca04a6e8-b432-410d-a26e-6f9bdf4cef3b",
+    "id": "bundle--d26addcc-edaf-4df5-95fb-c701c2d724a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
index 2bfea0f382..7a59186ab4 100644
--- a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
+++ b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--813b8fb1-2798-4952-8de6-94e5a01f0fe6",
+    "id": "bundle--370104d4-6f5b-4f24-9ce6-f613b6bc634f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
index 80e6e77e8f..aed5a7ee8c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5be3cd37-50ab-4306-bd0f-16c4db386b99",
+    "id": "bundle--d48e918b-3d09-4afc-b689-8d40176076ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
index a6afb219e3..a049c0df93 100644
--- a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
+++ b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41e34344-1860-4405-bc86-aa36708f11c2",
+    "id": "bundle--620c8c74-974e-4ec4-971e-7dccea048c48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
index 087ad8ba0b..4a87bb1134 100644
--- a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
+++ b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--535e2e64-ca57-42c9-836b-335ed8a0b3f8",
+    "id": "bundle--fe0d68ee-ff65-479a-b9ae-8587a666d9d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
index 555a6be785..3494e9204f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9eed16b8-fdc7-407f-bc7b-081afc110f6c",
+    "id": "bundle--d4651b30-1094-463d-91b6-c1ee9b804e2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
index b92f3512ed..badd162901 100644
--- a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44d3f446-eafe-4703-bf28-ccd5970a41e9",
+    "id": "bundle--70cd51df-5b26-49a4-af0c-e8965b21533e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
index da85bbc32c..8430471847 100644
--- a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
+++ b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54b9b15f-e908-400b-8e06-4dbeb04c36e7",
+    "id": "bundle--8679883a-6ba3-485d-8c45-f8d1eb1ffc33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
index 81e1cb2f46..e4df62e276 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--32a05ac6-4fff-415d-b18f-9ebe847dbe5e",
+    "id": "bundle--7d79b338-b96c-443e-8254-a2e47f5fc11e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
index 1e8b465e12..76ccb03485 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f783cbb-a522-49cd-a744-f475ca65916a",
+    "id": "bundle--c40d96c7-2b8f-407c-a059-d1d19c9af046",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
index 7959ad5b4b..96aaf86b83 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78e0aaf3-6dff-42b3-8413-ad28cbd38036",
+    "id": "bundle--fabbef91-87ce-4a1b-8524-167702206d7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
index 89d44bd24a..f67788200b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34ee4a90-d224-48e7-910a-34d01e02b055",
+    "id": "bundle--e57c4784-fe28-4efd-9610-4b1ed128c669",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
index 014b3fbce4..84733b8795 100644
--- a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
+++ b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3795fa9c-ebcf-4c27-ac2e-a4c46d54d8c5",
+    "id": "bundle--814c1a18-4145-4b89-af12-0d60c3af0a81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
index 188a5e2af8..28ab200977 100644
--- a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ef0f3a1-cd2f-4066-9ba7-ffcdc9b62228",
+    "id": "bundle--be67eea7-7243-4141-ba55-2c2436c5eca2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
index 59ad8a82aa..986378422f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de8dc44d-4e30-486f-9484-5ec5f65215be",
+    "id": "bundle--0d77b420-1fc6-4762-bbf3-c58c486dc8bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
index 5bec746910..639badcfd7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf2264ad-7ca5-4d19-a888-17a70e1ec016",
+    "id": "bundle--d83fe08d-f869-4576-a5ef-8677b4fa0b8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
index eb97d6b1b5..3c5e0e17b6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
+++ b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b81d4ff-e1cb-4581-9a60-385bf84af694",
+    "id": "bundle--dd3f4588-72f6-46fc-a248-f504bf6a424c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
index e05151b5a9..c14f1e8f3e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4b9d8b9-2199-43d0-85e8-606ad2ce3f64",
+    "id": "bundle--f9546c20-85c0-4f60-aa88-cfd0ae48ab2d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
index f856613dd9..e0299fd1bf 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37e448be-75ec-429b-bae0-cb2d3f8c9fda",
+    "id": "bundle--a0af97f7-31a4-44ed-8820-5350dd91f19a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
index a6b90f447c..9a8b57844c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bde2ad8d-36ef-4445-a982-977c68b34ee5",
+    "id": "bundle--6bf9f2bc-5966-4216-87d2-cc18213cb15f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
index f9f83350b5..6a9ec39522 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23cf64fa-2b0b-44a4-baba-199c4da63484",
+    "id": "bundle--c43aa8b5-a339-42e6-94a0-ec5d829f0b96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
index 46ea321ce8..00c8e34f6a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b0ab0a1f-a010-4964-be9c-bf45a11f6657",
+    "id": "bundle--5bb65b4b-c0c5-4fd1-b897-1893b8ef1333",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
index c65bb2aa89..d5a0322e9c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6c74728-4d09-4734-bfe0-7deaf7024ea6",
+    "id": "bundle--78d26a30-5496-40e8-b762-753edb808ba0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
index d1da543ff0..3dbd108a57 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bec20827-4959-44ef-92b8-554295bea7d9",
+    "id": "bundle--c640e257-5ace-4494-9bb5-7ceeb5767483",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
index cd4b33beb4..c30481a221 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--703d5616-416a-4022-a18e-5662caaeb0d0",
+    "id": "bundle--0678d6c6-a5a2-466b-b89b-b22dc239b8ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
index b7c1321d7a..f66f11c658 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20ddebba-1596-46e2-b1af-60bc13f136d4",
+    "id": "bundle--336940b1-d8b6-4482-9549-51addf4402d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
index 2847137ac6..6b36a55cae 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3929b3fd-cf1f-46ec-ad4e-492b36bb34b9",
+    "id": "bundle--cf432d11-c8b1-4060-ab45-c70149d9c938",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
index a4f17fa938..89d1660d95 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a6d290f-f42a-414a-81ac-9185f303ac53",
+    "id": "bundle--e004d497-7c23-438b-a14c-a74ff5ab1603",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
index 7449e94aea..abae791e1a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d11c4463-a00c-4b64-9d73-0e4dbc80bf85",
+    "id": "bundle--2cb2bbcc-fe2b-474d-881c-8a73264b4a84",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
index 3e3ceae38c..cdbc367b7b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94eaeafd-bdc3-44d2-b08d-41d193465cfd",
+    "id": "bundle--6ebb6090-71c7-4753-9878-f67999b09961",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
index 76fd81b439..6336afb969 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d515d6d3-3b8a-4a3a-a759-5275dd305c93",
+    "id": "bundle--547fe024-901f-4332-a99b-647044298558",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
index 34c5ad2266..eb979920f1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
+++ b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--701f0ce5-af06-4551-a9ee-015664cac6fa",
+    "id": "bundle--f217637b-7b85-4a73-a315-57cd386bf1a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
index bba9d3b484..a28e333a8f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--322d950c-cca3-4a03-81f3-2bf28c9fedd5",
+    "id": "bundle--483270b5-7de5-4184-98f3-9c8d4dd17794",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
index 3ff09f1163..c66b4724fb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c343f1cd-a17e-472c-aac9-829d8ce5eb98",
+    "id": "bundle--cf441ec1-004f-4e9e-a495-e2479274d8c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
index 9e65588ac9..a0fe4bdf66 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c2ef759-1bbb-49dc-b953-b2ac394c59ab",
+    "id": "bundle--0e55cf25-2ce2-416d-8bcb-154d4f65ac78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
index 396f47265a..e1d4be75a1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--254fe005-239d-4b2c-b5d5-d69f03d9c9d5",
+    "id": "bundle--62043a38-a0aa-45d2-83bd-92f5e472f368",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
index 48f9a88fc2..c5fe2b302c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81cf007d-e79a-4144-9c62-5bf68b1edc25",
+    "id": "bundle--c9d6c7ed-1de0-44ab-9f89-2a37d79d51ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
index 3125756529..13efd8775a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a6bee97-acf6-481d-a69c-4787d0591b82",
+    "id": "bundle--5e7d78f5-4541-4c98-a8a1-7743ed7f33ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
index 28e0239561..19bfb928f7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--599c2216-03fe-4842-bdd5-6acff78c8279",
+    "id": "bundle--9cd7009d-771d-48a6-997f-09a5411e6e3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
index 9ca61368b8..7b36db3aad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
+++ b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea026c31-3595-44ed-8576-df1908701b96",
+    "id": "bundle--7c854a40-6a46-46af-95d7-d15026c7dacb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
index 067d984de1..95e560882b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8925bbcc-c85d-476e-a9d8-b8428f95d2a9",
+    "id": "bundle--1b212c94-7b64-4c34-bedf-53ed2d7e97e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
index 1a27532967..cea2f9069f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--187fbfc7-a5c7-4c0d-9190-e25b26fc4519",
+    "id": "bundle--35f352d1-d371-4205-a6bc-ffb31af55695",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
index ca0b2e7cd3..40f6139b4c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34a77e22-9428-4c57-902b-12e17cf6f55e",
+    "id": "bundle--81661899-8bfa-4a0d-a69d-11ab2f016a6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
index 7e496ce537..736cc39fff 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b4952ce-91f0-41c5-ac1f-c32f586b349a",
+    "id": "bundle--9bad0422-7c90-481b-9921-ef2fd72861d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
index 1d1e21c16a..1fbce7ddf3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a314b38d-ddb1-431f-b8af-8a8a00879bb5",
+    "id": "bundle--b4650178-6a3f-4112-aa16-f4d6f40056e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
index dc66e34b89..cf1ea1a453 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f378a0e-8edc-4759-836f-dfa2bd1643e4",
+    "id": "bundle--77d1596e-5ef6-47a5-88ef-8da0b52ea412",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
index e6fad9911b..281a3aa40d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00849472-2f16-43ec-83f2-af0becaa07e5",
+    "id": "bundle--7b43a62f-65d0-4f92-b3fe-ff459e5cae90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
index 45324d44ca..161c8fc152 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1870def0-d9b7-4852-8b14-84f932ca9d25",
+    "id": "bundle--0d9338fe-112c-4ae9-8a01-51811c34d2a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
index 42abec0941..c17572824f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--484e3d1a-8b9f-41da-88de-e17b5c685367",
+    "id": "bundle--1aa25de2-33ea-41b9-8fb5-931ad6884614",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
index 91c745c5ad..7042e0b3dd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--43713cb5-1c74-4a79-8032-d54904375c32",
+    "id": "bundle--36711c88-7a95-4634-9239-39b82e03ca18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
index ab5a516fad..9498422c80 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--785f6c28-6b07-49c7-96e9-e40a1aac57f2",
+    "id": "bundle--2763793a-d02b-4ad8-bfbd-24f90cdc209d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
index 7ef10b30b7..fe3bdb95c0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54d6d552-7a58-4086-aaca-f0f0776b943f",
+    "id": "bundle--fa7bcebe-a6a3-487a-8109-197c5f1cb674",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
index 38ebcc2bf7..1a6cfd2fd8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c14e81d-aad7-4bed-931c-e2343b4b47ee",
+    "id": "bundle--0c3eeef1-1bba-4840-9b38-cbc747031a38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
index 8a53d93b82..5248adea87 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--daff7133-6117-49ed-b99b-9b6ca3eceef5",
+    "id": "bundle--a19e01d7-7f65-425d-a974-d32041699c15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
index 1ecf1b6d06..d2f29900c1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86e07cb4-3dbb-4073-8fca-0ea1b9f0bb83",
+    "id": "bundle--ca7daa50-e376-4fdd-8d9b-ac49c154e1b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
index 1d4e8761b8..e5025436c1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45ce34e2-3d4a-4148-a6bf-1af833071457",
+    "id": "bundle--7c60fc7b-7d8e-449b-a3ce-253d84903aaf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
index 7bafd315c9..48d746c2f5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3edd06be-419c-4e5c-ac11-cc739d3b0144",
+    "id": "bundle--183abc1f-75e9-469f-bc68-2fadba109e51",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
index e809d35671..497c1fc259 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0eb5b42-2b27-444c-89a7-82d9aeee5d59",
+    "id": "bundle--ddadc316-06d2-40b7-a6d7-87112c350120",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
index 8482f4ec7b..9477941b90 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4031d23c-0049-4f0a-8074-59023a24c06d",
+    "id": "bundle--c34c631b-c660-41d9-88bc-e8006803cad2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
index 290780439a..0e2e9c5d60 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67de45d3-0b99-4e88-9499-43fa959da06a",
+    "id": "bundle--628e5664-7d85-4d71-bbf4-f84252e28301",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
index a84418cc85..3b95a9a09e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe06819e-2f08-4816-9b5d-015cc0e77fab",
+    "id": "bundle--db0dc861-bf27-4c74-b7ee-5e7a0e62c41b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
index 3c73f62dad..8276c5ca2b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3800b9ea-2fe5-41aa-b488-eff967c14db4",
+    "id": "bundle--d8fd2cd8-8bea-40c2-bec0-30edb57ffdb3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
index b0de019647..426a7ed02b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f6888f5-04a6-422b-8f49-327a1263939c",
+    "id": "bundle--78efa87e-4bca-489c-8b56-f2f4269f3729",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
index cda663cb54..4d5bf0ee9c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--298009e7-2a4e-4738-ba70-cfa6f6aac2c0",
+    "id": "bundle--0d8821e2-a0f5-4a83-b5fc-1f00d80f3347",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
index f58760a575..9a389eb2a1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a183544-2862-44bc-8873-800df86c93a5",
+    "id": "bundle--01c0316d-325a-44f0-a7d7-d9ff1cf43d57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
index 412c4e06b2..581536c6ba 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b49f5d4-c433-499e-92e7-5afd912812c4",
+    "id": "bundle--e99b50d6-88b4-4627-8074-cbc1df80fe01",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
index 6467746d37..6d96433f6f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06c7ddcd-1ea1-4054-863f-2ab4eaa01d1f",
+    "id": "bundle--05089b00-d93a-4b2a-9136-91a61e412694",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
index 5440b56433..b4d30d1e5e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77149b7b-6260-458e-b0d8-a60d50c3f9cc",
+    "id": "bundle--f72d579d-66c0-4305-b1ec-211f29dfcae9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
index b77b061517..2f02153ff1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa7ad2d5-d481-4920-9008-5b764d3e2973",
+    "id": "bundle--0d0d1f05-7fed-4b54-87d9-ecaf0f1c15cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
index 6d4840e3a6..a24025f125 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ae45c0f-465b-4b42-98c1-8ef2cee8507e",
+    "id": "bundle--7db42949-2db0-4c80-a801-4443684e05e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
index 2268024ec0..b4986f7794 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb99bea5-cce8-4682-918e-5b9c0e38382e",
+    "id": "bundle--6f1ae3ed-d1ef-4db0-b371-ea1549b78271",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
index dc620669a1..7efc083682 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--169b31ad-f177-4d61-b20c-88712cdcf571",
+    "id": "bundle--c7d19f2b-4da1-4662-b532-141d299da696",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
index 7f09196698..34bf2eb450 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf01a51d-8628-40fc-ae8c-1091471c9bfa",
+    "id": "bundle--3add0ed0-ca36-4e77-b8fa-73fa0f132aa9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
index d4186e7c09..d14bc55509 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c9db173-5a39-488c-9890-389c95d3c6cb",
+    "id": "bundle--c2436129-1f65-47ee-9c23-b71e7adeeb21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
index 489aba3acb..2caa81fa43 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--155bf289-77ca-4827-befc-56fd93f66304",
+    "id": "bundle--8095d141-e620-41db-893d-4a6c8b172301",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
index 35cebedf8f..a648977311 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b512f8c8-5ebc-4c18-9466-efd15500a60f",
+    "id": "bundle--e9e8d501-c74b-40dd-b2f8-ee287bd00a00",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
index 7a67c0873d..8ee13a1296 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a459771e-963f-44a8-bf66-f5806d3c7860",
+    "id": "bundle--a264db3d-50e4-45af-8e26-4152ca29989f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
index 416a37c37a..bac088015c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b32eab8-6d08-449e-881c-2708223e5aac",
+    "id": "bundle--73570778-4868-4385-adab-c079a666981d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
index f1c3dcd4f0..aac336749a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b8877d3-b9b2-46c1-b3b0-78c0abd14d78",
+    "id": "bundle--22e84c41-d660-43e9-95d8-8ccfc69b6b43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
index 260bb9e102..899d66555b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d17f7c5-1c17-45d8-9e53-773e98392568",
+    "id": "bundle--71163787-0038-4393-bbfc-c95c3609f7d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
index 77ed5ceee7..c7c4264993 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--949d5b4b-6ff7-4c9b-a13d-b65ade1c40a7",
+    "id": "bundle--4d80eaa4-6659-4b3d-955c-14baa4fe3341",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
index a23cbcc811..8b7abe94d7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00940a4f-496b-4738-aead-f596625df049",
+    "id": "bundle--748c7672-504b-42cc-b3aa-bd7b4b7b053f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
index 1a270571fd..3c46b84671 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2e07b21-4faf-4448-9c9e-10f7e4714678",
+    "id": "bundle--24ab7d40-34d2-46b1-8708-bb22f4a051d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
index a2eaf58909..0bc290b114 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff9d0cd0-d3a8-47f3-83a0-1a21a7e537b3",
+    "id": "bundle--f774247e-86dc-4dbd-b9b2-6ec1e6b9878b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
index 019714ee42..3bd3c2d232 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--496a2bc1-1361-4a09-b9ab-9d971b79a389",
+    "id": "bundle--886a50e2-5415-4546-a4f6-c8c464fc6300",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
index df2eacb19a..ff4616d04c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38df0155-5d67-4b44-ad02-8cc32206007f",
+    "id": "bundle--e8694cdc-be06-4131-8762-99adeb29c48b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
index 1ee4b31e55..d94c58b418 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4fd44f32-ebd2-4043-849c-bdec3cf19647",
+    "id": "bundle--343e8cfd-f33d-441e-b1ec-aaa98e3f3309",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
index d3c973d779..5b8578af7a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0018400c-8e4b-47ce-8fe6-a8963dd87c3e",
+    "id": "bundle--9f1d5ea7-9bfc-4652-8f61-4dc22eec6453",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
index d87573dfe1..da66c9b649 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd425987-78d1-41e1-80c7-fc01e59c7589",
+    "id": "bundle--f806ce6b-75d1-4c8c-9297-1a2b765c2f9a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
index c98ee8ff5d..7572d3648c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef1ff0eb-66c8-426f-8e3a-73b843460e67",
+    "id": "bundle--96ec1cfb-ec49-4447-8dbe-5f7904415484",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
index 4463603435..59acc2db78 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aab98553-aa59-4d58-9c17-1ea93e4c1fda",
+    "id": "bundle--eb176d1a-754d-4299-97d2-0127d67ce736",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
index a2df4dfaed..8993269cea 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--752a8f5f-e763-4522-9297-1cf21cc077aa",
+    "id": "bundle--96bd9624-59f5-4db5-9bd3-d0ef62fa545c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
index 8d812558fb..46824f4521 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38384a13-0595-4f2d-8013-f4561de44bbf",
+    "id": "bundle--97cdff82-602e-44e7-b8c6-b8e0c9b6b739",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
index f0cd5e2e03..3f36679c2a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9dbf2df-016f-4668-b77c-77bc9f832589",
+    "id": "bundle--d73d623f-55e1-42d8-b850-f62fce5c919f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
index d4e49f918b..4622f14659 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2a7a391-6548-4251-8637-65efbf6fc9f1",
+    "id": "bundle--0c254f88-cbda-4708-aeb9-4e6b771a7d13",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
index e7a63000de..d4a730bde9 100644
--- a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
+++ b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ca6a569-755a-437f-bfb4-d16b0adbf407",
+    "id": "bundle--a6a994c3-1651-4056-8b3a-97c311e4490d",
     "spec_version": "2.0",
     "objects": [
         {
@@ -39,8 +39,8 @@
             "x_mitre_attack_spec_version": "3.0.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_domains": [
-                "enterprise-attack",
-                "mobile-attack"
+                "mobile-attack",
+                "enterprise-attack"
             ]
         }
     ]
diff --git a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
index cb3fad8991..06623bb5bf 100644
--- a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
+++ b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8abc83a9-edad-4723-87f4-e06067bb1cc4",
+    "id": "bundle--4ff85407-f4f9-4a97-8d25-1a17b5d0ed84",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
index 65439a74f1..ec09d7fd9e 100644
--- a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
+++ b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e86caf30-5a04-478b-99d7-9a9e146964b5",
+    "id": "bundle--574ce68d-bd36-4a29-94d8-ff862f328d41",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
index 35768031ed..621cd348a9 100644
--- a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
+++ b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1661075-5d97-42ca-8dd0-1c471635ec90",
+    "id": "bundle--2094557f-679d-450d-ad98-e9cd61f8402f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
index ae468d8b5d..741969434b 100644
--- a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
+++ b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a121227b-ef3b-4a14-9fb5-62980f3f2ec7",
+    "id": "bundle--20b4cb67-bb05-4228-b14b-7389823f05ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
index 6e403818e5..1184db1513 100644
--- a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
+++ b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a934c82f-4b45-40f9-9de3-56d9b4da1e5b",
+    "id": "bundle--786152e0-0c15-40db-b3a4-f2dd5b9b9b52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
index e8ba5388c0..9ab4ecd1d2 100644
--- a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
+++ b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9b1c8b0-5326-41fb-a1da-d4d79ea42342",
+    "id": "bundle--b7e113b8-0991-46ed-9173-6ac371efccd8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
index 89ac313349..31b6796e56 100644
--- a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
+++ b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8145055-4f0d-4400-bee1-6ee0f0527866",
+    "id": "bundle--b5e7251b-1060-4bae-a4d6-5a4279ad08ec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
index 7e384e179d..30346086c2 100644
--- a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
+++ b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb17bc6a-ab7f-4f13-9abe-929a2b02c2d4",
+    "id": "bundle--7ce49623-a65c-4736-ac78-fd1f4ebb9857",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
index 99571df547..574343aad2 100644
--- a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
+++ b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--83b52563-9aae-4e7b-a94f-e369e1eabf1e",
+    "id": "bundle--00c3745c-342b-43d7-a320-30cd2cd708ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
index 8d8cefe0d8..ec02e27a06 100644
--- a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
+++ b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f97394c1-2ebc-4fb3-883b-e4c0b7a5d020",
+    "id": "bundle--856f270e-d574-4af7-9683-d5dab6e4b50c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
index 24b056746f..3fcfe93e58 100644
--- a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
+++ b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2fce03ce-e4ce-4cd7-852c-7a844e061ad1",
+    "id": "bundle--eb6bb0b5-d54c-4714-9f7c-9fc1189c5fa4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
index 3fb6172565..890ee08946 100644
--- a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
+++ b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4dd72c87-f54a-41be-b5fd-a8a2d0f2fa8b",
+    "id": "bundle--2410ca1c-ff3b-47c6-8042-62575b211583",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
index 3e020b88b6..44235918f8 100644
--- a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
+++ b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07fd25bc-344b-45dd-81a2-78314ee3ba5e",
+    "id": "bundle--a9edee85-b00b-45e3-9d0f-f5a398a07323",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
index 4d5ca70b7c..9a94c0cb8e 100644
--- a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
+++ b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8e8539b-d508-4ea2-97df-ed970c658b0a",
+    "id": "bundle--1697c5d0-7844-4296-9d98-3b75627e3e46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
index ddd69390b0..e0bf1cbd65 100644
--- a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
+++ b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7fa58c92-5ee9-45b9-9f5f-4ad429b91f2f",
+    "id": "bundle--c68f9c61-ec83-4d5d-b3a5-70ac1affa536",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
index c2e74f91b1..d4be91443f 100644
--- a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
+++ b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5cbecc0-becf-44f8-8b4a-4e1a5ef4378a",
+    "id": "bundle--716094fd-07a9-4223-9066-523eeac50de2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
index c91fb73aed..927773cdca 100644
--- a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
+++ b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35b9ad37-6c4f-45c4-b5fa-9e7818c4323e",
+    "id": "bundle--d473c03b-d853-48e4-90f5-aa3db30be18b",
     "spec_version": "2.0",
     "objects": [
         {
@@ -8,8 +8,8 @@
                 "Dark Caracal"
             ],
             "x_mitre_domains": [
-                "mobile-attack",
-                "enterprise-attack"
+                "enterprise-attack",
+                "mobile-attack"
             ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
diff --git a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
index 74643435be..28bd08bc50 100644
--- a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
+++ b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1988329c-92c2-4367-ae9d-813344f760c2",
+    "id": "bundle--ffd7fde0-4349-4b18-a850-192e7a22da9e",
     "spec_version": "2.0",
     "objects": [
         {
@@ -9,8 +9,8 @@
                 "Bahamut"
             ],
             "x_mitre_domains": [
-                "mobile-attack",
-                "enterprise-attack"
+                "enterprise-attack",
+                "mobile-attack"
             ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
diff --git a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
index 91766b3f37..38587703ad 100644
--- a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
+++ b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8c6bc6e-e390-4006-820c-63f2ae902bb0",
+    "id": "bundle--c1392678-5c99-4754-a4ad-076055dba6fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
index 34cc43f997..9fea49bd8f 100644
--- a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
+++ b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5c587cc-f74b-48ed-8bb6-e0ff35fe9360",
+    "id": "bundle--d644f39a-54d2-4958-bcb1-03ab5687598a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
index 033e23dd45..c07adfa897 100644
--- a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
+++ b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5664d13-ec17-4555-9a1a-ddba8f941f9b",
+    "id": "bundle--3efa915f-51c2-4cb5-8193-57b93dd31b1a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
index 6f2954a6b2..32f3704668 100644
--- a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
+++ b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c34a200f-e157-45b5-9c3b-72aefe853426",
+    "id": "bundle--5f6b51b3-0ce0-4ed2-8b30-f1fbc15ca598",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
index e047ec6b75..e17abdb9b8 100644
--- a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
+++ b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7bf6dcdf-3e01-4c7a-bea7-a2606da752d3",
+    "id": "bundle--a233b46b-5f35-49cd-aa1e-d2edebc8eac2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
index 3ce11787b3..a25601f226 100644
--- a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
+++ b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5284db70-1336-4637-b25b-c8a7a0af7c34",
+    "id": "bundle--bd994ed8-d399-434e-b6e1-5737423e82da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
index 87b36436b7..bb75d0ce98 100644
--- a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
+++ b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c5fad86-8854-4c42-a5ef-d8322c65f65a",
+    "id": "bundle--94eaab9f-3df2-414a-943e-e4bb603697f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
index 7a6ee26932..0de9155668 100644
--- a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
+++ b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5ccd645-6909-4764-9126-b584fa2ac2eb",
+    "id": "bundle--286595ed-dbac-4ae6-b13f-7f509b649098",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
index 4c6fb18f58..4ddd6691d9 100644
--- a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
+++ b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ea96060-e618-4ab5-bb46-90edfe4e010c",
+    "id": "bundle--19206c30-1b33-4943-bed1-77fbc9611ded",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
index 3dee4cb45b..2873971899 100644
--- a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
+++ b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f396b9dc-2bd6-482f-b055-5650908b55c6",
+    "id": "bundle--19ea57b0-9608-4deb-b381-af1a900bb8c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
index e53e140245..d01b169483 100644
--- a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
+++ b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7aa43aae-23be-4bdf-8834-6348de239cf0",
+    "id": "bundle--ac73ba57-12f7-431e-ab88-ce5e87e77abf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
index b581a20f26..9348c547d9 100644
--- a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
+++ b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af0abce6-f15f-4b14-b358-56feb87e197c",
+    "id": "bundle--bc719545-8552-4b6c-907a-a252b041eb93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
index aa29866d16..fea1319b26 100644
--- a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
+++ b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b16e5e0-291d-4150-9b4a-f6af703abc46",
+    "id": "bundle--f2a77c2f-b045-4491-96fc-bad3ce9c47ec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
index 5f72f4ec2f..bf3ac18bf4 100644
--- a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
+++ b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9fe5d1b4-96c2-4a7c-8208-77e32d80f4c2",
+    "id": "bundle--8d98fde2-9173-425d-8eca-82fd988ae5a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
index 635e550f57..b5dea3c7d3 100644
--- a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
+++ b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af871691-efc2-4860-8eae-9135b15c35d7",
+    "id": "bundle--4bf3c072-3a99-45f1-8083-3aa2b4b3aa56",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
index 052a4628b0..ecaf4eb5cc 100644
--- a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
+++ b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--651b8be0-c53e-4d4f-b124-87d30699ab1f",
+    "id": "bundle--850d5aeb-7d87-4d99-991d-1f89e3515b52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
index 7f794d37e7..e99af8dec3 100644
--- a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
+++ b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3b756ff-93c5-41e3-a58d-641dd167c492",
+    "id": "bundle--ccc09358-1e53-4047-ab2c-e96ff6e35097",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
index e5aecaf681..8f5b03c587 100644
--- a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
+++ b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93c43b6b-aac4-4f7c-b1e0-997be1db4181",
+    "id": "bundle--69c3ba77-c403-492c-a287-3866c4d5ca8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
index 727c44695c..03ab7169d4 100644
--- a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
+++ b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d85f062c-81f1-45a0-ad53-a2428afba658",
+    "id": "bundle--8de917a6-6e6f-4c3d-be1a-55de188116fe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
index 8d0bf9d6a7..bc801c43c8 100644
--- a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
+++ b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d96c7bc-8704-420c-8284-72f7aca99dd6",
+    "id": "bundle--d6977358-5d9d-4ac3-9387-3c20024b3f63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
index 48e78c859b..cd6b778ab5 100644
--- a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
+++ b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9746fb71-7463-427f-a271-c844fb7fe678",
+    "id": "bundle--ed8ce2ed-6e86-460b-b49f-ae9eadebb7cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
index 2c00074f19..95df790230 100644
--- a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
+++ b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2729e9c7-0157-4584-8fd7-7953daf4d871",
+    "id": "bundle--7ac64005-95c9-432d-a560-4ab80c60ae3b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
index efb198186f..de21e71b92 100644
--- a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
+++ b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0f90984-373e-4874-8e0c-69517d2a2465",
+    "id": "bundle--9f33e2ba-c636-459e-9592-a3d1864657cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
index 8229d4cc96..8c2555b129 100644
--- a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
+++ b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bff68b7e-30df-474d-858b-9b398d9bec35",
+    "id": "bundle--ccdcd24d-ca6a-4420-a138-46e49395ff3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
index 782608ef12..d4df3f7db6 100644
--- a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
+++ b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a2166ed-a7cc-4963-b11a-6e5990d37469",
+    "id": "bundle--be297694-7705-4262-ade4-0f021ad697c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
index 66c8920b43..7a14638c0b 100644
--- a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
+++ b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7b8c36c-81a2-4ccd-85b5-674ed6aa7109",
+    "id": "bundle--2e2524cd-7476-4fb5-ac97-95ce5ab3f0c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
index 63dbde41b7..95ae3c5390 100644
--- a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
+++ b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--489603bc-674a-41b8-ac71-48caf4da7cc2",
+    "id": "bundle--ebfd823d-410a-4168-9d5a-eea31f94ab0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
index 3a202833f0..a6f8318ed0 100644
--- a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
+++ b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--683e3f0b-5b0f-4674-9b97-a645ef623da2",
+    "id": "bundle--9afa22d5-526b-4bc2-bc29-c952ad9cfe70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
index 09da74c251..eb6c0126e7 100644
--- a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
+++ b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cd58f41-577c-4b43-b75a-c0971fab9ee3",
+    "id": "bundle--a8a675d3-d641-44ac-bca5-e82b644affe2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
index 195f9f4418..31600f487a 100644
--- a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
+++ b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99e9339e-45b3-4750-b1eb-52f96cf4b3ff",
+    "id": "bundle--8f1247d8-7925-4d20-a1f8-ad43b8c405f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
index 51759a86c2..4052b45b78 100644
--- a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
+++ b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dff32d7f-807b-4002-b167-83de8aa3a95b",
+    "id": "bundle--36c451b2-aa20-474f-a048-83fb991bbc0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
index 0d2756c868..64e6cbf358 100644
--- a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
+++ b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ffd2fc1c-8fb6-4612-a428-7d676c608803",
+    "id": "bundle--87bf5e5b-1788-458b-8ca9-cff98d351c21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
index 1ce2eb352e..04ce80b0c3 100644
--- a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
+++ b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65dc432a-48c1-4add-8b0a-b1690a7bb1d7",
+    "id": "bundle--09af1002-a558-423d-8969-8b70c00c2908",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
index 6f09a4783e..6df5d38e8b 100644
--- a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
+++ b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e601e1e2-4e12-4369-9bf5-0f311b63a826",
+    "id": "bundle--bbfe6a25-856e-4a67-a338-e96bb2e3d238",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
index c1012cd580..0d1f6b257e 100644
--- a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
+++ b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a318dc79-d359-4148-bac8-e2265c4bd94a",
+    "id": "bundle--ee201443-4ada-4641-b5b0-70edf5b302ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
index ba927bf191..43ce0a4b66 100644
--- a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
+++ b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ed87438-7017-4109-840d-a0ec7890837f",
+    "id": "bundle--32f8d8a9-2576-422f-9fe8-0dc88d2402a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
index edf3b3b974..2a3b0bd274 100644
--- a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
+++ b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1892f47a-3eb2-4cc7-aac3-ad2804c3df34",
+    "id": "bundle--2fe8f7d7-4803-498e-abf3-7181738da9ec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
index 420651a35d..ae167ca659 100644
--- a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
+++ b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ff200e0-6a05-4a4c-b244-f004ddeefde6",
+    "id": "bundle--5c948b5c-78c9-43dd-83cc-2a4c14ee0bfe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
index c6f4270677..34e91e5aea 100644
--- a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
+++ b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65b7dcb5-5744-4f99-ba07-6a96316fadd2",
+    "id": "bundle--529f029f-c852-4998-811b-774a69c252dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
index 3e8a506f88..86ea5ebef4 100644
--- a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
+++ b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--525ccbad-d6df-4f39-857b-583b4d9c0b0d",
+    "id": "bundle--f6cb7242-9d21-4586-acf3-68043a4a8f8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
index 36f38f2520..50acd17a0f 100644
--- a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
+++ b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f17bca58-b688-406d-b8c9-125cc3ceaaa9",
+    "id": "bundle--ce444a63-7c94-4a0b-b009-0e8d4c82ffc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
index 0bbeb13de3..ad3c04175e 100644
--- a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
+++ b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eac00d42-5cdf-4755-b36e-0aebd3bf560a",
+    "id": "bundle--dd2b9346-64e3-406b-8dab-3348ff67e8e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
index 6d4b9aeef2..4ba378fe31 100644
--- a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
+++ b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2117ff9-78ea-4ec4-8660-7d3e2884c7d6",
+    "id": "bundle--238a3a8a-6646-43ba-9bd3-9b75c4f595ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
index 1be0db3dcf..b8c29177e5 100644
--- a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
+++ b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14ff13d3-5985-492d-a734-8ee0ebcaa807",
+    "id": "bundle--386e49ca-2419-4e10-9178-67770a24c804",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
index 50a57ba1f2..20c5d53beb 100644
--- a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
+++ b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64709923-c792-41d2-9f4d-d810f5c77146",
+    "id": "bundle--e8986b64-e9e8-451f-b169-84c07e85088b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
index 64145fa892..3052de8925 100644
--- a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
+++ b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b510790-c6a4-44f4-9398-9c394da07206",
+    "id": "bundle--0ef1b8e3-a1b2-48dd-95ea-0292743dc843",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
index 4e302ec0b4..8f8a16027f 100644
--- a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
+++ b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c443ae79-2577-4e47-8d90-5f804cec83a3",
+    "id": "bundle--a221511d-296b-4f01-8727-ec72ee4eb430",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
index 50d9852d8a..f370a65962 100644
--- a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
+++ b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6f31356-b9f3-43a5-8fcf-a4123b0eb40e",
+    "id": "bundle--5344a355-4d7b-485a-a618-aff2a79760eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
index b5eace2cf7..e44eb2998f 100644
--- a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
+++ b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66a36905-958c-4e1f-8aad-ddbc2b376f52",
+    "id": "bundle--2f1d9544-1ba9-4338-92a2-94ac07f27605",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
index 884225113a..5f5e01c2af 100644
--- a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
+++ b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7929b8d-e01d-4fe1-bf4f-3fe270c16c38",
+    "id": "bundle--f0315a30-4223-4b01-86ef-0304a4eea7d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
index 528b54c622..aaaccaaaf1 100644
--- a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
+++ b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--55463092-c32c-40db-814a-c9d50fa4a0b9",
+    "id": "bundle--e321500c-1976-4e3e-989e-41173fdceed9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
index 6170695f16..9d6266d07e 100644
--- a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
+++ b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec9981d7-e2fe-473b-a0f9-80db159caf92",
+    "id": "bundle--1ef685b6-e85c-4d39-8e50-1cf28c1058cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
index 54b3a5f667..82a1b0648d 100644
--- a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
+++ b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f056e4a8-a7c2-40e6-9fab-eb8a7d262b0e",
+    "id": "bundle--b3450700-e998-47bd-b7a8-17169b3e951c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
index 884b45acf2..9f26b64c3a 100644
--- a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
+++ b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce85ee09-ab72-4fb6-ab83-01d2552f8389",
+    "id": "bundle--7d92fdd5-486b-486a-b1b5-1b9dfb75fdba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
index 9f1af158b0..71479e85e4 100644
--- a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
+++ b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5a50bfd-cafb-443f-bf4c-be163c774723",
+    "id": "bundle--fc290399-4379-464b-bff0-8238a1e237d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
index db8a7c472f..a3fa3d4f03 100644
--- a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
+++ b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ab3e4f1-723a-4ed9-be51-83b7fe2db46f",
+    "id": "bundle--bc9a3d24-8757-43bd-9b53-6eff899beba9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
index 3ed1d196ba..47d8e599af 100644
--- a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
+++ b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3ed7c8e-0dc6-4489-a3ee-051cfed0f442",
+    "id": "bundle--173b2db2-dafd-40fc-952e-76c8d0629409",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
index e37b330d11..a75542f3a8 100644
--- a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
+++ b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4474ae26-6c13-4e53-b0d8-09b5ee38c4a5",
+    "id": "bundle--f8f61133-c666-4a13-987f-f18607369110",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
index 6cefee753f..363d0ae87c 100644
--- a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
+++ b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d755ba10-f082-400c-9bc5-9f2c2509ce68",
+    "id": "bundle--c2b1d959-2c55-474c-b18a-75f218be9970",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
index c03c9c6a9a..48e5a3a787 100644
--- a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
+++ b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c942c67-6119-4276-92e2-e9b3748cdada",
+    "id": "bundle--240efea8-2b08-4f7c-8e05-70ece74a2660",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
index 5b0d00578e..16ac63ec85 100644
--- a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
+++ b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3958f2c0-0176-4056-8b74-38d95ad7dece",
+    "id": "bundle--3e3ae022-4ca2-48c9-a1ab-20b02dbbe05c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
index 2c239d927e..af5fc54062 100644
--- a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
+++ b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70fdf1f5-2415-4a55-9f2c-2567f46bd9d8",
+    "id": "bundle--d593a699-01a6-425a-8b65-a43d8977ed73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
index 647cd0ac3f..292a0c4941 100644
--- a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
+++ b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9bfd122-c4d7-4a59-ab45-5585f5cb4174",
+    "id": "bundle--eaa20c4f-8f54-433b-b0bb-84f15e012fce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
index 06aee84b69..816770f275 100644
--- a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
+++ b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b6f99f0e-c5ae-482c-a27e-e120a40585af",
+    "id": "bundle--c35042af-a8e7-41d4-986f-47a1508e3a02",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
index af26164625..a8deb1c6b3 100644
--- a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
+++ b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--445dc459-1c31-42a6-ba69-af33f9a91bd6",
+    "id": "bundle--6feb3587-bd4f-4cf8-91ed-9af82a7ee108",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
index c3f41f11b3..f72821ce07 100644
--- a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
+++ b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61c142a3-cf58-4ecf-9a30-d02e6f347666",
+    "id": "bundle--f76a42fa-8d5c-4e72-8e36-81e1acfe18f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
index a2c7e28739..80ad6dbbdc 100644
--- a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
+++ b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fd65659-510e-4b71-a888-fc7959bc0dd4",
+    "id": "bundle--9af2a048-4058-4cb8-a76e-8178d8e559b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
index 2c31c798d1..7deb78a6fb 100644
--- a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
+++ b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9f2b992-b6fd-4b8b-adae-3666d18c9a9b",
+    "id": "bundle--3e4e118e-3498-43ef-8b7c-0b4d7f30ad1a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
index dc22651d43..43230af090 100644
--- a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
+++ b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--073c6716-f1b1-4258-8b45-9c17e7cd0a8f",
+    "id": "bundle--7fe146ab-6c72-4011-bc3f-085ccd0a1443",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
index a1557864b1..f9d0c403d4 100644
--- a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
+++ b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12aa9c0e-c59e-4b91-ad21-df390ffb7c67",
+    "id": "bundle--971b05af-f397-447a-b8c9-5d882a798ec9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
index b9a3bb7d36..eae9728591 100644
--- a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
+++ b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d84cb540-85cc-480d-91ba-4322a0364128",
+    "id": "bundle--122fbf48-8eca-423d-aeb6-2c2fde691ac4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
index 7c17e8c833..76d9d74be0 100644
--- a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
+++ b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc81e94f-38fe-4618-b252-235adedaf706",
+    "id": "bundle--c7462b4c-aa37-48fd-b19a-ab9db4a50532",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
index 3e8d5ac1b0..b0d153bc54 100644
--- a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
+++ b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b167043b-754b-46e6-8354-988c93245365",
+    "id": "bundle--e8c916fe-3d9c-4d41-a7ad-380068897b76",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
index 0f1fe0b16e..41e4059269 100644
--- a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
+++ b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--925a87e8-d984-426b-93f3-e37b9ee0671e",
+    "id": "bundle--38e2beef-ca61-451d-b1ca-83c0429155f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
index 038a636ffc..46858ec458 100644
--- a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
+++ b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c744cca-cfb1-474a-89da-48894b5ae519",
+    "id": "bundle--6082c098-5a0a-4adc-8ce9-6a2123912603",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
index d63f1dc0a1..5e87a5e1c4 100644
--- a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
+++ b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31d6c3e4-55fa-4b05-8748-4190cd6bc426",
+    "id": "bundle--b3325a5a-df9b-4b23-8c24-9f8e61f0e891",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
index ff303f2aa2..516f1d8850 100644
--- a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
+++ b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa72b7d8-0b61-459e-bada-1ad6e0551539",
+    "id": "bundle--af17f8f2-ff46-49d1-8a1f-0df737fe9f5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
index 689b7f17e6..550af4b3ca 100644
--- a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
+++ b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1685d851-5eae-4680-93b8-0966e950cea6",
+    "id": "bundle--23dc786a-5ba4-4c3c-a7e2-a719c5a953ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
index f3e3a20842..4e7d619717 100644
--- a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
+++ b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87179643-520e-473e-b1a5-518bc3e9a278",
+    "id": "bundle--11279e1d-21f4-4a29-af01-8719127d2af1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
index 90898088f6..5249b3e8d4 100644
--- a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
+++ b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8cd045ca-1a0e-4c98-9f8b-8b91fa4bf878",
+    "id": "bundle--7a1eddea-49e0-4e81-abb9-01dc5d96cae8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
index 9490aa05aa..6e6c440973 100644
--- a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
+++ b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b19f72cb-95e7-46b3-b6b2-362e093d934c",
+    "id": "bundle--f2f27af6-8e39-4bf6-b313-d9b54065cebe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
index 526a1c1231..66d0c24ec3 100644
--- a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
+++ b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84ac5d19-646b-42b1-8c52-3646deacbcc5",
+    "id": "bundle--43556afe-e64a-4ec2-9aa2-3011abf546da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
index cbc3eac0b5..4093f4bce5 100644
--- a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
+++ b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3048c613-7cd3-47b7-b98e-cf99996cb33d",
+    "id": "bundle--566d851d-6ec1-435e-b9ae-17b9ddb09cbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
index 55dc6b370d..7148f76498 100644
--- a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
+++ b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c1778b2-99d3-416c-80fa-c1991ba44ed1",
+    "id": "bundle--ef5de430-7266-4ba7-bef1-f0e2912bbfe7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
index 31af203df8..46bbfff207 100644
--- a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
+++ b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1076a9a6-356a-48c3-83d2-685e9aaf5a14",
+    "id": "bundle--c53a494f-6717-43d7-a1e8-fedf6f2227ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
index 894aa7016d..201eec4913 100644
--- a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
+++ b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b82cfcc2-cb25-4a7b-bf0c-dbe38471d7e5",
+    "id": "bundle--c73bc812-0432-45c4-a2d7-e15b55fa88e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
index 81896555bc..5e409670d7 100644
--- a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
+++ b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--369f2f06-7af0-408c-bec9-1b9e4e1bdb77",
+    "id": "bundle--501aa876-821d-4616-b7aa-c4c8eabd7f49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
index ed5bba4e22..2e21afe19a 100644
--- a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
+++ b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b53f4c6-92ef-4180-a39d-9524194f960b",
+    "id": "bundle--be459322-6991-4860-84b0-202acd3fc040",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
index b43c0bb0e4..84f2453559 100644
--- a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
+++ b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57bae0ab-2831-4c46-81be-d8e3e5aeadf6",
+    "id": "bundle--4c7ad988-2afd-48ef-9dda-b3fb70bfde0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
index d8d0d11bd2..5cfddfc9ef 100644
--- a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
+++ b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbbba500-3e42-4e59-a36b-ea8f34e00b97",
+    "id": "bundle--3b9c2c98-9e93-4986-b898-520f0d202e85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
index b0d17c6e77..6048ca83de 100644
--- a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
+++ b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8788e3d4-702f-491d-bc6f-81af3a6afcf8",
+    "id": "bundle--9d1e2df5-453b-4c0f-8770-2b4eddd5dd01",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
index a6bf9fb2b3..6941d3e281 100644
--- a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
+++ b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a11214fa-d1d4-47f3-856e-f838f53e4714",
+    "id": "bundle--e24f9767-5f0b-4322-8431-d5c8a9ad3e6c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
index d4e3bc2798..bb41b0c52a 100644
--- a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
+++ b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd933faa-a64b-4894-9384-f2fb8a6be47a",
+    "id": "bundle--fa655401-e150-449d-af4d-d5baed64c4b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
index 1207391a05..ec94ca08c8 100644
--- a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
+++ b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de34d744-929b-4a1b-98e1-d51189d3d29f",
+    "id": "bundle--182ce4e8-bb7b-4d28-b1b7-996743ada243",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
index d4b5cf7d70..63c94e22db 100644
--- a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
+++ b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87ddbd64-0ab5-4fcf-a556-80f061546a23",
+    "id": "bundle--d08d77b0-5eb0-48f6-a4c6-65348e4284f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/mobile-attack.json b/mobile-attack/mobile-attack.json
index a5bb83e31c..fb0fd91f5c 100644
--- a/mobile-attack/mobile-attack.json
+++ b/mobile-attack/mobile-attack.json
@@ -1,6 +1,6 @@
 {
   "type": "bundle",
-  "id": "bundle--e49ea380-0819-4345-af49-05a84cc47a20",
+  "id": "bundle--386d5e73-727e-48b2-80ae-1678ae15b2b2",
   "objects": [
     {
       "tactic_refs": [
@@ -4574,30 +4574,32 @@
       "x_mitre_shortname": "defense-evasion"
     },
     {
+      "modified": "2022-11-07T21:01:17.781Z",
+      "name": "Network Effects",
+      "description": "The adversary is trying to intercept or manipulate network traffic to or from a device.\n\nThis category refers to network-based techniques that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself. These include techniques to intercept or manipulate network traffic to and from the mobile device.",
+      "x_mitre_deprecated": true,
       "x_mitre_domains": [
         "mobile-attack"
       ],
+      "x_mitre_version": "1.0",
+      "x_mitre_shortname": "network-effects",
+      "type": "x-mitre-tactic",
+      "id": "x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/tactics/TA0038",
+          "external_id": "TA0038"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210",
-      "type": "x-mitre-tactic",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "external_id": "TA0038",
-          "url": "https://attack.mitre.org/tactics/TA0038",
-          "source_name": "mitre-attack"
-        }
-      ],
-      "modified": "2020-01-27T14:07:12.472Z",
-      "name": "Network Effects",
-      "description": "The adversary is trying to intercept or manipulate network traffic to or from a device.\n\nThis category refers to network-based techniques that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself. These include techniques to intercept or manipulate network traffic to and from the mobile device.",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_shortname": "network-effects"
+      "x_mitre_attack_spec_version": "3.0.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "x_mitre_domains": [
@@ -4626,30 +4628,32 @@
       "x_mitre_shortname": "discovery"
     },
     {
+      "modified": "2022-11-07T21:01:36.112Z",
+      "name": "Remote Service Effects",
+      "description": "The adversary is trying to control or monitor the device using remote services.\n\nThis category refers to techniques involving remote services, such as vendor-provided cloud services (e.g. Google Drive, Google Find My Device, or Apple iCloud), or enterprise mobility management (EMM)/mobile device management (MDM) services that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself.",
+      "x_mitre_deprecated": true,
       "x_mitre_domains": [
         "mobile-attack"
       ],
+      "x_mitre_version": "1.0",
+      "x_mitre_shortname": "remote-service-effects",
+      "type": "x-mitre-tactic",
+      "id": "x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/tactics/TA0039",
+          "external_id": "TA0039"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17",
-      "type": "x-mitre-tactic",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "external_id": "TA0039",
-          "url": "https://attack.mitre.org/tactics/TA0039",
-          "source_name": "mitre-attack"
-        }
-      ],
-      "modified": "2020-01-27T14:07:26.209Z",
-      "name": "Remote Service Effects",
-      "description": "The adversary is trying to control or monitor the device using remote services.\n\nThis category refers to techniques involving remote services, such as vendor-provided cloud services (e.g. Google Drive, Google Find My Device, or Apple iCloud), or enterprise mobility management (EMM)/mobile device management (MDM) services that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself.",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_shortname": "remote-service-effects"
+      "x_mitre_attack_spec_version": "3.0.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "modified": "2022-10-24T15:09:07.609Z",
@@ -13770,41 +13774,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1",
       "type": "relationship",
-      "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6",
-      "created": "2022-04-05T19:54:12.660Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:54:12.660Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50",
-      "type": "relationship",
-      "created": "2019-10-10T15:14:57.378Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+          "source_name": "Xiao-ZergHelper",
+          "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
         }
       ],
-      "modified": "2019-10-10T15:14:57.378Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -13812,309 +13797,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93",
       "type": "relationship",
-      "id": "relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f",
-      "created": "2019-10-18T14:50:57.494Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities.",
-      "modified": "2022-04-11T14:26:44.192Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.640Z",
+      "created": "2020-09-11T15:50:18.937Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
         }
       ],
-      "modified": "2020-09-11T14:54:16.640Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can encrypt exfiltrated data.(Citation: Lookout Desert Scorpion)",
+      "modified": "2020-09-11T15:50:18.937Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee",
-      "created": "2019-08-07T15:57:13.443Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
-      "created": "2022-04-01T17:08:15.158Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "CSRIC5-WG10-FinalReport",
-          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
-          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
-      "modified": "2022-04-11T19:09:00.362Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3",
-      "created": "2019-10-18T15:51:48.487Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
-      "modified": "2022-04-05T19:42:51.306Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e",
-      "created": "2022-03-30T20:43:31.249Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:43:31.249Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564",
-      "created": "2020-11-10T17:08:35.771Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.553Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.518Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.489Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.128Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.231Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.231Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cea30219-a255-43ae-b731-9512c5044523",
-      "created": "2022-04-18T19:46:02.547Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-18T19:46:02.547Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7",
-      "created": "2022-04-01T18:45:11.299Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.",
-      "modified": "2022-04-01T18:45:11.299Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65",
-      "type": "relationship",
-      "created": "2021-04-19T17:05:42.574Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T17:05:42.574Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.427Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:42:15.628Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -14123,25 +13820,53 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022",
       "type": "relationship",
-      "id": "relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-01-27T17:05:58.271Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.271Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5",
+      "created": "2020-04-08T15:41:19.445Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "HackerNews-Allwinner",
-          "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html",
-          "description": "Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018."
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        },
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.(Citation: HackerNews-Allwinner)",
-      "modified": "2022-04-15T15:16:35.892Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
+      "modified": "2022-04-20T17:57:23.327Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--08784a9d-09e9-4dce-a839-9612398214e8",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -14149,67 +13874,45 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c",
       "type": "relationship",
-      "id": "relationship--492d5699-f885-411a-8431-254fcf33fb12",
-      "created": "2019-08-09T16:14:58.367Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Capture Sensor 2019",
-          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
-          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device’s camera.(Citation: Android Capture Sensor 2019)",
-      "modified": "2022-04-01T13:56:12.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d",
-      "created": "2019-10-18T14:50:57.491Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities.",
-      "modified": "2022-03-30T15:52:58.256Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.740Z",
+      "created": "2019-07-10T15:35:43.631Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "modified": "2021-10-12T13:51:41.045Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)",
+      "modified": "2019-08-09T18:06:11.741Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.214Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.076Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -14218,8 +13921,235 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f",
-      "created": "2020-12-24T21:55:56.749Z",
+      "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0",
+      "created": "2022-04-01T16:52:03.322Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T16:52:03.322Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4",
+      "created": "2022-09-29T21:22:06.716Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T18:45:10.156Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.229Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.229Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "modified": "2019-10-15T19:54:10.285Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0",
+      "created": "2022-03-30T19:52:05.143Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:52:05.143Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.015Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.015Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e",
+      "created": "2020-09-14T14:13:45.299Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)",
+      "modified": "2022-04-18T15:58:08.240Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8",
+      "created": "2019-09-04T15:38:56.721Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--919a13bc-74be-4660-af63-454abee92635",
+      "type": "relationship",
+      "created": "2019-03-11T15:13:40.408Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
+          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
+          "source_name": "TrendMicro-Anserver2"
+        }
+      ],
+      "modified": "2019-08-05T20:05:25.571Z",
+      "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f",
+      "created": "2022-04-01T12:50:48.459Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T12:50:48.459Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118",
+      "created": "2020-12-24T21:55:56.696Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -14230,11 +14160,86 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has hidden its app icon.(Citation: Lookout Uyghur Campaign)",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1",
+      "created": "2020-10-29T17:48:27.175Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-18T19:25:32.400Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a",
+      "type": "relationship",
+      "created": "2019-08-09T17:52:13.352Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.877Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a",
+      "created": "2019-11-21T19:16:34.796Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
       "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -14244,22 +14249,64 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6",
-      "created": "2022-04-20T17:36:25.707Z",
+      "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625",
+      "created": "2022-03-31T16:33:55.074Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-31T16:33:55.074Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--32be51e2-f74d-441f-aa0d-952697a76494",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.599Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses a `FileObserver` object to monitor the Skype and WeChat database file and shared preferences to retrieve chat messages, account information, and profile pictures of the account owner and chat participants. [FlexiSpy](https://attack.mitre.org/software/S0408) can also spy on popular applications, including Facebook, Hangouts, Hike, Instagram, Kik, Line, QQ, Snapchat, Telegram, Tinder, Viber, and WhatsApp.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348",
+      "created": "2022-04-20T17:42:11.714Z",
       "x_mitre_version": "0.1",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-20T17:36:25.707Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)",
+      "modified": "2022-04-20T17:42:11.714Z",
       "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
       "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -14269,22 +14316,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--54dac52d-5279-407f-b7b4-5484ae90b98c",
+      "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63",
       "type": "relationship",
-      "created": "2021-02-17T20:43:52.402Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
         }
       ],
-      "modified": "2021-02-17T20:43:52.402Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has downloaded and installed additional applications.(Citation: Lookout FrozenCell)",
+      "modified": "2019-08-09T17:53:48.793Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -14293,24 +14340,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856",
-      "created": "2020-05-04T14:04:56.211Z",
+      "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6",
+      "created": "2020-09-14T13:35:45.911Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)",
-      "modified": "2022-04-19T20:17:16.407Z",
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-20T17:56:24.292Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -14319,50 +14366,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39",
-      "created": "2020-06-26T14:55:13.387Z",
+      "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298",
+      "created": "2020-12-14T15:02:35.297Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) communicates with the C2 using HTTP requests.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-19T20:05:11.228Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a",
-      "created": "2020-01-27T17:05:58.265Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s call log.(Citation: Trend Micro Bouncing Golf 2019)",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -14371,735 +14392,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920",
-      "created": "2022-04-05T19:46:22.326Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
-      "modified": "2022-04-05T19:46:22.326Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660",
+      "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a",
       "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Kaspersky-Skygofree",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+          "source_name": "TrendMicro-XLoader",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)",
-      "modified": "2022-04-19T20:22:47.253Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.419Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.419Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.562Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "source_name": "FortiGuard-FlexiSpy"
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.500Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.986Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.986Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can install new applications which are obtained from the C2 server.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.340Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T18:55:29.238Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.390Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-14T20:49:24.646Z",
-      "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510",
-      "created": "2019-10-07T16:32:27.127Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36",
-      "created": "2020-05-07T15:33:32.895Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd",
-      "created": "2021-02-08T16:36:20.707Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288",
-      "created": "2020-07-15T20:20:59.291Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32",
-      "created": "2020-06-26T20:16:32.181Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ",
-      "modified": "2022-04-19T20:19:01.733Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0",
-      "created": "2022-03-30T20:31:57.183Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.",
-      "modified": "2022-03-30T20:31:57.183Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e",
-      "type": "relationship",
-      "created": "2020-01-14T17:47:08.826Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2020-01-14T17:47:08.826Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a",
-      "created": "2022-04-05T19:52:38.539Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "CSRIC-WG1-FinalReport",
-          "description": "CSRIC-WG1-FinalReport"
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ",
-      "modified": "2022-04-05T19:52:38.539Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef",
-      "created": "2022-04-05T20:14:17.442Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:14:17.442Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38",
-      "type": "relationship",
-      "created": "2020-05-11T16:37:36.616Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-05-11T16:37:36.616Z",
-      "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69",
-      "created": "2020-04-08T15:51:25.078Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--529107fd-6420-4573-8dbf-cdcd49c2708c",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.307Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.307Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can gather device network information.(Citation: Cybereason EventBot) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.508Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.510Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--22f5308c-77ee-4198-be1c-54062aa6a613",
-      "created": "2020-12-31T18:25:05.160Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "modified": "2022-04-19T20:05:27.076Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328",
-      "created": "2022-03-30T19:34:09.377Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:34:09.377Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.514Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.514Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can list all hidden files in the `/DCIM/.dat/` directory.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.997Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.997Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.546Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.537Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de",
-      "type": "relationship",
-      "created": "2019-10-14T20:49:24.571Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-14T20:49:24.571Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d",
-      "created": "2020-06-26T14:55:13.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-15T17:39:39.931Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a",
-      "created": "2019-07-16T14:33:12.175Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Triada March 2016",
-          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/",
-          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) variants capture transaction data from SMS-based in-app purchases.(Citation: Kaspersky Triada March 2016) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -15109,16 +14418,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383",
-      "created": "2022-04-05T20:17:46.149Z",
+      "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7",
+      "created": "2022-04-15T16:00:43.483Z",
       "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:17:46.149Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)",
+      "modified": "2022-04-15T16:00:43.483Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -15128,8 +14444,147 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8",
-      "created": "2022-03-30T18:06:21.355Z",
+      "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d",
+      "created": "2019-09-04T15:38:56.883Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020",
+      "created": "2022-03-28T19:41:37.162Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches for devices that were compromised at the supply chain level.",
+      "modified": "2022-03-28T19:41:37.162Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9",
+      "created": "2022-04-01T18:43:01.860Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-01T18:43:01.860Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50",
+      "created": "2020-06-26T15:32:25.025Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "modified": "2022-04-19T20:10:19.381Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f",
+      "created": "2022-03-30T18:14:04.881Z",
       "x_mitre_version": "0.1",
       "external_references": [
         {
@@ -15146,10 +14601,10 @@
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
-      "modified": "2022-03-30T18:06:21.355Z",
+      "modified": "2022-03-30T18:14:04.881Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -15158,210 +14613,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254",
+      "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b",
       "type": "relationship",
-      "created": "2021-02-08T16:36:20.701Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.399Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af",
-      "created": "2020-12-14T14:52:03.322Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.178Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.178Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.452Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.452Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b",
-      "created": "2022-03-30T19:28:42.179Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ",
-      "modified": "2022-03-30T19:28:42.179Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.490Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.490Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81",
-      "created": "2022-04-05T20:03:46.789Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:03:46.789Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b",
-      "created": "2022-04-06T13:52:37.470Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be cautioned against granting administrative access to applications.",
-      "modified": "2022-04-06T13:52:37.470Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.339Z",
+      "created": "2020-12-18T20:14:47.314Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -15370,11 +14624,11 @@
           "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
-      "modified": "2020-12-18T20:14:47.339Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2020-12-18T20:14:47.314Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)",
       "relationship_type": "uses",
       "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -15382,244 +14636,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a",
+      "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-06-02T14:32:31.885Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.800Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:54:20.494Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.686Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2115228b-c61a-4ebb-829a-df7355635fbf",
-      "created": "2020-12-17T20:15:22.491Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d",
-      "created": "2019-09-03T20:08:00.708Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T16:55:56.825Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113",
-      "created": "2020-06-26T15:32:25.032Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23",
-      "created": "2020-12-24T22:04:27.911Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.596Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.799Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.589Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.421Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.421Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e",
-      "created": "2020-06-02T14:32:31.900Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "Google Project Zero Insomnia",
@@ -15627,78 +14647,10 @@
           "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-02T14:32:31.885Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)",
       "relationship_type": "uses",
       "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.364Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.364Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791",
-      "created": "2022-03-30T19:33:17.520Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
-      "modified": "2022-03-30T19:33:17.520Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.485Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.485Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -15707,597 +14659,16 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9",
       "type": "relationship",
-      "created": "2021-01-05T20:16:20.502Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.502Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385",
-      "created": "2020-10-29T17:48:27.440Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696",
-      "created": "2022-03-28T19:38:23.189Z",
+      "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c",
+      "created": "2022-04-01T16:51:20.688Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:38:23.190Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1db350b2-1e8b-4d58-9086-eac41de1b110",
-      "created": "2022-04-05T17:13:56.584Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:13:56.584Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "modified": "2022-04-19T20:08:26.141Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a",
-      "created": "2022-04-01T12:49:32.365Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ",
-      "modified": "2022-04-01T12:49:32.365Z",
+      "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.",
+      "modified": "2022-04-01T16:51:20.688Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c",
-      "created": "2022-04-06T15:52:07.805Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:52:07.805Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.764Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.379Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689",
-      "created": "2022-04-06T13:35:43.203Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult",
-      "modified": "2022-04-06T13:35:43.203Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.745Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.745Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b",
-      "created": "2020-12-24T21:55:56.743Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b",
-      "created": "2020-09-11T14:54:16.638Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--022e941f-30c3-45a9-9f6f-36e704b80060",
-      "created": "2020-04-24T17:46:31.574Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) registers for the `SCREEN_ON` and `SMS_DELIVER` intents to perform actions when the device is unlocked and when the device receives an SMS message.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.386Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-09-23T13:36:08.386Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21",
-      "type": "relationship",
-      "created": "2021-01-20T16:01:19.323Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zimperium z9",
-          "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/",
-          "description": "zLabs. (2019, November 12).  How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.323Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.728Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.728Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467",
-      "created": "2022-04-11T20:06:56.034Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-11T20:06:56.034Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.945Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.945Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952",
-      "created": "2020-04-24T17:46:31.564Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)",
-      "modified": "2022-04-19T20:09:40.582Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4",
-      "type": "relationship",
-      "created": "2021-03-25T16:39:40.200Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2021-03-25T16:39:40.200Z",
-      "description": "(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
-      "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea",
-      "created": "2019-10-18T14:52:53.193Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
-      "modified": "2022-03-30T20:07:50.094Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.415Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-15T15:36:42.339Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68",
-      "created": "2020-06-26T14:55:13.311Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b",
-      "created": "2022-04-01T16:51:04.584Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "GoogleIO2016",
-          "url": "https://www.youtube.com/watch?v=XZzLjllizYs",
-          "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)",
-      "modified": "2022-04-01T16:51:04.584Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
       "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -16307,635 +14678,18 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "modified": "2019-10-10T15:24:09.248Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f",
+      "created": "2019-10-18T15:51:48.451Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.524Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.524Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.000Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.856Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--34351abd-1f58-420a-a893-ad822839815d",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures call logs.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ",
+      "modified": "2022-04-01T13:32:32.335Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3",
-      "created": "2020-07-15T20:20:59.287Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-15T15:57:54.150Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.549Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.524Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.310Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.310Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.276Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.276Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T15:39:17.961Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f",
-      "created": "2022-03-30T14:49:47.451Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android-VerifiedBoot",
-          "url": "https://source.android.com/security/verifiedboot/",
-          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
-      "modified": "2022-03-30T14:49:47.451Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)",
-      "modified": "2022-04-18T19:27:33.225Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.145Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Proofpoint-Marcher",
-          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
-          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.445Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.445Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.726Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.726Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.183Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.962Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.747Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.183Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-06T15:32:46.533Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--44da429b-9dee-43c9-9397-445c6f9e647e",
-      "created": "2022-03-30T19:54:59.651Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android includes system partition integrity mechanisms that could detect unauthorized modifications. ",
-      "modified": "2022-03-30T19:54:59.651Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0",
-      "created": "2019-08-07T15:57:13.453Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1",
-      "created": "2022-04-05T19:48:31.354Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:48:31.354Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "modified": "2019-10-09T14:51:42.845Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
-        }
-      ],
-      "modified": "2019-10-10T15:18:51.121Z",
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab",
-      "created": "2020-09-11T14:54:16.589Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56",
-      "created": "2020-06-26T15:32:25.045Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc",
-      "created": "2022-03-30T19:36:20.304Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
-      "modified": "2022-03-30T19:36:20.304Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126",
-      "created": "2019-09-03T19:45:48.517Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -16943,185 +14697,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87",
+      "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798",
       "type": "relationship",
-      "created": "2021-01-05T20:16:20.495Z",
+      "created": "2020-10-29T19:01:13.854Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+          "source_name": "Microsoft MalLockerB",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
         }
       ],
-      "modified": "2021-01-05T20:16:20.495Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2020-10-29T19:01:13.854Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.531Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:55:55.049Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.744Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.744Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.398Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.398Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.799Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.138Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record video.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.900Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6",
-      "created": "2020-04-08T15:51:25.125Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.634Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.634Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -17131,46 +14721,39 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1",
-      "created": "2019-09-04T15:38:56.809Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
+      "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85",
+      "created": "2022-04-01T13:13:10.587Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ",
+      "modified": "2022-04-01T13:13:10.587Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35",
+      "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7",
       "type": "relationship",
-      "created": "2020-12-17T20:15:22.405Z",
+      "created": "2020-04-24T17:46:31.466Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
         }
       ],
-      "modified": "2020-12-28T18:47:52.600Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)",
+      "modified": "2020-04-24T17:46:31.466Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)",
       "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -17179,41 +14762,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0",
       "type": "relationship",
-      "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8",
-      "created": "2022-03-30T19:54:24.468Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ",
-      "modified": "2022-03-30T19:55:15.724Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.201Z",
+      "created": "2020-04-24T15:12:11.185Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
         }
       ],
-      "modified": "2020-03-26T20:50:07.154Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2020-04-24T15:12:11.185Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -17221,21 +14785,40 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826",
       "type": "relationship",
-      "created": "2020-06-26T15:32:25.050Z",
+      "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a",
+      "created": "2022-04-01T14:51:51.593Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ",
+      "modified": "2022-04-01T14:51:51.593Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.822Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
         }
       ],
-      "modified": "2020-06-26T15:32:25.050Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)",
+      "modified": "2020-11-24T17:55:12.822Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)",
       "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -17245,24 +14828,43 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e",
-      "created": "2020-06-26T15:32:24.921Z",
+      "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429",
+      "created": "2022-04-01T18:51:28.859Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.",
+      "modified": "2022-04-01T18:51:28.859Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--049b0c71-63e3-47ce-bb0b-149df0344b15",
+      "created": "2020-12-24T21:45:56.965Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access device contacts.(Citation: Lookout Uyghur Campaign)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -17271,41 +14873,25 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184",
-      "created": "2022-03-30T17:53:56.805Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T17:53:56.805Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861",
+      "created": "2021-02-08T16:36:20.711Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
         }
       ],
-      "modified": "2020-09-11T16:22:03.296Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included SMS message exfiltration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -17313,16 +14899,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11",
-      "created": "2022-04-05T19:37:16.086Z",
+      "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e",
+      "created": "2022-03-28T19:40:40.860Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T19:37:16.086Z",
+      "modified": "2022-03-28T19:40:40.860Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -17331,7 +14917,7 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41",
+      "id": "relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -17343,853 +14929,9 @@
         }
       ],
       "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the victim for status and disables other access to the phone by other jailbreaking software.(Citation: Lookout-Pegasus)",
       "relationship_type": "uses",
       "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59",
-      "created": "2020-11-24T18:18:33.743Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-15T17:39:22.154Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2",
-      "created": "2020-12-24T22:04:28.027Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-10-15T19:37:21.366Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8",
-      "created": "2019-11-21T16:42:48.437Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-15T19:47:48.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d",
-      "created": "2019-09-03T20:08:00.760Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-19T20:18:36.894Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16",
-      "created": "2022-03-30T14:43:46.034Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:43:46.034Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-RCSAndroid",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.332Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T17:48:27.332Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e",
-      "created": "2020-10-29T17:48:27.380Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.494Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.179Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.144Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.531Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9",
-      "created": "2022-03-28T19:32:05.234Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
-      "modified": "2022-03-28T19:32:05.234Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044",
-      "type": "relationship",
-      "created": "2017-10-25T14:48:53.734Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-07-29T13:57:09.300Z",
-      "description": "Android 7.0 and higher includes additional protections against this technique.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7",
-      "type": "relationship",
-      "created": "2019-10-15T19:33:42.204Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-Skygofree",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
-        }
-      ],
-      "modified": "2019-10-15T19:33:42.204Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.603Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.603Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6",
-      "created": "2022-03-30T13:48:43.977Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
-      "modified": "2022-03-30T13:48:43.977Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041",
-      "type": "relationship",
-      "created": "2017-10-25T14:48:53.742Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:08:18.481Z",
-      "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273",
-      "type": "relationship",
-      "created": "2019-09-15T15:26:22.926Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:02:13.533Z",
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d716163d-2492-4088-9235-b2310312ba27",
-      "created": "2022-04-06T15:44:48.422Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:44:48.422Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4",
-      "created": "2022-04-06T15:28:20.249Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ",
-      "modified": "2022-04-06T15:28:20.249Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.074Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.074Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.710Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.842Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.496Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T16:47:53.226Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c",
-      "created": "2020-09-11T14:54:16.646Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8",
-      "created": "2022-04-05T19:49:59.027Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:49:59.027Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Tripwire-MazarBOT",
-          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
-          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331",
-      "created": "2022-03-30T15:08:13.679Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android-VerifiedBoot",
-          "url": "https://source.android.com/security/verifiedboot/",
-          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
-      "modified": "2022-03-30T15:08:13.679Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.492Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T17:15:52.637Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404",
-      "created": "2022-04-01T15:17:21.511Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:17:21.511Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe",
-      "type": "relationship",
-      "created": "2020-11-20T15:54:07.747Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T15:54:07.747Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365",
-      "created": "2019-09-04T14:28:15.950Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb",
-      "type": "relationship",
-      "created": "2020-10-29T19:21:23.162Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:21:23.162Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -18199,464 +14941,8 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d",
-      "created": "2022-03-28T19:39:42.538Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:39:42.538Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.566Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.566Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3",
-      "created": "2020-07-20T13:27:33.486Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016",
-      "created": "2022-04-15T18:12:53.512Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Xiao-KeyRaider",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/",
-          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407/) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)",
-      "modified": "2022-04-15T18:12:53.512Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545",
-      "created": "2019-09-23T13:36:08.429Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7",
-      "created": "2022-03-31T19:53:01.320Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-31T19:53:01.320Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2793d721-df10-4621-8387-f3342def59a1",
-      "created": "2022-03-30T18:14:36.786Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
-      "modified": "2022-03-30T18:14:36.786Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120",
-      "type": "relationship",
-      "created": "2019-07-10T15:47:19.659Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-07-16T15:35:21.086Z",
-      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.982Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.982Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650",
-      "created": "2019-07-10T15:35:43.663Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2",
-      "created": "2022-03-30T19:12:31.481Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:12:31.481Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622",
-      "created": "2020-07-15T20:20:59.280Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e",
-      "created": "2022-03-30T13:45:39.184Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T13:45:39.184Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341",
-      "type": "relationship",
-      "created": "2019-07-16T14:33:12.085Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.480Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca",
-      "created": "2022-04-01T13:14:43.195Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:14:43.195Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3",
-      "created": "2020-11-24T17:55:12.830Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.778Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.778Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9",
-      "created": "2022-03-30T19:50:37.739Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:50:37.739Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9",
-      "created": "2020-09-11T14:54:16.649Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376",
-      "created": "2020-06-02T14:32:31.913Z",
+      "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f",
+      "created": "2020-06-02T14:32:31.906Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -18667,1401 +14953,11 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)",
-      "modified": "2022-04-19T20:20:20.149Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)",
+      "modified": "2022-04-20T16:40:05.898Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.177Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.177Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e",
-      "created": "2022-03-30T18:07:07.306Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
-      "modified": "2022-03-30T18:07:07.306Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3",
-      "created": "2022-04-05T19:38:18.760Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ",
-      "modified": "2022-04-05T19:38:18.760Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc",
-      "created": "2020-04-08T15:41:19.400Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can modify administrator settings and disable Play Protect.(Citation: Cofense Anubis)",
-      "modified": "2022-04-15T15:49:01.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228",
-      "created": "2022-04-01T18:44:46.780Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-01T18:44:46.780Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35",
-      "created": "2020-09-14T13:35:45.886Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.508Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.114Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817",
-      "created": "2019-09-20T18:03:57.062Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android 10 Execute",
-          "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission",
-          "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)",
-      "modified": "2022-04-01T18:37:44.516Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.304Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.304Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2",
-      "created": "2020-04-24T17:46:31.589Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-19T20:05:42.315Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-DualToy",
-          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.375Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.682Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d",
-      "created": "2020-12-17T20:15:22.496Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112",
-      "created": "2022-04-05T19:59:03.285Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:59:03.285Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9",
-      "created": "2020-07-20T13:27:33.509Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.613Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.613Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8",
-      "created": "2019-09-04T14:28:15.970Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60",
-      "created": "2020-11-24T17:55:12.828Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2",
-      "created": "2022-04-01T15:13:55.124Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not open links in applications they don’t recognize.",
-      "modified": "2022-04-01T15:13:55.124Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb",
-      "created": "2020-11-10T17:08:35.846Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175",
-      "created": "2022-03-30T15:52:09.759Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T15:52:09.759Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c",
-      "created": "2019-08-09T18:02:06.688Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce",
-      "created": "2021-01-05T20:16:20.412Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d",
-      "created": "2020-07-15T20:20:59.380Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-18T19:18:24.378Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544",
-      "created": "2022-04-05T19:40:25.071Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:40:25.071Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.478Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-10-14T17:52:48.001Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e",
-      "created": "2022-04-01T18:42:37.987Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.",
-      "modified": "2022-04-01T18:42:37.987Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Tripwire-MazarBOT",
-          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
-          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can intercept two-factor authentication codes sent by online banking apps.(Citation: Tripwire-MazarBOT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.713Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.713Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1",
-      "created": "2020-07-20T13:27:33.514Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d",
-      "created": "2022-03-30T20:13:40.625Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.",
-      "modified": "2022-03-30T20:13:40.625Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "modified": "2020-07-20T13:49:03.687Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f",
-      "created": "2019-11-21T19:16:34.776Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ArsTechnica-HummingWhale",
-          "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/",
-          "description": "Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HummingWhale](https://attack.mitre.org/software/S0321) generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, [HummingWhale](https://attack.mitre.org/software/S0321) runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.(Citation: ArsTechnica-HummingWhale)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.748Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea",
-      "created": "2022-03-30T19:32:43.015Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.",
-      "modified": "2022-03-30T19:32:43.015Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.767Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.767Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a",
-      "created": "2020-11-20T16:37:28.475Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.314Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.314Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b110d919-acd4-4fe0-a46a-ac4819508667",
-      "created": "2020-07-20T13:58:53.589Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has been installed via a malicious configuration profile.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.025Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.025Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d",
-      "created": "2022-04-05T17:14:23.789Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:23.789Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80",
-      "created": "2022-03-30T19:33:05.375Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.",
-      "modified": "2022-03-30T19:33:05.375Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.878Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.878Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.081Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396",
-      "created": "2022-04-20T17:46:43.542Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "modified": "2022-04-20T17:46:43.542Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556",
-      "created": "2019-09-04T15:38:56.678Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        },
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy)  [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19",
-      "created": "2020-09-24T15:26:15.607Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "modified": "2022-04-20T17:48:38.013Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.010Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.010Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788",
-      "created": "2020-05-07T15:33:32.903Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d",
-      "type": "relationship",
-      "created": "2020-01-21T15:30:39.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2020-01-21T15:30:39.335Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d",
-      "type": "relationship",
-      "created": "2020-10-29T19:21:23.235Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:21:23.235Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.253Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.253Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9",
-      "created": "2022-04-01T13:19:41.207Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:19:41.207Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.979Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T14:29:46.650Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409",
-      "created": "2020-06-26T15:32:25.146Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)",
-      "modified": "2022-04-20T16:37:46.192Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
       "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -20070,129 +14966,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64",
       "type": "relationship",
-      "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38",
-      "created": "2022-04-01T18:43:25.764Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
-      "modified": "2022-04-01T18:43:25.764Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) modifies the system partition to maintain persistence.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-15T16:01:53.756Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.417Z",
+      "created": "2019-11-21T16:42:48.495Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
         }
       ],
-      "modified": "2020-09-15T15:18:12.417Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)",
+      "modified": "2019-11-21T16:42:48.495Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.318Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.318Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354",
-      "type": "relationship",
-      "created": "2021-09-20T13:42:21.104Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-09-27T18:05:43.107Z",
-      "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4088b31b-d542-4935-84b4-82b592159591",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-10-10T15:22:52.591Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -20201,241 +14990,15 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c",
-      "created": "2017-10-25T14:48:53.747Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ",
-      "modified": "2022-03-30T20:32:46.334Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.708Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.797Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3",
-      "created": "2020-12-18T20:14:47.316Z",
+      "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0",
+      "created": "2019-09-03T20:08:00.711Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb",
-      "created": "2022-03-30T14:06:01.859Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T14:06:01.859Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d",
-      "created": "2020-12-24T21:45:56.969Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451",
-      "type": "relationship",
-      "created": "2019-10-10T15:03:27.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-10T15:03:27.682Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.503Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78",
-      "created": "2020-10-29T19:21:23.215Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "modified": "2022-04-19T20:11:03.972Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420",
-      "type": "relationship",
-      "created": "2021-01-20T16:01:19.409Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.409Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304",
-      "type": "relationship",
-      "created": "2019-10-10T15:27:22.091Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.091Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56",
-      "created": "2019-09-03T20:08:00.737Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
+          "source_name": "Group IB Gustuff Mar 2019",
+          "url": "https://www.group-ib.com/blog/gustuff",
+          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
+        },
         {
           "source_name": "Talos Gustuff Apr 2019",
           "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
@@ -20444,12 +15007,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:39:08.123Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)",
+      "modified": "2022-04-19T19:42:17.904Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -20458,648 +15021,7 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c",
-      "created": "2021-01-05T20:16:20.508Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect the device’s call logs.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.644Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.644Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.250Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.250Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.753Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.753Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9",
-      "created": "2021-10-01T14:42:49.170Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276",
-      "type": "relationship",
-      "created": "2021-09-24T14:47:34.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-04T20:08:48.556Z",
-      "description": "Mobile security products can often detect rooted devices.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f5d24a31-53d2-4e84-9110-2da0582132cb",
-      "created": "2020-05-07T15:33:32.936Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440)’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)",
-      "modified": "2022-04-15T16:44:17.145Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.760Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213",
-      "created": "2022-04-20T17:31:58.697Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-20T17:31:58.697Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.509Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.296Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.610Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.941Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.589Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af",
-      "created": "2022-04-01T15:29:36.082Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications",
-      "modified": "2022-04-01T15:29:36.082Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--77efa84c-5ef0-4554-b774-2dbfcca74087",
-      "type": "relationship",
-      "created": "2020-10-29T19:20:58.116Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:20:58.116Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2",
-      "created": "2022-04-08T16:29:55.322Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-08T16:29:55.322Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
-      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69",
-      "created": "2019-10-14T19:14:18.673Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Group IB Gustuff Mar 2019",
-          "url": "https://www.group-ib.com/blog/gustuff",
-          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.319Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.319Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.316Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.316Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a",
-      "created": "2020-07-27T14:14:56.996Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7c6207c7-d738-4a17-8380-595c86574b64",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.298Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.298Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can track the device’s location.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.623Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.568Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f",
-      "created": "2022-04-01T18:49:19.284Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.",
-      "modified": "2022-04-01T18:49:19.284Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.699Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.839Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014",
-      "type": "relationship",
-      "created": "2019-08-05T13:22:03.917Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.873Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064",
+      "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6",
       "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
@@ -21111,155 +15033,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-15T16:03:04.364Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195",
-      "created": "2019-10-18T14:50:57.473Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "OS security updates typically contain exploit patches when disclosed.",
-      "modified": "2022-03-28T19:20:44.337Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.213Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.213Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-RCSAndroid",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.483Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.688Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e",
-      "created": "2021-02-08T16:36:20.630Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)",
       "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -21267,520 +15046,17 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac",
       "type": "relationship",
-      "created": "2020-01-27T17:05:58.237Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.237Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63",
-      "type": "relationship",
-      "created": "2020-05-07T15:24:49.530Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-05-27T13:23:34.536Z",
-      "description": "Security updates frequently contain patches to vulnerabilities.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476",
-      "created": "2022-03-31T19:51:15.415Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Package Visibility",
-          "url": "https://developer.android.com/training/package-visibility",
-          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
-      "modified": "2022-04-11T19:19:34.658Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.501Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.492Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.655Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.410Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.946Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.136Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046",
-      "created": "2022-04-05T17:14:35.469Z",
+      "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132",
+      "created": "2022-03-30T14:06:26.530Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:35.469Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4",
-      "created": "2022-03-28T19:30:27.364Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.",
-      "modified": "2022-03-28T19:30:27.364Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-10-15T19:27:27.997Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-10-15T19:37:21.273Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted contact lists.(Citation: NYTimes-BackDoor)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443",
-      "created": "2020-07-20T13:49:03.676Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "modified": "2022-04-20T17:58:16.567Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745",
-      "created": "2022-03-30T17:54:56.603Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T17:54:56.603Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39",
-      "created": "2020-12-14T15:02:35.294Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d",
-      "created": "2020-09-29T13:24:15.234Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.519Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.519Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.757Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.380Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414",
-      "created": "2019-10-18T14:50:57.521Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
-      "modified": "2022-03-30T20:08:17.127Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.495Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03",
-      "type": "relationship",
-      "created": "2020-11-10T16:50:39.134Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T15:40:36.387Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.273Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.273Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab",
-      "created": "2022-04-11T20:06:38.811Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.",
-      "modified": "2022-04-11T20:06:38.811Z",
+      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
+      "modified": "2022-03-30T14:06:26.530Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -21789,21 +15065,141 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531",
       "type": "relationship",
-      "created": "2019-08-07T15:57:13.417Z",
+      "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f",
+      "created": "2019-09-23T13:36:08.463Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c",
+      "created": "2022-04-01T18:52:02.211Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught the dangers of rooting or jailbreaking their device.",
+      "modified": "2022-04-01T18:52:02.211Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "modified": "2022-04-19T20:07:56.150Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103",
+      "created": "2019-09-23T13:36:08.341Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can communicate with the command and control server using JSON payloads sent in HTTP POST request bodies. It can also communicate by using JSON messages sent through Google Cloud Messaging.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-19T20:12:09.565Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd",
+      "type": "relationship",
+      "created": "2020-04-08T18:55:29.196Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "source_name": "Cofense Anubis"
         }
       ],
-      "modified": "2019-09-15T15:36:42.340Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2020-04-09T16:45:38.751Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) exfiltrates data encrypted (with RC4) by its ransomware module.(Citation: Cofense Anubis)",
       "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.186Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.186Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access device configuration information and status, including Android version, battery level, device model, country, and SIM operator.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -21812,21 +15208,44 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b",
+      "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-09-11T15:14:34.064Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+          "source_name": "SMS KitKat",
+          "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html",
+          "description": "S.Main, D. Braun. (2013, October 14).  Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2020-07-20T13:49:03.710Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)",
+      "modified": "2020-10-22T17:04:15.708Z",
+      "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.903Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)",
       "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -21835,22 +15254,48 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c",
       "type": "relationship",
-      "created": "2019-07-16T14:33:12.117Z",
+      "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac",
+      "created": "2020-06-26T15:32:25.060Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.333Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
         }
       ],
-      "modified": "2020-04-27T16:52:49.643Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ",
+      "modified": "2021-02-17T20:43:52.333Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has used an online cell tower geolocation service to track targets.(Citation: Lookout FrozenCell)",
       "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -21859,7 +15304,7 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74",
+      "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef",
       "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
@@ -21871,200 +15316,11 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33",
-      "type": "relationship",
-      "created": "2020-09-11T15:45:38.450Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:45:38.450Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.173Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632",
-      "created": "2019-08-07T15:57:13.441Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.294Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e",
-      "created": "2022-04-05T17:03:34.941Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:03:34.941Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390",
-      "type": "relationship",
-      "created": "2019-08-09T18:08:07.109Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.109Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be",
-      "created": "2021-02-17T20:43:52.337Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -22073,473 +15329,15 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca",
       "type": "relationship",
-      "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)",
-      "modified": "2022-04-15T15:59:32.511Z",
+      "created": "2019-07-23T15:35:23.530Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.394Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.394Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435",
-      "created": "2022-04-05T19:51:08.770Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 12 Features",
-          "url": "https://developer.android.com/about/versions/12/features",
-          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
-      "modified": "2022-04-05T19:51:08.770Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d",
-      "created": "2019-07-10T15:35:43.658Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072",
-      "created": "2021-10-01T14:42:49.171Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-18T19:01:58.546Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.469Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T17:48:27.469Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4",
-      "created": "2020-09-15T15:18:12.362Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394",
-      "created": "2021-02-08T16:36:20.639Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.820Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.820Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9",
-      "created": "2021-01-05T20:16:20.500Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb",
-      "created": "2020-09-11T16:22:03.294Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134",
-      "created": "2020-05-04T14:04:56.158Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.210Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80",
-      "type": "relationship",
-      "created": "2020-07-20T13:49:03.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.191Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd",
-      "type": "relationship",
-      "created": "2019-10-10T15:22:52.545Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-RCSAndroid",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
-        }
-      ],
-      "modified": "2019-10-10T15:22:52.545Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865",
-      "created": "2022-04-06T15:50:42.481Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:50:42.481Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47",
-      "created": "2022-04-01T17:08:41.293Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
-      "modified": "2022-04-01T17:08:41.293Z",
+      "modified": "2020-03-30T14:03:43.920Z",
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to whitelist applications that are allowed to use Android's accessibility features.",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73",
-      "created": "2020-12-31T18:25:05.162Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -22547,96 +15345,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff",
+      "id": "relationship--d562ed4d-ac4d-476b-872e-9e228c580889",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-11-20T16:37:28.506Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
         }
       ],
-      "modified": "2019-08-09T17:59:49.021Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)",
+      "modified": "2020-11-20T16:37:28.506Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can obtain a list of installed applications.(Citation: Symantec GoldenCup)",
       "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb",
-      "created": "2020-12-14T14:52:03.184Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41",
-      "created": "2020-12-14T15:02:35.208Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)",
-      "modified": "2022-04-19T20:11:55.606Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.498Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
       "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -22645,352 +15368,7 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--17558571-7352-470b-b728-0511fb3f699d",
-      "type": "relationship",
-      "created": "2019-10-18T15:51:48.484Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:02:13.534Z",
-      "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.597Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "source_name": "FortiGuard-FlexiSpy"
-        }
-      ],
-      "modified": "2019-09-10T14:59:25.979Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f",
-      "created": "2020-06-24T18:24:35.707Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.897Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.897Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193",
-      "created": "2021-10-01T14:42:49.152Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78",
-      "type": "relationship",
-      "created": "2019-10-10T15:17:00.972Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "source_name": "FlexiSpy-Features"
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.666Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe",
-      "type": "relationship",
-      "created": "2019-12-10T16:07:41.093Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.093Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3",
-      "created": "2019-07-10T15:35:43.712Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd",
-      "created": "2022-04-01T18:50:00.027Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:50:00.027Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484",
-      "created": "2020-04-24T17:46:31.616Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9",
-      "created": "2020-04-08T15:51:25.149Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.217Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.305Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d",
-      "created": "2022-03-30T19:14:20.374Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:14:20.374Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.230Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.230Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f973c3c-45f8-432a-9859-e8749f2e7418",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.848Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b",
+      "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -23002,9 +15380,103 @@
         }
       ],
       "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[WireLurker](https://attack.mitre.org/software/S0312) obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.(Citation: PaloAlto-WireLurker)",
+      "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)",
       "relationship_type": "uses",
       "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51757971-17ac-40c3-bae7-78365579db49",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Obad",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/",
+          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)",
+      "modified": "2022-04-15T15:45:04.647Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a",
+      "created": "2020-12-24T21:55:56.691Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775",
+      "created": "2022-04-05T20:15:43.660Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:15:43.660Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -23013,25 +15485,48 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801",
       "type": "relationship",
-      "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6",
-      "created": "2020-01-21T14:20:50.409Z",
+      "created": "2020-09-11T16:22:03.207Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.207Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc",
+      "created": "2019-09-04T14:28:15.412Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)",
+      "description": " [Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23040,23 +15535,509 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630",
-      "created": "2020-07-15T20:20:59.300Z",
+      "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724",
+      "created": "2022-04-01T15:02:21.344Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken devices. ",
+      "modified": "2022-04-01T15:02:21.344Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8",
+      "created": "2022-04-01T18:49:51.050Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:49:51.050Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.900Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6",
+      "created": "2022-04-01T15:16:53.239Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:16:53.239Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987",
+      "created": "2022-04-01T18:43:15.716Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
+      "modified": "2022-04-01T18:43:15.716Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.846Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847",
+      "created": "2022-04-06T13:30:03.526Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.",
+      "modified": "2022-04-06T13:30:03.527Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.289Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.289Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e",
+      "created": "2019-09-03T20:08:00.717Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)",
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.429Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.429Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect images, videos, and attacker-specified files.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070",
+      "created": "2022-04-15T17:18:44.185Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) obfuscated command information using a custom base85-based encoding.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:18:44.185Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d",
+      "created": "2020-12-18T20:14:47.297Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.287Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.290Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.838Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.112Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95",
+      "type": "relationship",
+      "created": "2019-10-18T15:51:48.525Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-10-18T15:51:48.525Z",
+      "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594",
+      "created": "2022-04-05T17:14:08.267Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:08.267Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f",
+      "created": "2022-04-05T20:11:35.619Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ",
+      "modified": "2022-04-05T20:11:35.619Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.624Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.624Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302",
+      "created": "2022-04-05T19:42:39.957Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 12 Features",
+          "url": "https://developer.android.com/about/versions/12/features",
+          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
+      "modified": "2022-04-05T19:51:47.956Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.351Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.351Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998",
+      "created": "2020-04-08T15:41:19.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
       "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -23065,9 +16046,32 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--61550ef4-41f0-4354-af5c-f47db8aca654",
       "type": "relationship",
-      "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956",
-      "created": "2020-11-24T17:55:12.873Z",
+      "created": "2020-06-02T14:32:31.910Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.910Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999",
+      "created": "2020-11-24T17:55:12.818Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -23078,12 +16082,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ",
-      "modified": "2022-04-19T20:04:57.164Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23092,24 +16096,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03",
-      "created": "2020-12-24T21:45:56.962Z",
+      "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0",
+      "created": "2019-09-04T15:38:56.702Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "FortiGuard-FlexiSpy",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23117,48 +16121,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82",
       "type": "relationship",
-      "created": "2020-09-11T16:22:03.301Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.301Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3",
-      "created": "2020-09-15T15:18:12.462Z",
+      "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e",
+      "created": "2019-09-04T14:28:15.479Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23167,16 +16148,87 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f",
-      "created": "2022-04-06T13:39:39.883Z",
+      "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d",
+      "created": "2022-04-01T13:26:39.773Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ",
+      "modified": "2022-04-01T13:26:39.773Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9",
+      "created": "2022-03-30T14:26:02.359Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Changes to System Broadcasts",
+          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
+          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ",
+      "modified": "2022-03-30T14:26:02.359Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01",
+      "created": "2022-03-30T14:00:45.120Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T13:39:39.883Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+      "modified": "2022-03-30T14:00:45.120Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -23186,91 +16238,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2",
-      "created": "2017-10-25T14:48:53.742Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.",
-      "modified": "2022-04-01T15:34:50.556Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.426Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:13.000Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2",
-      "created": "2020-07-15T20:20:59.375Z",
+      "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a",
+      "created": "2021-01-07T17:02:31.805Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-15T15:46:05.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e2ee6825-43c2-441f-ba96-404a330a9059",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Charger](https://attack.mitre.org/software/S0323) steals contacts from the victim user's device.(Citation: CheckPoint-Charger)",
+      "description": " [Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -23279,19 +16263,23 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943",
       "type": "relationship",
-      "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133",
-      "created": "2022-03-30T20:31:41.927Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
-      "modified": "2022-03-30T20:31:41.927Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-15T19:44:36.177Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -23299,43 +16287,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb",
-      "created": "2022-04-06T15:41:03.981Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:41:03.981Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809",
-      "created": "2020-01-27T17:05:58.305Z",
+      "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb",
+      "created": "2019-08-09T16:19:02.782Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+          "source_name": "Android Capture Sensor 2019",
+          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
+          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ",
+      "modified": "2022-04-01T15:21:13.296Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23343,9 +16312,170 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60",
       "type": "relationship",
-      "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca",
-      "created": "2019-09-03T19:45:48.510Z",
+      "created": "2020-07-27T14:14:56.980Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.815Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.261Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.261Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.004Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.004Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) has the ability to record audio.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f",
+      "type": "relationship",
+      "created": "2020-04-27T16:52:49.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.444Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.698Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.412Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.417Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86",
+      "created": "2019-09-03T19:45:48.498Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -23356,12 +16486,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ",
+      "modified": "2022-04-19T20:09:24.725Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23369,22 +16499,45 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089",
+      "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc",
       "type": "relationship",
-      "created": "2020-04-24T15:12:11.189Z",
+      "created": "2020-07-15T20:20:59.298Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
         }
       ],
-      "modified": "2020-04-24T15:12:11.189Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2020-07-15T20:20:59.298Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.819Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.819Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23393,29 +16546,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544",
+      "created": "2020-05-04T14:04:56.184Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "BankInfoSecurity-BackDoor",
-          "url": "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534",
-          "description": "Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February 6, 2017."
-        },
-        {
-          "source_name": "NYTimes-BackDoor",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Adups](https://attack.mitre.org/software/S0309) was pre-installed on Android devices from some vendors.(Citation: NYTimes-BackDoor)(Citation: BankInfoSecurity-BackDoor)",
-      "modified": "2022-04-19T15:46:20.166Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23424,16 +16572,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7",
-      "created": "2022-04-01T14:59:17.991Z",
+      "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837",
+      "created": "2022-03-30T18:14:23.210Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ",
-      "modified": "2022-04-01T14:59:17.991Z",
+      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
+      "modified": "2022-03-30T18:14:23.210Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -23442,26 +16590,23 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4",
       "type": "relationship",
-      "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
+      "created": "2021-02-17T20:43:52.413Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Kaspersky-Skygofree",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-02-17T20:43:52.413Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)",
       "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -23469,8 +16614,8 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad",
-      "created": "2020-12-24T21:55:56.752Z",
+      "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659",
+      "created": "2020-12-24T21:45:56.967Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -23481,12 +16626,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-19T16:32:53.368Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23494,9 +16639,773 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77",
       "type": "relationship",
-      "created": "2020-06-26T15:32:25.035Z",
+      "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e",
+      "created": "2022-04-01T15:16:16.027Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Trend Micro iOS URL Hijacking",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
+          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
+      "modified": "2022-04-01T15:16:16.027Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd",
+      "type": "relationship",
+      "created": "2020-04-08T18:55:29.205Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        },
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.565Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089",
+      "created": "2022-03-28T19:41:27.610Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
+      "modified": "2022-03-28T19:41:27.610Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51",
+      "created": "2022-04-01T12:37:17.515Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "OS feature updates often enhance security and privacy around permissions. ",
+      "modified": "2022-04-01T12:37:17.515Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.267Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.267Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf",
+      "created": "2020-06-02T14:32:31.891Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030",
+      "created": "2022-03-30T20:42:04.251Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.",
+      "modified": "2022-03-30T20:42:04.251Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad",
+      "created": "2020-04-24T15:06:33.397Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671",
+      "created": "2021-02-08T16:36:20.709Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-18T16:07:26.671Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd",
+      "created": "2020-06-26T14:55:13.333Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.072Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15",
+      "created": "2022-03-30T14:42:27.821Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:42:27.821Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)",
+      "modified": "2022-04-20T17:41:46.451Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf",
+      "created": "2022-04-06T13:57:49.186Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:49.186Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b",
+      "created": "2022-03-30T14:08:09.882Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:08:09.882Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0",
+      "created": "2022-04-11T20:05:56.540Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-11T20:05:56.540Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-DressCode",
+          "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.449Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.548Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:00:43.490Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa",
+      "created": "2022-04-01T16:52:36.974Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T16:52:36.974Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.511Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.511Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.410Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.410Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.691Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.691Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91",
+      "created": "2020-10-29T19:21:23.187Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76",
+      "created": "2019-10-18T14:50:57.472Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain patches for known exploits.",
+      "modified": "2022-03-25T14:12:54.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.914Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.914Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.408Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.408Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd",
+      "created": "2019-09-03T19:45:48.503Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost1",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
+          "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016."
+        },
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)",
+      "modified": "2022-04-15T15:10:16.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265",
+      "created": "2021-04-19T14:29:46.510Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2022-04-19T20:07:13.475Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f",
+      "created": "2022-03-30T19:28:55.980Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.",
+      "modified": "2022-03-30T19:28:55.980Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.058Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -23510,11 +17419,11 @@
           "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
         }
       ],
-      "modified": "2020-06-26T15:32:25.035Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
+      "modified": "2020-06-26T15:32:25.058Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
       "relationship_type": "uses",
       "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -23522,734 +17431,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b",
       "type": "relationship",
-      "id": "relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd",
-      "created": "2020-12-24T21:41:37.047Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-18T16:04:02.127Z",
+      "created": "2020-12-31T18:25:05.131Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b2896068-4d54-41e1-b0f2-db9385615112",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.426Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.426Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has shown a persistent notification to maintain access to device sensors.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.005Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.005Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9",
-      "type": "relationship",
-      "created": "2020-09-11T15:52:12.520Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:52:12.520Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ac523dfb-36be-4402-acf2-abe98e183eef",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ArsTechnica-HummingBad",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "In July 2016, [HummingBad](https://attack.mitre.org/software/S0322) generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-10-15T19:56:13.162Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-Obad",
-          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5",
-      "created": "2019-08-08T18:47:57.655Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android 10 Privacy Changes",
-          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
-          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ",
-      "modified": "2022-04-01T16:35:38.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.215Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.215Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.444Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.444Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f",
-      "created": "2020-09-11T14:54:16.642Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "If running on a Huawei device, [Desert Scorpion](https://attack.mitre.org/software/S0505) adds itself to the protected apps list, which allows it to run with the screen off.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57",
-      "created": "2020-11-24T17:55:12.826Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can wipe the device.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a",
-      "created": "2022-03-30T15:52:29.935Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can potentially detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T15:52:29.935Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.456Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.455Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.443Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.526Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d",
-      "type": "relationship",
-      "created": "2021-09-20T13:54:19.957Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:54:19.957Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.017Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.017Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.642Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-15T19:44:36.125Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--40f30137-4db9-4596-b4c7-a12f1497fd92",
-      "created": "2020-11-10T17:08:35.831Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has performed rudimentary SSL certificate validation to verify C2 server authenticity before establishing a SSL connection.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-18T16:02:42.303Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.321Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:50:02.057Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576",
-      "created": "2020-12-24T22:04:27.991Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469",
-      "created": "2020-04-24T15:06:33.526Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.801Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.571Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included video recording in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.461Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.686Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae",
-      "created": "2020-12-24T22:04:27.902Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-20T17:35:38.895Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.615Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.615Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.875Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.875Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e",
-      "created": "2020-12-31T18:25:05.165Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "CYBERWARCON CHEMISTGAMES",
@@ -24257,63 +17442,11 @@
           "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ",
-      "modified": "2022-04-18T16:00:57.320Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-12-31T18:25:05.131Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)",
       "relationship_type": "uses",
       "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02",
-      "created": "2020-06-26T15:32:25.144Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)",
-      "modified": "2022-04-19T20:12:22.454Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.499Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.499Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24322,262 +17455,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070",
-      "created": "2020-12-18T20:14:47.302Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-18T19:18:56.475Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99",
-      "created": "2020-11-20T15:44:57.481Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15",
-      "type": "relationship",
-      "created": "2021-09-24T14:47:34.447Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-04T20:08:48.439Z",
-      "description": "Device attestation can often detect rooted devices.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56",
-      "created": "2017-10-25T14:48:53.738Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ",
-      "modified": "2022-04-01T13:51:48.934Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.815Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.815Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c",
-      "type": "relationship",
-      "created": "2019-12-10T16:07:41.078Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.078Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06",
-      "created": "2020-09-11T16:22:03.269Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2",
-      "type": "relationship",
-      "created": "2020-09-11T15:53:38.453Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "modified": "2020-09-11T15:53:38.453Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can automatically reply to SMS messages, and optionally delete them.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e",
-      "created": "2020-12-14T15:02:35.291Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.489Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.489Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b",
-      "created": "2022-03-30T20:48:00.360Z",
+      "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519",
+      "created": "2022-04-05T17:03:53.457Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
-      "modified": "2022-03-30T20:48:00.360Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "description": "",
+      "modified": "2022-04-05T17:03:53.457Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -24586,47 +17473,44 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c",
       "type": "relationship",
-      "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b",
-      "created": "2020-07-15T20:20:59.307Z",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "HackerNews-OldBoot",
+          "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.",
+          "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8",
+      "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2",
       "type": "relationship",
-      "created": "2019-09-04T15:38:56.994Z",
+      "created": "2020-04-24T17:46:31.586Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
         }
       ],
-      "modified": "2019-09-10T14:59:26.171Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ",
+      "modified": "2020-04-27T15:27:26.539Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
       "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -24635,22 +17519,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea",
+      "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224",
       "type": "relationship",
-      "created": "2020-07-15T20:20:59.377Z",
+      "created": "2019-09-03T20:08:00.670Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
         }
       ],
-      "modified": "2020-07-15T20:20:59.377Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)",
+      "modified": "2019-10-10T15:19:47.960Z",
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24658,22 +17542,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3",
+      "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9",
       "type": "relationship",
-      "created": "2019-09-04T15:38:56.786Z",
+      "created": "2020-04-24T17:46:31.582Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
         }
       ],
-      "modified": "2019-09-10T14:59:26.139Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)",
+      "modified": "2020-04-24T17:46:31.582Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24681,22 +17565,108 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886",
       "type": "relationship",
-      "created": "2021-02-17T20:43:52.274Z",
+      "id": "relationship--d13724d0-a5e2-433b-86bf-ead04359edec",
+      "created": "2022-04-01T15:13:10.022Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "iOS Universal Links",
+          "url": "https://developer.apple.com/ios/universal-links/",
+          "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020."
+        },
+        {
+          "source_name": "Android App Links",
+          "url": "https://developer.android.com/training/app-links/verify-site-associations",
+          "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020."
+        },
+        {
+          "source_name": "IETF-PKCE",
+          "url": "https://tools.ietf.org/html/rfc7636",
+          "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
+      "modified": "2022-04-01T15:13:10.022Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388",
+      "created": "2022-03-30T20:36:18.656Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. ",
+      "modified": "2022-03-30T20:36:18.656Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f",
+      "created": "2019-07-16T14:33:12.107Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Triada June 2016",
+          "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/",
+          "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.002Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2021-02-17T20:43:52.274Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)",
+      "modified": "2020-12-24T22:04:28.002Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24704,85 +17674,123 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3",
+      "type": "relationship",
+      "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016",
+      "created": "2019-09-23T13:36:08.335Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010",
+      "created": "2022-03-30T18:18:15.915Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T18:18:15.915Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf",
+      "created": "2019-07-16T14:33:12.144Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ",
+      "modified": "2022-04-20T17:43:35.227Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+          "source_name": "CrowdStrike-Android",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
         }
       ],
-      "modified": "2019-08-09T17:52:31.854Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
       "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5",
-      "created": "2022-09-30T19:23:02.689Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2022-09-30T19:23:02.689Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
+      "type": "relationship",
+      "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f",
+      "created": "2022-04-01T18:52:13.171Z",
       "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99",
-      "created": "2017-10-25T14:48:53.742Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Elcomsoft-iOSRestricted",
-          "url": "https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/",
-          "description": "Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September 21, 2018."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)",
-      "modified": "2022-04-01T15:35:28.360Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
+      "modified": "2022-04-01T18:52:13.171Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85",
       "type": "relationship",
-      "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a",
-      "created": "2020-11-20T16:37:28.591Z",
-      "x_mitre_version": "1.0",
+      "created": "2020-11-20T16:37:28.547Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
           "source_name": "Symantec GoldenCup",
@@ -24790,14 +17798,56 @@
           "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)",
-      "modified": "2022-04-19T20:06:25.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-11-20T16:37:28.547Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)",
       "relationship_type": "uses",
       "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0",
+      "created": "2022-04-01T15:02:04.528Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Apple regularly provides security updates for known OS vulnerabilities. ",
+      "modified": "2022-04-01T15:02:04.528Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c",
+      "created": "2019-11-21T19:16:34.820Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24806,8 +17856,27 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--4f812a57-efdc-463b-bf37-baa4bca7502b",
-      "created": "2020-05-04T14:22:20.348Z",
+      "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0",
+      "created": "2019-09-04T20:01:42.722Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
+      "modified": "2022-04-01T13:32:19.919Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--22773074-4a95-48e0-905f-688ce048b5ed",
+      "created": "2020-04-24T17:46:31.593Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -24818,12 +17887,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can uninstall itself from a device on command by abusing the accessibility service.(Citation: SecurityIntelligence TrickMo) ",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can prevent the user from interacting with the UI by showing a WebView with a persistent cursor.(Citation: SecurityIntelligence TrickMo)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24831,68 +17900,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--496976ef-4a0c-4782-95e7-231bd44df162",
+      "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da",
       "type": "relationship",
-      "created": "2020-12-14T15:02:35.295Z",
+      "created": "2021-09-24T14:52:41.308Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
         }
       ],
-      "modified": "2020-12-14T15:02:35.295Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device information, including device model and OS version.(Citation: Securelist Asacub)",
+      "modified": "2021-09-24T14:52:41.308Z",
+      "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ",
       "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.259Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.259Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.421Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.421Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24901,187 +17924,15 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc",
-      "created": "2021-10-01T14:42:49.174Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-15T15:52:38.253Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.397Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.397Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31",
-      "created": "2022-09-29T20:11:55.474Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:39:16.003Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3",
-      "created": "2020-04-08T15:41:19.404Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc",
-      "created": "2022-04-01T13:18:40.460Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ",
-      "modified": "2022-04-01T13:18:40.460Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2",
-      "created": "2020-07-27T14:14:57.020Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)",
-      "modified": "2022-04-15T15:53:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94",
-      "created": "2022-04-15T17:52:24.125Z",
+      "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77",
+      "created": "2022-04-06T15:52:41.579Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-15T17:52:24.125Z",
+      "modified": "2022-04-06T15:52:41.579Z",
       "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
+      "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
       "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -25091,75 +17942,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251",
       "type": "relationship",
-      "created": "2020-07-20T13:58:53.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.302Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474",
+      "created": "2020-09-15T15:18:12.428Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0",
-      "type": "relationship",
-      "created": "2019-09-15T15:32:17.563Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-07-09T14:07:02.315Z",
-      "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e",
-      "created": "2020-04-08T15:51:25.122Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
           "source_name": "Cybereason FakeSpy",
@@ -25167,59 +17953,13 @@
           "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
         }
       ],
-      "modified": "2020-09-15T15:18:12.459Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.175Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b",
-      "created": "2020-12-17T20:15:22.492Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
       "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -25228,950 +17968,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90",
       "type": "relationship",
-      "created": "2020-09-11T14:54:16.621Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.621Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "modified": "2019-10-10T15:24:09.355Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f",
-      "created": "2020-12-17T20:15:22.501Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898",
-      "created": "2019-09-04T14:28:16.414Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.692Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.582Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.582Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--27247071-356b-4b5f-bc8f-6436a3fec095",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's location.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.382Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.382Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415",
-      "created": "2022-03-30T14:50:07.291Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect unauthorized operating system modifications.",
-      "modified": "2022-03-30T14:50:07.291Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.367Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.367Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--07dd3318-2965-4085-be64-a8e956c7b8da",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.319Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.319Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has stored encoded strings.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1",
-      "created": "2019-07-10T15:35:43.661Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd",
-      "created": "2020-07-15T20:20:59.289Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.388Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-18T13:44:13.453Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.686Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.686Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.512Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Charger](https://attack.mitre.org/software/S0323) locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.(Citation: CheckPoint-Charger)",
-      "modified": "2022-04-18T19:27:07.679Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024",
-      "created": "2022-04-15T18:11:06.097Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Skycure-Profiles",
-          "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/",
-          "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288/) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)",
-      "modified": "2022-04-15T18:11:06.097Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa",
-      "created": "2020-11-10T17:08:35.761Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56",
-      "created": "2020-04-24T15:06:33.455Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-20T17:30:39.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d",
-      "created": "2022-04-01T17:06:06.950Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ",
-      "modified": "2022-04-01T17:06:06.950Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2",
-      "created": "2019-09-04T14:28:15.482Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-15T16:38:09.953Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Judy",
-          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.",
-          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10",
-      "created": "2019-09-03T20:08:00.649Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd",
-      "created": "2022-04-01T15:03:02.553Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:03:02.553Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.382Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.382Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4",
-      "created": "2021-01-05T20:16:20.507Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can execute commands .(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.094Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7",
-      "created": "2020-11-24T17:55:12.889Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--29357289-362c-447c-b387-9a38b50d7296",
-      "created": "2022-04-15T17:20:06.338Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        },
-        {
-          "source_name": "Check Point-Joker",
-          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
-          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)",
-      "modified": "2022-04-15T17:20:06.338Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.548Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.548Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37",
-      "created": "2020-01-27T17:05:58.263Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e",
-      "created": "2020-01-27T17:05:58.335Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.913Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-06T15:32:46.477Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.312Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.312Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25",
-      "type": "relationship",
-      "created": "2020-09-11T15:55:43.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2020-09-11T15:55:43.774Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.783Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9",
-      "created": "2019-09-04T14:28:15.316Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ",
-      "modified": "2022-04-15T16:02:44.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1",
-      "created": "2021-10-01T14:42:49.176Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-15T17:33:49.565Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941",
-      "created": "2020-07-27T14:14:56.994Z",
+      "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef",
+      "created": "2020-07-27T14:14:56.993Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -26182,79 +17981,11 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad",
-      "created": "2022-04-05T19:45:03.117Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:45:03.117Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.818Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)",
       "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
       "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -26263,25 +17994,53 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6",
       "type": "relationship",
-      "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52",
-      "created": "2019-09-23T13:36:08.459Z",
+      "created": "2020-10-29T17:48:27.225Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.225Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484",
+      "created": "2019-09-04T15:38:56.877Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        },
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -26289,323 +18048,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5",
       "type": "relationship",
-      "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237",
-      "created": "2019-11-21T16:42:48.441Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.371Z",
+      "created": "2019-09-03T19:45:48.501Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "modified": "2020-12-18T21:00:05.246Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2019-10-14T16:47:53.197Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.412Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.077Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.077Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a",
-      "created": "2020-10-29T19:21:23.143Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac",
-      "created": "2020-12-18T20:14:47.310Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd",
-      "created": "2022-03-30T20:08:40.223Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ",
-      "modified": "2022-03-30T20:08:40.223Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb",
-      "created": "2020-09-15T15:18:12.466Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)",
-      "modified": "2022-04-19T20:23:15.470Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2",
-      "created": "2019-09-03T20:08:00.704Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:18:58.074Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76",
-      "created": "2020-12-17T20:15:22.441Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with “86”.(Citation: Palo Alto HenBox)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37",
-      "type": "relationship",
-      "created": "2020-05-07T15:24:49.583Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-05-27T13:23:34.544Z",
-      "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943",
-      "created": "2022-04-05T20:11:51.188Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ",
-      "modified": "2022-04-05T20:11:51.188Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.780Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -26614,71 +18071,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-03-26T20:50:07.266Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1",
+      "created": "2020-06-26T15:32:25.002Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "PaloAlto-SpyDealer",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)",
-      "modified": "2022-04-15T16:02:14.739Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-15T17:33:17.868Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -26755,55 +18166,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1",
-      "created": "2020-06-26T15:32:25.002Z",
+      "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b",
+      "created": "2019-12-10T16:07:41.081Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-15T17:33:17.868Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484",
-      "created": "2019-09-04T15:38:56.877Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        },
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -26811,45 +18191,79 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6",
       "type": "relationship",
-      "created": "2020-10-29T17:48:27.225Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--d59da983-c521-47b6-83ab-435f7d58611d",
+      "created": "2019-11-21T16:42:48.493Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
         }
       ],
-      "modified": "2020-10-29T17:48:27.225Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP requests for C2 communication.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "modified": "2022-04-20T17:46:20.049Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5",
       "type": "relationship",
-      "created": "2019-09-03T19:45:48.501Z",
+      "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9",
+      "created": "2020-04-24T17:46:31.598Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.381Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
         }
       ],
-      "modified": "2019-10-14T16:47:53.197Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ",
+      "modified": "2021-02-17T20:43:52.381Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -26902,215 +18316,6 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.381Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.381Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b",
-      "created": "2019-12-10T16:07:41.081Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9",
-      "created": "2020-04-24T17:46:31.598Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d59da983-c521-47b6-83ab-435f7d58611d",
-      "created": "2019-11-21T16:42:48.493Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP requests for C2 communication.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "modified": "2022-04-20T17:46:20.049Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--049a5149-00c9-492a-8ffb-463f3d0cd910",
-      "created": "2022-03-30T20:13:28.442Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 10 Limitations to Hiding App Icons",
-          "url": "https://source.android.com/setup/start/android-10-release#limitations_to_hiding_app_icons",
-          "description": "Android. (n.d.). Android 10 Release Notes: Limitations to hiding app icons. Retrieved March 30, 2022."
-        },
-        {
-          "source_name": "LauncherApps getActivityList",
-          "url": "https://developer.android.com/reference/kotlin/android/content/pm/LauncherApps#getactivitylist",
-          "description": "Android. (n.d.). LauncherApps: getActivityList. Retrieved March 30, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 introduced changes to prevent malicious applications from fully suppressing their icon in the launcher.(Citation: Android 10 Limitations to Hiding App Icons)(Citation: LauncherApps getActivityList)",
-      "modified": "2022-05-20T17:16:08.998Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.157Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Proofpoint-Marcher",
-          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
-          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.142Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.142Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -27164,21 +18369,124 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60",
       "type": "relationship",
-      "created": "2020-09-11T14:54:16.585Z",
+      "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Proofpoint-Marcher",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
+          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2021-04-19T17:11:50.418Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t",
+      "modified": "2019-10-10T15:27:22.157Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--049a5149-00c9-492a-8ffb-463f3d0cd910",
+      "created": "2022-03-30T20:13:28.442Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 10 Limitations to Hiding App Icons",
+          "url": "https://source.android.com/setup/start/android-10-release#limitations_to_hiding_app_icons",
+          "description": "Android. (n.d.). Android 10 Release Notes: Limitations to hiding app icons. Retrieved March 30, 2022."
+        },
+        {
+          "source_name": "LauncherApps getActivityList",
+          "url": "https://developer.android.com/reference/kotlin/android/content/pm/LauncherApps#getactivitylist",
+          "description": "Android. (n.d.). LauncherApps: getActivityList. Retrieved March 30, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 introduced changes to prevent malicious applications from fully suppressing their icon in the launcher.(Citation: Android 10 Limitations to Hiding App Icons)(Citation: LauncherApps getActivityList)",
+      "modified": "2022-05-20T17:16:08.998Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.142Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.142Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.378Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -27213,21 +18521,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f",
+      "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-09-11T14:54:16.585Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2019-10-10T15:24:09.378Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)",
+      "modified": "2021-04-19T17:11:50.418Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t",
       "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -27236,135 +18544,48 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f",
+      "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc",
       "type": "relationship",
-      "created": "2020-12-24T22:04:28.002Z",
+      "created": "2019-09-23T13:36:08.441Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.002Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CrowdStrike-Android",
-          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
-          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
-      "relationship_type": "uses",
-      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f",
-      "created": "2022-04-01T18:52:13.171Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
-      "modified": "2022-04-01T18:52:13.171Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf",
-      "created": "2019-07-16T14:33:12.144Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ",
-      "modified": "2022-04-20T17:43:35.227Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010",
-      "created": "2022-03-30T18:18:15.915Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T18:18:15.915Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016",
-      "created": "2019-09-23T13:36:08.335Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
           "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+          "source_name": "securelist rotexy 2018"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-09-23T13:36:08.441Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
       "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb",
+      "created": "2019-09-04T15:38:56.881Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -27372,45 +18593,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85",
+      "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b",
       "type": "relationship",
-      "created": "2020-11-20T16:37:28.547Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2020-11-20T16:37:28.547Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)",
+      "modified": "2019-10-10T15:27:22.110Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da",
-      "type": "relationship",
-      "created": "2021-09-24T14:52:41.308Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2021-09-24T14:52:41.308Z",
-      "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -27419,8 +18617,8 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474",
-      "created": "2020-09-15T15:18:12.428Z",
+      "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2",
+      "created": "2020-09-15T15:18:12.460Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -27431,12 +18629,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -27445,114 +18643,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77",
-      "created": "2022-04-06T15:52:41.579Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:52:41.579Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef",
-      "created": "2020-07-27T14:14:56.993Z",
+      "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf",
+      "created": "2020-06-02T14:32:31.897Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c",
-      "created": "2019-11-21T19:16:34.820Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0",
-      "created": "2022-04-01T15:02:04.528Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Apple regularly provides security updates for known OS vulnerabilities. ",
-      "modified": "2022-04-01T15:02:04.528Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--22773074-4a95-48e0-905f-688ce048b5ed",
-      "created": "2020-04-24T17:46:31.593Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can prevent the user from interacting with the UI by showing a WebView with a persistent cursor.(Citation: SecurityIntelligence TrickMo)",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -27561,20 +18669,175 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0",
-      "created": "2019-09-04T20:01:42.722Z",
+      "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b",
+      "created": "2019-11-18T14:47:25.327Z",
       "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Kaspersky Triada March 2016",
+          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/",
+          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
-      "modified": "2022-04-01T13:32:19.919Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b",
+      "created": "2022-04-01T15:21:35.655Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ",
+      "modified": "2022-04-01T15:21:35.655Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71",
+      "created": "2019-07-10T15:42:09.606Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ",
+      "modified": "2022-04-19T20:11:29.974Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)",
+      "modified": "2022-04-19T20:08:40.140Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d",
+      "type": "relationship",
+      "created": "2019-08-09T18:06:11.672Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.672Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "modified": "2019-10-15T19:54:10.284Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -27675,24 +18938,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962",
+      "created": "2019-09-23T13:36:08.456Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout-EnterpriseApps",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -27700,25 +18963,51 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708",
+      "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2021-01-05T20:16:20.484Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "modified": "2019-10-15T19:54:10.284Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)",
+      "modified": "2021-01-05T20:16:20.484Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357",
+      "created": "2019-07-10T15:25:57.572Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -27745,55 +19034,6 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357",
-      "created": "2019-07-10T15:25:57.572Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.484Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.484Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -27824,123 +19064,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150",
       "type": "relationship",
-      "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962",
-      "created": "2019-09-23T13:36:08.456Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.610Z",
+      "created": "2020-05-11T16:37:36.673Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
         }
       ],
-      "modified": "2019-08-09T18:06:11.693Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2020-05-11T16:37:36.673Z",
+      "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ",
       "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d",
-      "created": "2020-09-11T14:54:16.587Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--56551987-326a-46ad-a34a-59bb7ab793a9",
-      "created": "2020-12-14T14:52:03.266Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can request device administrator permissions.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.650Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.650Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) has been distributed in multiple stages.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -28020,22 +19159,48 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150",
       "type": "relationship",
-      "created": "2020-05-11T16:37:36.673Z",
+      "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d",
+      "created": "2020-09-11T14:54:16.587Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.610Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "modified": "2020-05-11T16:37:36.673Z",
-      "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ",
+      "modified": "2019-08-09T18:06:11.693Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -28043,25 +19208,70 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--56551987-326a-46ad-a34a-59bb7ab793a9",
+      "created": "2020-12-14T14:52:03.266Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can request device administrator permissions.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.650Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "ArsTechnica-HummingBad",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)",
+      "modified": "2020-09-11T14:54:16.650Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) has been distributed in multiple stages.(Citation: Lookout Desert Scorpion)",
       "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2",
+      "created": "2022-04-01T13:27:29.919Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:27:29.920Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -28088,25 +19298,6 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2",
-      "created": "2022-04-01T13:27:29.919Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:27:29.920Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -28130,247 +19321,90 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b",
+      "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-StealthMango",
+          "source_name": "ArsTechnica-HummingBad",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.296Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.133Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.133Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db",
+      "type": "relationship",
+      "created": "2019-08-09T17:59:48.988Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
           "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+          "source_name": "Lookout-StealthMango"
         }
       ],
-      "modified": "2019-10-10T15:27:22.110Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)",
+      "modified": "2019-08-09T17:59:48.988Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf",
-      "created": "2020-06-02T14:32:31.897Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b",
-      "created": "2019-11-18T14:47:25.327Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Kaspersky Triada March 2016",
-          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/",
-          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2",
-      "created": "2020-09-15T15:18:12.460Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-09-23T13:36:08.441Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb",
-      "created": "2019-09-04T15:38:56.881Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)",
-      "modified": "2022-04-19T20:08:40.140Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71",
-      "created": "2019-07-10T15:42:09.606Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ",
-      "modified": "2022-04-19T20:11:29.974Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b",
-      "created": "2022-04-01T15:21:35.655Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ",
-      "modified": "2022-04-01T15:21:35.655Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d",
-      "type": "relationship",
-      "created": "2019-08-09T18:06:11.672Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.672Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
       "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -28380,8 +19414,76 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659",
-      "created": "2020-12-24T21:45:56.967Z",
+      "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22",
+      "created": "2019-03-11T15:13:40.454Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Anserver",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/",
+          "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)",
+      "modified": "2022-04-18T19:04:48.388Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-DualToy",
+          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88",
+      "created": "2022-04-01T12:37:42.068Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ",
+      "modified": "2022-04-01T12:37:42.068Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1",
+      "created": "2020-12-24T21:45:56.920Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -28392,12 +19494,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -28406,25 +19508,25 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e",
-      "created": "2022-04-01T15:16:16.027Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Trend Micro iOS URL Hijacking",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
-          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+          "source_name": "ArsTechnica-HummingBad",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
-      "modified": "2022-04-01T15:16:16.027Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store.(Citation: ArsTechnica-HummingBad)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -28432,8 +19534,86 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544",
-      "created": "2020-05-04T14:04:56.184Z",
+      "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3",
+      "created": "2021-02-08T16:36:20.788Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-15T17:35:26.197Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8",
+      "created": "2020-06-02T14:32:31.903Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fb1fe91d-0997-4403-b2a6-88400f174791",
+      "created": "2020-05-07T15:06:51.458Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -28444,977 +19624,11 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837",
-      "created": "2022-03-30T18:14:23.210Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
-      "modified": "2022-03-30T18:14:23.210Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.413Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.413Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51",
-      "created": "2022-04-01T12:37:17.515Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "OS feature updates often enhance security and privacy around permissions. ",
-      "modified": "2022-04-01T12:37:17.515Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089",
-      "created": "2022-03-28T19:41:27.610Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
-      "modified": "2022-03-28T19:41:27.610Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd",
-      "type": "relationship",
-      "created": "2020-04-08T18:55:29.205Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        },
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.565Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf",
-      "created": "2020-06-02T14:32:31.891Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad",
-      "created": "2020-04-24T15:06:33.397Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030",
-      "created": "2022-03-30T20:42:04.251Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.",
-      "modified": "2022-03-30T20:42:04.251Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.267Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.267Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9",
-      "created": "2022-03-30T14:26:02.359Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Changes to System Broadcasts",
-          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
-          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ",
-      "modified": "2022-03-30T14:26:02.359Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d",
-      "created": "2022-04-01T13:26:39.773Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ",
-      "modified": "2022-04-01T13:26:39.773Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb",
-      "created": "2019-08-09T16:19:02.782Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Capture Sensor 2019",
-          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
-          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ",
-      "modified": "2022-04-01T15:21:13.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.980Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.815Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.261Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.261Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01",
-      "created": "2022-03-30T14:00:45.120Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:00:45.120Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a",
-      "created": "2021-01-07T17:02:31.805Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-15T19:44:36.177Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.698Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.412Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.417Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.004Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.004Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) has the ability to record audio.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f",
-      "type": "relationship",
-      "created": "2020-04-27T16:52:49.444Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.444Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86",
-      "created": "2019-09-03T19:45:48.498Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ",
-      "modified": "2022-04-19T20:09:24.725Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.298Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.298Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.819Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.819Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd",
-      "created": "2019-09-03T19:45:48.503Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost1",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
-          "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016."
-        },
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)",
-      "modified": "2022-04-15T15:10:16.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.914Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.914Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.408Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.408Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f",
-      "created": "2022-03-30T19:28:55.980Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.",
-      "modified": "2022-03-30T19:28:55.980Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265",
-      "created": "2021-04-19T14:29:46.510Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ",
-      "modified": "2022-04-19T20:07:13.475Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.131Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.131Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.058Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        },
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.058Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "HackerNews-OldBoot",
-          "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.",
-          "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.670Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-10-10T15:19:47.960Z",
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.586Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-27T15:27:26.539Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.582Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.582Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519",
-      "created": "2022-04-05T17:03:53.457Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:03:53.457Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f",
-      "created": "2019-07-16T14:33:12.107Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Triada June 2016",
-          "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/",
-          "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) had many fake reviews and ratings on the Play Store.(Citation: Google Bread) ",
       "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
       "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -29423,9 +19637,218 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859",
       "type": "relationship",
-      "id": "relationship--d13724d0-a5e2-433b-86bf-ead04359edec",
-      "created": "2022-04-01T15:13:10.022Z",
+      "created": "2020-09-24T15:34:51.276Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.276Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce",
+      "created": "2022-04-01T18:42:50.381Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.",
+      "modified": "2022-04-01T18:42:50.381Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9",
+      "created": "2019-07-16T14:33:12.113Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Krebs-Triada June 2019",
+          "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/",
+          "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)",
+      "modified": "2022-04-19T15:47:32.152Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8",
+      "created": "2019-11-21T16:42:48.459Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c",
+      "created": "2022-04-01T18:45:00.923Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.",
+      "modified": "2022-04-01T18:45:00.923Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9",
+      "created": "2022-03-28T19:25:49.640Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Ensure Verified Boot is enabled on devices with that capability.",
+      "modified": "2022-03-28T19:25:49.640Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef",
+      "created": "2020-09-14T14:13:45.291Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.391Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.391Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8",
+      "created": "2022-04-01T15:16:02.324Z",
       "x_mitre_version": "0.1",
       "external_references": [
         {
@@ -29447,10 +19870,10 @@
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
-      "modified": "2022-04-01T15:13:10.022Z",
+      "modified": "2022-04-01T15:16:02.324Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -29460,66 +19883,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388",
-      "created": "2022-03-30T20:36:18.656Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. ",
-      "modified": "2022-03-30T20:36:18.656Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.072Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd",
-      "created": "2020-06-26T14:55:13.333Z",
+      "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66",
+      "created": "2019-10-01T14:23:44.054Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ",
+      "modified": "2022-04-18T16:07:57.631Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -29528,15 +19909,106 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf",
-      "created": "2022-04-06T13:57:49.186Z",
+      "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5",
+      "created": "2022-04-06T15:47:06.163Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T13:57:49.186Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
+      "modified": "2022-04-06T15:47:06.163Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.949Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.949Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.450Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1",
+      "created": "2020-07-15T20:20:59.227Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86",
+      "created": "2022-04-06T13:55:37.498Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised that applications generally do not require permission to send SMS messages.",
+      "modified": "2022-04-06T13:55:37.498Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
       "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -29546,45 +20018,46 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff",
       "type": "relationship",
-      "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96",
       "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)",
-      "modified": "2022-04-20T17:41:46.451Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-07-16T15:35:21.063Z",
+      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--ca486783-9413-4f39-8d2f-3adcb3e79127",
       "type": "relationship",
-      "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15",
-      "created": "2022-03-30T14:42:27.821Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:42:27.821Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2020-12-24T21:55:56.657Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.657Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used an AES encrypted file in the assets folder with an unsuspecting name (e.g. ‘GoogleMusic.png’) for holding configuration and C2 information.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -29592,7 +20065,7 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7",
+      "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3",
       "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
@@ -29604,12 +20077,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -29618,203 +20091,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671",
-      "created": "2021-02-08T16:36:20.709Z",
+      "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6",
+      "created": "2020-09-11T16:22:03.266Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-18T16:07:26.671Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.449Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.548Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:00:43.490Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0",
-      "created": "2022-04-11T20:05:56.540Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-11T20:05:56.540Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b",
-      "created": "2022-03-30T14:08:09.882Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:08:09.882Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-DressCode",
-          "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.691Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.691Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.410Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.410Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91",
-      "created": "2020-10-29T19:21:23.187Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect SMS messages.(Citation: Lookout ViperRAT)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -29822,22 +20116,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74",
+      "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809",
       "type": "relationship",
-      "created": "2021-01-05T20:16:20.511Z",
+      "created": "2020-12-18T20:14:47.374Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
-      "modified": "2021-01-05T20:16:20.511Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2020-12-18T20:14:47.374Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -29845,176 +20139,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce",
       "type": "relationship",
-      "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa",
-      "created": "2022-04-01T16:52:36.974Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T16:52:36.974Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76",
-      "created": "2019-10-18T14:50:57.472Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain patches for known exploits.",
-      "modified": "2022-03-25T14:12:54.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103",
-      "created": "2019-09-23T13:36:08.341Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can communicate with the command and control server using JSON payloads sent in HTTP POST request bodies. It can also communicate by using JSON messages sent through Google Cloud Messaging.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-19T20:12:09.565Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "modified": "2022-04-19T20:07:56.150Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd",
-      "type": "relationship",
-      "created": "2020-04-08T18:55:29.196Z",
+      "created": "2019-09-04T14:28:15.975Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "source_name": "Cofense Anubis"
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
         }
       ],
-      "modified": "2020-04-09T16:45:38.751Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) exfiltrates data encrypted (with RC4) by its ransomware module.(Citation: Cofense Anubis)",
+      "modified": "2019-10-14T17:51:38.054Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)",
       "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c",
-      "created": "2022-04-01T18:52:02.211Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught the dangers of rooting or jailbreaking their device.",
-      "modified": "2022-04-01T18:52:02.211Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.903Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.186Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.186Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access device configuration information and status, including Android version, battery level, device model, country, and SIM operator.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -30023,21 +20162,75 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072",
+      "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794",
       "type": "relationship",
-      "created": "2020-09-11T15:14:34.064Z",
+      "created": "2019-11-21T16:42:48.488Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SMS KitKat",
-          "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html",
-          "description": "S.Main, D. Braun. (2013, October 14).  Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020."
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
         }
       ],
-      "modified": "2020-10-22T17:04:15.708Z",
-      "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "modified": "2020-01-21T14:20:50.474Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4",
+      "type": "relationship",
+      "created": "2020-09-11T15:57:37.770Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:57:37.770Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -30047,24 +20240,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac",
-      "created": "2020-06-26T15:32:25.060Z",
+      "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d",
+      "created": "2017-10-25T14:48:53.746Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+          "source_name": "TelephonyManager",
+          "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html",
+          "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ",
+      "modified": "2022-03-30T21:04:59.921Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30072,38 +20265,74 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca",
       "type": "relationship",
-      "created": "2019-07-23T15:35:23.530Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-03-30T14:03:43.920Z",
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to whitelist applications that are allowed to use Android's accessibility features.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a",
+      "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1",
+      "created": "2019-09-04T15:38:57.037Z",
       "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)",
+      "modified": "2022-04-15T17:34:17.813Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a",
       "type": "relationship",
-      "created": "2021-02-17T20:43:52.333Z",
+      "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936",
+      "created": "2019-08-29T18:57:55.926Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Samsung Keyboards",
+          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
+          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
+      "modified": "2022-04-05T19:41:57.905Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.887Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
         }
       ],
-      "modified": "2021-02-17T20:43:52.333Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has used an online cell tower geolocation service to track targets.(Citation: Lookout FrozenCell)",
+      "modified": "2020-11-24T17:55:12.887Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)",
       "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30112,24 +20341,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef",
+      "id": "relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f",
       "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) tricks the user into sending SMS messages to premium services and then deletes those messages.(Citation: Wandera-RedDrop)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30138,279 +20367,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--51757971-17ac-40c3-bae7-78365579db49",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-Obad",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/",
-          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)",
-      "modified": "2022-04-15T15:45:04.647Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a",
-      "created": "2020-12-24T21:55:56.691Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775",
-      "created": "2022-04-05T20:15:43.660Z",
+      "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec",
+      "created": "2022-04-01T15:54:48.924Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:15:43.660Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d562ed4d-ac4d-476b-872e-9e228c580889",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.506Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.506Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can obtain a list of installed applications.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-WireLurker",
-          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)",
-      "relationship_type": "uses",
-      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--049b0c71-63e3-47ce-bb0b-149df0344b15",
-      "created": "2020-12-24T21:45:56.965Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access device contacts.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861",
-      "created": "2021-02-08T16:36:20.711Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included SMS message exfiltration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e",
-      "created": "2022-03-28T19:40:40.860Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:40:40.860Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f",
-      "created": "2020-06-02T14:32:31.906Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)",
-      "modified": "2022-04-20T16:40:05.898Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the victim for status and disables other access to the phone by other jailbreaking software.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f",
-      "created": "2019-09-23T13:36:08.463Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132",
-      "created": "2022-03-30T14:06:26.530Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
-      "modified": "2022-03-30T14:06:26.530Z",
+      "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ",
+      "modified": "2022-04-01T15:54:48.924Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -30419,22 +20385,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64",
+      "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73",
       "type": "relationship",
-      "created": "2019-11-21T16:42:48.495Z",
+      "created": "2020-07-20T14:12:15.566Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+          "source_name": "Check Point-Joker",
+          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
+          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
         }
       ],
-      "modified": "2019-11-21T16:42:48.495Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)",
+      "modified": "2020-07-20T14:12:15.566Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)",
       "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30443,29 +20409,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0",
-      "created": "2019-09-03T20:08:00.711Z",
+      "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421",
+      "created": "2020-04-24T15:12:11.217Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Group IB Gustuff Mar 2019",
-          "url": "https://www.group-ib.com/blog/gustuff",
-          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
-        },
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)",
-      "modified": "2022-04-19T19:42:17.904Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-19T20:11:19.381Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30474,7 +20435,7 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6",
+      "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13",
       "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
@@ -30486,310 +20447,11 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2022-04-19T16:54:05.627Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d",
-      "created": "2020-12-18T20:14:47.297Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.429Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.429Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect images, videos, and attacker-specified files.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070",
-      "created": "2022-04-15T17:18:44.185Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) obfuscated command information using a custom base85-based encoding.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:18:44.185Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.112Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.838Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.287Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.290Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95",
-      "type": "relationship",
-      "created": "2019-10-18T15:51:48.525Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-10-18T15:51:48.525Z",
-      "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594",
-      "created": "2022-04-05T17:14:08.267Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:08.267Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f",
-      "created": "2022-04-05T20:11:35.619Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ",
-      "modified": "2022-04-05T20:11:35.619Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302",
-      "created": "2022-04-05T19:42:39.957Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 12 Features",
-          "url": "https://developer.android.com/about/versions/12/features",
-          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
-      "modified": "2022-04-05T19:51:47.956Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.624Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.624Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999",
-      "created": "2020-11-24T17:55:12.818Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
       "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -30799,24 +20461,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e",
-      "created": "2019-09-04T14:28:15.479Z",
+      "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438",
+      "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+          "source_name": "PaloAlto-SpyDealer",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30825,24 +20487,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0",
-      "created": "2019-09-04T15:38:56.702Z",
+      "id": "relationship--4449ac76-8329-4483-b152-99b990006cbc",
+      "created": "2019-09-04T15:38:56.937Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "FortiGuard-FlexiSpy",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can collect a list of known Wi-Fi access points.(Citation: FlexiSpy-Features) ",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30850,71 +20512,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3",
       "type": "relationship",
-      "created": "2020-06-26T14:55:13.351Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.351Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--61550ef4-41f0-4354-af5c-f47db8aca654",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.910Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.910Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998",
-      "created": "2020-04-08T15:41:19.385Z",
+      "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb",
+      "created": "2020-12-24T22:04:28.024Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -30922,46 +20538,26 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801",
       "type": "relationship",
-      "created": "2020-09-11T16:22:03.207Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--10560632-6449-4579-90eb-20fc46dcca08",
+      "created": "2020-10-29T19:21:23.200Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
         }
       ],
-      "modified": "2020-09-11T16:22:03.207Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)",
       "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -30969,221 +20565,43 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724",
-      "created": "2022-04-01T15:02:21.344Z",
+      "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca",
+      "created": "2022-04-06T13:22:57.754Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Device attestation can often detect jailbroken devices. ",
-      "modified": "2022-04-01T15:02:21.344Z",
+      "description": "",
+      "modified": "2022-04-06T13:22:57.754Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6",
+      "created": "2022-04-01T14:59:53.782Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken devices.",
+      "modified": "2022-04-01T14:59:53.782Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8",
-      "created": "2022-04-01T18:49:51.050Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:49:51.050Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc",
-      "created": "2019-09-04T14:28:15.412Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987",
-      "created": "2022-04-01T18:43:15.716Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
-      "modified": "2022-04-01T18:43:15.716Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.900Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6",
-      "created": "2022-04-01T15:16:53.239Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:16:53.239Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e",
-      "created": "2019-09-03T20:08:00.717Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.846Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.289Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.289Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847",
-      "created": "2022-04-06T13:30:03.526Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.",
-      "modified": "2022-04-06T13:30:03.527Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4",
-      "created": "2022-09-29T21:22:06.716Z",
+      "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11",
+      "created": "2022-09-29T20:08:54.389Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -31196,11 +20614,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2022-09-30T18:45:10.156Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)",
+      "modified": "2022-09-30T18:38:37.195Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)",
       "relationship_type": "uses",
       "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "2.1.0",
@@ -31210,420 +20628,24 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab",
       "type": "relationship",
-      "created": "2020-09-11T16:22:03.229Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.229Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e",
-      "created": "2020-09-14T14:13:45.299Z",
+      "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158",
+      "created": "2020-10-29T17:48:27.325Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)",
-      "modified": "2022-04-18T15:58:08.240Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-19T20:13:03.349Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.015Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.015Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0",
-      "created": "2022-03-30T19:52:05.143Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:52:05.143Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "modified": "2019-10-15T19:54:10.285Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f",
-      "created": "2022-04-01T12:50:48.459Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T12:50:48.459Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118",
-      "created": "2020-12-24T21:55:56.696Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--919a13bc-74be-4660-af63-454abee92635",
-      "type": "relationship",
-      "created": "2019-03-11T15:13:40.408Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
-          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
-          "source_name": "TrendMicro-Anserver2"
-        }
-      ],
-      "modified": "2019-08-05T20:05:25.571Z",
-      "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8",
-      "created": "2019-09-04T15:38:56.721Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Xiao-ZergHelper",
-          "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.631Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.741Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.214Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.076Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5",
-      "created": "2020-04-08T15:41:19.445Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        },
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
-      "modified": "2022-04-20T17:57:23.327Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.271Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.271Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93",
-      "type": "relationship",
-      "created": "2020-09-11T15:50:18.937Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-09-11T15:50:18.937Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0",
-      "created": "2022-04-01T16:52:03.322Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T16:52:03.322Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "modified": "2022-04-19T20:10:19.381Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -31633,430 +20655,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f",
-      "created": "2019-10-18T15:51:48.451Z",
+      "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0",
+      "created": "2020-12-24T21:55:56.741Z",
       "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ",
-      "modified": "2022-04-01T13:32:32.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c",
-      "created": "2022-04-01T16:51:20.688Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.",
-      "modified": "2022-04-01T16:51:20.688Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.885Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.885Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798",
-      "type": "relationship",
-      "created": "2020-10-29T19:01:13.854Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:01:13.854Z",
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f",
-      "created": "2022-03-30T18:14:04.881Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Symantec-iOSProfile2",
-          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
-          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
-        },
-        {
-          "source_name": "Android-TrustedCA",
-          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
-          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
-      "modified": "2022-03-30T18:14:04.881Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.314Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.314Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.466Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.466Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85",
-      "created": "2022-04-01T13:13:10.587Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ",
-      "modified": "2022-04-01T13:13:10.587Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429",
-      "created": "2022-04-01T18:51:28.859Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.",
-      "modified": "2022-04-01T18:51:28.859Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.822Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.822Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0",
-      "type": "relationship",
-      "created": "2020-04-24T15:12:11.185Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:12:11.185Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a",
-      "created": "2022-04-01T14:51:51.593Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ",
-      "modified": "2022-04-01T14:51:51.593Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--32be51e2-f74d-441f-aa0d-952697a76494",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.599Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses a `FileObserver` object to monitor the Skype and WeChat database file and shared preferences to retrieve chat messages, account information, and profile pictures of the account owner and chat participants. [FlexiSpy](https://attack.mitre.org/software/S0408) can also spy on popular applications, including Facebook, Hangouts, Hike, Instagram, Kik, Line, QQ, Snapchat, Telegram, Tinder, Viber, and WhatsApp.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a",
-      "type": "relationship",
-      "created": "2019-08-09T17:52:13.352Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.877Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1",
-      "created": "2020-10-29T17:48:27.175Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-18T19:25:32.400Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625",
-      "created": "2022-03-31T16:33:55.074Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-31T16:33:55.074Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a",
-      "created": "2019-11-21T19:16:34.796Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the contact list.(Citation: Lookout Uyghur Campaign)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6",
-      "created": "2020-09-14T13:35:45.911Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-20T17:56:24.292Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298",
-      "created": "2020-12-14T15:02:35.297Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -32066,25 +20681,18 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d",
-      "created": "2019-09-04T15:38:56.883Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
+      "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e",
+      "created": "2022-03-30T19:29:07.379Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
+      "modified": "2022-03-30T19:29:07.379Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -32092,99 +20700,89 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a",
+      "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a",
+      "created": "2020-06-26T15:32:24.962Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.505Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.505Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce",
+      "created": "2022-04-06T13:57:24.730Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:24.730Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372",
+      "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7",
-      "created": "2022-04-15T16:00:43.483Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)",
-      "modified": "2022-04-15T16:00:43.483Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348",
-      "created": "2022-04-20T17:42:11.714Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)",
-      "modified": "2022-04-20T17:42:11.714Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
+          "source_name": "Xiao-KeyRaider",
+          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
         }
       ],
-      "modified": "2019-08-09T17:53:48.793Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)",
       "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -32193,34 +20791,15 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020",
-      "created": "2022-03-28T19:41:37.162Z",
+      "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c",
+      "created": "2022-04-01T18:48:03.156Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Security updates may contain patches for devices that were compromised at the supply chain level.",
-      "modified": "2022-03-28T19:41:37.162Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9",
-      "created": "2022-04-01T18:43:01.860Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-01T18:43:01.860Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "description": "",
+      "modified": "2022-04-01T18:48:03.156Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
       "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -32230,900 +20809,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c",
       "type": "relationship",
-      "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50",
-      "created": "2020-06-26T15:32:25.025Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45",
-      "created": "2019-09-15T15:32:17.580Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Notification Listeners",
-          "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)",
-          "description": "Android. (n.d.).  DevicePolicyManager. Retrieved September 15, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ",
-      "modified": "2022-04-01T14:50:28.686Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.746Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-01T19:48:44.878Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.385Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.877Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.919Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.919Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1",
-      "created": "2022-04-06T13:52:46.831Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 7 changed how the Device Administrator password APIs function.",
-      "modified": "2022-04-06T13:52:46.831Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6",
-      "created": "2019-07-10T15:35:43.665Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d",
-      "created": "2020-05-04T14:04:56.179Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)",
-      "modified": "2022-04-15T17:20:54.552Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48",
-      "created": "2020-09-24T15:34:51.298Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.888Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.888Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a",
-      "created": "2020-12-28T18:47:52.357Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--08c81253-975c-4780-8e85-c72bc6a90c88",
-      "created": "2020-10-29T19:21:23.225Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can generate revenue by automatically displaying ads.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.098Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.098Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.381Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-28T18:59:33.140Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737",
-      "created": "2022-04-18T16:53:24.617Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ",
-      "modified": "2022-04-20T16:33:23.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d",
-      "created": "2019-07-10T15:25:57.585Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "modified": "2019-10-09T14:51:42.827Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f",
-      "created": "2020-06-26T15:12:40.100Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.992Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.992Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760",
-      "created": "2022-03-30T14:41:20.735Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Changes to System Broadcasts",
-          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
-          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)",
-      "modified": "2022-03-30T14:41:20.735Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e",
-      "created": "2020-07-15T20:20:59.200Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access the device’s contact list.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.471Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-10-14T17:51:37.979Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0",
-      "created": "2020-10-29T17:48:27.394Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.282Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.282Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-09-18T13:45:58.872Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.094Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.094Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.324Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.324Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71",
-      "created": "2022-03-30T20:53:54.296Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:53:54.296Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.255Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.255Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Judy",
-          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/",
-          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.184Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:49.184Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b",
-      "created": "2022-04-06T15:51:11.939Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:51:11.939Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1284f6fe-d352-415c-9479-82141524380a",
-      "created": "2022-03-30T18:06:48.250Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
-      "modified": "2022-03-30T18:06:48.250Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c",
-      "created": "2022-04-01T18:51:44.595Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
-      "modified": "2022-04-01T18:51:44.595Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c",
-      "created": "2020-12-24T21:55:56.693Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-19T16:26:30.170Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.961Z",
+      "created": "2020-07-27T14:14:56.954Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -33132,582 +20820,10 @@
           "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
         }
       ],
-      "modified": "2020-08-10T22:18:20.782Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)",
+      "modified": "2020-08-10T22:18:20.777Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)",
       "relationship_type": "uses",
       "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a",
-      "type": "relationship",
-      "created": "2019-08-09T17:56:05.588Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.588Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d",
-      "created": "2019-09-23T13:36:08.451Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a",
-      "created": "2020-06-26T14:55:13.304Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed",
-      "created": "2019-07-10T15:35:43.668Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27",
-      "created": "2022-03-30T15:08:28.814Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect unauthorized operating system modifications. ",
-      "modified": "2022-03-30T15:08:28.814Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.928Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.928Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf",
-          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
-          "source_name": "CrowdStrike-Android"
-        }
-      ],
-      "modified": "2020-03-20T16:37:06.668Z",
-      "description": "(Citation: CrowdStrike-Android)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
-      "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b",
-      "created": "2019-07-10T15:35:43.704Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-20T17:40:40.182Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.433Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.433Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.644Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.644Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3",
-      "type": "relationship",
-      "created": "2021-04-19T14:29:46.530Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T14:29:46.530Z",
-      "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f",
-      "created": "2022-03-28T19:25:38.355Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches that inhibit system software compromises.",
-      "modified": "2022-03-28T19:25:38.355Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-15T15:36:42.312Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.157Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.157Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.383Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.383Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb",
-      "created": "2022-04-05T19:46:05.853Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Samsung Keyboards",
-          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
-          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)",
-      "modified": "2022-04-05T19:46:05.853Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.688Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.688Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f",
-      "created": "2022-03-30T20:07:33.291Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:07:33.291Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0",
-      "created": "2022-04-05T19:49:06.417Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-05T19:49:06.417Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.191Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:49.191Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b",
-      "created": "2021-02-17T20:49:24.542Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.981Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.981Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f0851531-e554-4658-920c-f2342632c19a",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Adware",
-          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is packed with at least eight publicly available exploits that can perform rooting.(Citation: Lookout-Adware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
       "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -33716,22 +20832,45 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358",
+      "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d",
       "type": "relationship",
-      "created": "2020-11-10T17:08:35.664Z",
+      "created": "2020-06-02T14:32:31.777Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2020-12-01T19:48:44.840Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-06-02T14:32:31.777Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912",
+      "type": "relationship",
+      "created": "2020-05-11T16:13:43.062Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-11T16:13:43.062Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -33740,73 +20879,50 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b",
-      "created": "2020-04-08T15:51:25.128Z",
+      "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3",
+      "created": "2020-12-14T14:52:03.283Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-20T16:43:23.973Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad",
+      "created": "2021-10-01T14:42:49.159Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369",
-      "type": "relationship",
-      "created": "2019-12-10T16:07:41.066Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.066Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b",
-      "created": "2021-01-05T20:16:20.490Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -33815,174 +20931,15 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408",
-      "created": "2020-06-26T14:55:13.349Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-18T15:57:14.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.106Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.106Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097",
-      "created": "2022-04-01T15:16:26.387Z",
+      "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330",
+      "created": "2022-04-01T15:01:53.321Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be instructed to not open links in applications they don’t recognize.",
-      "modified": "2022-04-01T15:16:26.387Z",
+      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.",
+      "modified": "2022-04-01T15:01:53.321Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.257Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.257Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ",
-      "modified": "2022-03-28T19:20:30.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14",
-      "created": "2020-06-26T15:32:25.043Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-15T15:49:23.497Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.062Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.062Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd",
-      "created": "2022-04-01T15:02:43.475Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:02:43.475Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
       "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -33992,568 +20949,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8ff45341-60d6-40d3-bb38-566814a466f9",
-      "created": "2020-07-20T13:27:33.552Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can perform primitive emulation checks.(Citation: Talos-WolfRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4",
-      "created": "2022-04-05T19:38:41.538Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
-      "modified": "2022-04-05T19:38:41.538Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe",
-      "created": "2017-10-25T14:48:53.746Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ",
-      "modified": "2022-03-30T20:07:33.678Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc",
-      "created": "2020-09-14T14:13:45.286Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)",
-      "modified": "2022-04-20T17:33:36.404Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402",
-      "created": "2021-10-01T14:42:49.178Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9",
-      "created": "2022-04-05T19:52:32.201Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:52:32.201Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.284Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.284Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083",
-      "created": "2020-01-27T17:05:58.331Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)",
-      "modified": "2022-04-20T17:39:12.403Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-09-10T13:14:39.009Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.286Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.286Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b",
-      "created": "2021-01-05T20:16:20.492Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.885Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.885Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527",
-      "created": "2019-09-04T14:28:16.335Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349",
-      "created": "2020-10-29T19:01:13.826Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has registered to receive 14 different broadcast intents for automatically triggering malware payloads. (Citation: Microsoft MalLockerB)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f81a680-3151-4608-b83f-550756632013",
-      "type": "relationship",
-      "created": "2020-07-20T13:58:53.604Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.301Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6",
-      "created": "2021-04-26T15:33:55.905Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CitizenLab Circles",
-          "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/",
-          "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31",
-      "created": "2022-04-06T13:41:17.517Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:41:17.517Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.305Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.305Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:24.955Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:24.955Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0",
-      "created": "2020-12-31T18:25:05.164Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "modified": "2022-04-15T15:16:53.317Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf",
-      "created": "2020-09-24T15:34:51.213Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.604Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.572Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a",
+      "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Gooligan Citation",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
+          "source_name": "Lookout-NotCompatible",
+          "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/"
         }
       ],
-      "modified": "2019-10-10T15:18:51.154Z",
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)",
       "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -34561,1346 +20972,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57",
+      "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc",
       "type": "relationship",
-      "created": "2020-04-08T15:51:25.120Z",
+      "created": "2020-06-02T14:32:31.871Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2020-04-08T15:51:25.120Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)",
+      "modified": "2020-06-24T18:24:35.795Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)",
       "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695",
-      "type": "relationship",
-      "created": "2020-09-11T16:23:16.363Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:23:16.363Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.396Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-16T20:52:21.426Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.515Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.216Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.488Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.704Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489)’s code is obfuscated.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef",
-      "created": "2022-03-30T20:41:43.314Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
-      "modified": "2022-03-30T20:41:43.314Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.495Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0",
-      "created": "2017-10-25T14:48:53.741Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.",
-      "modified": "2022-03-30T20:25:46.994Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.425Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1",
-      "type": "relationship",
-      "created": "2020-07-20T13:49:03.693Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.242Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9",
-      "created": "2022-04-06T13:57:38.847Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:38.847Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.125Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.125Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9",
-      "created": "2020-09-15T15:18:12.419Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a",
-      "created": "2022-03-30T19:54:43.835Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
-      "modified": "2022-03-30T19:54:43.835Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055",
-      "created": "2020-01-27T17:05:58.310Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699",
-      "created": "2020-04-24T15:06:33.393Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91",
-      "created": "2020-12-18T20:14:47.369Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7",
-      "created": "2020-07-20T13:27:33.440Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c",
-      "type": "relationship",
-      "created": "2020-01-21T15:29:27.041Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2020-01-21T15:29:27.041Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000",
-      "created": "2022-03-30T15:13:42.462Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T15:13:42.462Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164",
-      "type": "relationship",
-      "created": "2020-01-27T17:49:05.664Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:49:05.664Z",
-      "description": "(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
-      "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733",
-      "created": "2021-10-01T14:42:49.154Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f",
-      "created": "2019-12-10T16:07:41.083Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)",
-      "modified": "2022-04-15T16:00:59.657Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.218Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.218Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.497Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.497Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50",
-      "type": "relationship",
-      "created": "2021-09-20T13:50:02.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:50:02.036Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.516Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1",
-      "created": "2020-10-29T17:48:27.272Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-15T16:53:00.735Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.443Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c",
-      "created": "2019-09-03T20:08:00.687Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93c20f43-6684-471c-910f-d9577f289677",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-19T15:47:05.436Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e",
-      "created": "2022-03-30T20:45:34.433Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Package Visibility",
-          "url": "https://developer.android.com/training/package-visibility",
-          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
-      "modified": "2022-04-11T19:19:52.562Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df",
-      "created": "2020-12-14T14:52:03.351Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.407Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.407Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf",
-      "type": "relationship",
-      "created": "2020-09-11T15:43:49.309Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:43:49.309Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.916Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.071Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.174Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee",
-      "created": "2020-11-24T17:55:12.895Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678",
-      "type": "relationship",
-      "created": "2021-09-20T13:59:00.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2021-09-20T13:59:00.498Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.593Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.593Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.991Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.803Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a",
-      "type": "relationship",
-      "created": "2019-08-09T17:53:48.716Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.716Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.617Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.617Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.961Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.961Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.448Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-15T19:56:50.651Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.909Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.568Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299",
-      "created": "2022-04-01T15:13:40.779Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Trend Micro iOS URL Hijacking",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
-          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
-      "modified": "2022-04-01T15:13:40.779Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590",
-      "created": "2019-09-23T13:36:08.543Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Adware",
-          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/",
-          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)",
-      "modified": "2022-04-15T16:00:47.923Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c",
-      "created": "2020-12-14T14:52:03.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-20T17:56:51.457Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.602Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.571Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.451Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.451Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e",
-      "created": "2022-04-01T17:05:56.046Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ",
-      "modified": "2022-04-01T17:05:56.046Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187",
-      "created": "2020-09-14T14:13:45.236Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -35979,71 +21069,6 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330",
-      "created": "2022-04-01T15:01:53.321Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.",
-      "modified": "2022-04-01T15:01:53.321Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.871Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-24T18:24:35.795Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-NotCompatible",
-          "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)",
-      "relationship_type": "uses",
-      "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -36165,29 +21190,6 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -36237,6 +21239,29 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -36293,41 +21318,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038",
       "type": "relationship",
-      "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b",
-      "created": "2020-11-24T18:18:33.772Z",
-      "x_mitre_version": "1.0",
+      "created": "2020-12-24T21:45:56.961Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-12-24T21:45:56.961Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694",
-      "type": "relationship",
-      "created": "2019-11-19T17:32:20.701Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-12-26T16:14:33.468Z",
-      "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36335,22 +21341,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb",
+      "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f",
       "type": "relationship",
-      "created": "2020-01-27T17:05:58.308Z",
+      "created": "2019-09-23T13:36:08.448Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
         }
       ],
-      "modified": "2020-01-27T17:05:58.308Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2019-10-15T19:56:50.651Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36358,74 +21364,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42",
       "type": "relationship",
-      "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f",
-      "created": "2020-10-29T19:01:13.839Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71",
-      "created": "2022-04-18T15:49:00.561Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-18T15:49:00.561Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.256Z",
+      "created": "2020-11-10T17:08:35.593Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-09-14T14:13:45.256Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)",
+      "modified": "2020-11-10T17:08:35.593Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36433,104 +21387,90 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678",
       "type": "relationship",
-      "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80",
-      "created": "2022-03-31T19:51:41.431Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
-      "modified": "2022-03-31T19:51:41.431Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2021-09-20T13:59:00.498Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
       ],
-      "type": "relationship",
-      "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643",
-      "created": "2020-09-14T13:35:45.909Z",
+      "modified": "2021-09-20T13:59:00.498Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-20T12:58:23.550Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
-      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a",
       "type": "relationship",
-      "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e",
-      "created": "2022-04-08T16:29:30.371Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-08T16:29:30.371Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747",
-      "created": "2022-03-30T19:51:56.543Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:51:56.543Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2019-08-09T17:53:48.716Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
         }
       ],
-      "modified": "2019-08-09T17:56:05.683Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2019-08-09T17:53:48.716Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.991Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.803Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.617Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.617Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
       "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -36540,24 +21480,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae",
-      "created": "2019-09-04T20:01:42.753Z",
+      "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590",
+      "created": "2019-09-23T13:36:08.543Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Nightwatch screencap April 2016",
-          "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/",
-          "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019."
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ",
-      "modified": "2022-04-01T13:31:59.712Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36566,58 +21506,212 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658",
-      "created": "2022-04-01T19:06:40.361Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Adware",
+          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/",
+          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T19:06:40.361Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)",
+      "modified": "2022-04-15T16:00:47.923Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080",
       "type": "relationship",
-      "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c",
-      "created": "2022-04-01T14:59:39.294Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Apple regularly provides security updates for known OS vulnerabilities.",
-      "modified": "2022-04-01T14:59:39.294Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7",
-      "type": "relationship",
-      "created": "2019-03-11T15:13:40.425Z",
+      "created": "2019-09-04T14:28:15.909Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
-          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
-          "source_name": "TrendMicro-Anserver2"
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
         }
       ],
-      "modified": "2019-10-15T19:55:04.517Z",
-      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)",
+      "modified": "2019-09-04T14:32:12.568Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)",
       "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299",
+      "created": "2022-04-01T15:13:40.779Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Trend Micro iOS URL Hijacking",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
+          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
+      "modified": "2022-04-01T15:13:40.779Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.602Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.571Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c",
+      "created": "2020-12-14T14:52:03.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-20T17:56:51.457Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187",
+      "created": "2020-09-14T14:13:45.236Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e",
+      "created": "2022-04-01T17:05:56.046Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ",
+      "modified": "2022-04-01T17:05:56.046Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.451Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.451Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -36626,45 +21720,23 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d",
       "type": "relationship",
-      "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327",
-      "created": "2022-04-01T18:53:48.715Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:53:48.715Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2019-09-03T19:45:48.505Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Zscaler-SpyNote",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017."
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-09-11T13:25:19.178Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads  [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -36716,9 +21788,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d",
+      "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4",
       "type": "relationship",
-      "created": "2019-09-03T19:45:48.505Z",
+      "created": "2019-09-03T19:45:48.485Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -36727,14 +21799,40 @@
           "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "modified": "2019-09-11T13:25:19.178Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads  [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ",
+      "modified": "2019-09-11T13:25:19.117Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
       "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51",
+      "created": "2020-12-14T14:52:03.359Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-19T20:20:46.694Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -36814,96 +21912,28 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4",
       "type": "relationship",
-      "created": "2019-09-03T19:45:48.485Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.117Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51",
-      "created": "2020-12-14T14:52:03.359Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-19T20:20:46.694Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2",
+      "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc",
       "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "FireEye-RuMMS",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017."
+          "source_name": "Kaspersky-WUC",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438",
-      "created": "2022-03-30T20:07:19.296Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:07:19.296Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -36935,25 +21965,18 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
-        }
-      ],
+      "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438",
+      "created": "2022-03-30T20:07:19.296Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "description": "",
+      "modified": "2022-03-30T20:07:19.296Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -36984,8 +22007,457 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef",
-      "created": "2020-09-14T14:13:45.291Z",
+      "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f",
+      "created": "2020-10-29T19:01:13.839Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.308Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.308Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b",
+      "created": "2020-11-24T18:18:33.772Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694",
+      "type": "relationship",
+      "created": "2019-11-19T17:32:20.701Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-12-26T16:14:33.468Z",
+      "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643",
+      "created": "2020-09-14T13:35:45.909Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-20T12:58:23.550Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80",
+      "created": "2022-03-31T19:51:41.431Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
+      "modified": "2022-03-31T19:51:41.431Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71",
+      "created": "2022-04-18T15:49:00.561Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-18T15:49:00.561Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.256Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e",
+      "created": "2022-04-08T16:29:30.371Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-08T16:29:30.371Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658",
+      "created": "2022-04-01T19:06:40.361Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T19:06:40.361Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae",
+      "created": "2019-09-04T20:01:42.753Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Nightwatch screencap April 2016",
+          "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/",
+          "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ",
+      "modified": "2022-04-01T13:31:59.712Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c",
+      "created": "2022-04-01T14:59:39.294Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Apple regularly provides security updates for known OS vulnerabilities.",
+      "modified": "2022-04-01T14:59:39.294Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327",
+      "created": "2022-04-01T18:53:48.715Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:53:48.715Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7",
+      "type": "relationship",
+      "created": "2019-03-11T15:13:40.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
+          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
+          "source_name": "TrendMicro-Anserver2"
+        }
+      ],
+      "modified": "2019-10-15T19:55:04.517Z",
+      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.683Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747",
+      "created": "2022-03-30T19:51:56.543Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:51:56.543Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402",
+      "created": "2021-10-01T14:42:49.178Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9",
+      "created": "2022-04-05T19:52:32.201Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:52:32.201Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc",
+      "created": "2020-09-14T14:13:45.286Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -36996,12 +22468,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)",
+      "modified": "2022-04-20T17:33:36.404Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37009,22 +22481,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009",
+      "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1",
       "type": "relationship",
-      "created": "2020-11-20T16:37:28.391Z",
+      "created": "2020-07-15T20:20:59.284Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
         }
       ],
-      "modified": "2020-11-20T16:37:28.391Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)",
+      "modified": "2020-07-15T20:20:59.284Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37033,39 +22505,209 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9",
-      "created": "2022-03-28T19:25:49.640Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe",
+      "created": "2017-10-25T14:48:53.746Z",
+      "x_mitre_version": "1.0",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Ensure Verified Boot is enabled on devices with that capability.",
-      "modified": "2022-03-28T19:25:49.640Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ",
+      "modified": "2022-03-30T20:07:33.678Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07",
+      "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055",
       "type": "relationship",
-      "created": "2020-12-24T21:45:56.949Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
         }
       ],
-      "modified": "2020-12-24T21:45:56.949Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2019-09-10T13:14:39.009Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083",
+      "created": "2020-01-27T17:05:58.331Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2022-04-20T17:39:12.403Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b",
+      "created": "2021-01-05T20:16:20.492Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.885Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.885Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.286Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.286Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0",
+      "created": "2020-12-31T18:25:05.164Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2022-04-15T15:16:53.317Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.305Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.305Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:24.955Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:24.955Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37075,32 +22717,256 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8",
-      "created": "2022-04-01T15:16:02.324Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527",
+      "created": "2019-09-04T14:28:16.335Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "iOS Universal Links",
-          "url": "https://developer.apple.com/ios/universal-links/",
-          "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020."
-        },
-        {
-          "source_name": "Android App Links",
-          "url": "https://developer.android.com/training/app-links/verify-site-associations",
-          "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020."
-        },
-        {
-          "source_name": "IETF-PKCE",
-          "url": "https://tools.ietf.org/html/rfc7636",
-          "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016."
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
-      "modified": "2022-04-01T15:16:02.324Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f81a680-3151-4608-b83f-550756632013",
+      "type": "relationship",
+      "created": "2020-07-20T13:58:53.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.301Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6",
+      "created": "2021-04-26T15:33:55.905Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CitizenLab Circles",
+          "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/",
+          "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349",
+      "created": "2020-10-29T19:01:13.826Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has registered to receive 14 different broadcast intents for automatically triggering malware payloads. (Citation: Microsoft MalLockerB)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31",
+      "created": "2022-04-06T13:41:17.517Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:41:17.517Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408",
+      "created": "2020-06-26T14:55:13.349Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-18T15:57:14.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.066Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.066Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b",
+      "created": "2021-01-05T20:16:20.490Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.106Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.106Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.257Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.257Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097",
+      "created": "2022-04-01T15:16:26.387Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not open links in applications they don’t recognize.",
+      "modified": "2022-04-01T15:16:26.387Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
       "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -37111,24 +22977,17 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66",
-      "created": "2019-10-01T14:23:44.054Z",
+      "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3",
+      "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ",
-      "modified": "2022-04-18T16:07:57.631Z",
+      "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ",
+      "modified": "2022-03-28T19:20:30.375Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37137,16 +22996,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5",
-      "created": "2022-04-06T15:47:06.163Z",
+      "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd",
+      "created": "2022-04-01T15:02:43.475Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T15:47:06.163Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "modified": "2022-04-01T15:02:43.475Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37156,8 +23015,1214 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1",
-      "created": "2020-07-15T20:20:59.227Z",
+      "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4",
+      "created": "2022-04-05T19:38:41.538Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
+      "modified": "2022-04-05T19:38:41.538Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8ff45341-60d6-40d3-bb38-566814a466f9",
+      "created": "2020-07-20T13:27:33.552Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can perform primitive emulation checks.(Citation: Talos-WolfRAT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14",
+      "created": "2020-06-26T15:32:25.043Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-15T15:49:23.497Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.062Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.062Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91",
+      "created": "2020-12-18T20:14:47.369Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055",
+      "created": "2020-01-27T17:05:58.310Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699",
+      "created": "2020-04-24T15:06:33.393Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c",
+      "type": "relationship",
+      "created": "2020-01-21T15:29:27.041Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2020-01-21T15:29:27.041Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7",
+      "created": "2020-07-20T13:27:33.440Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733",
+      "created": "2021-10-01T14:42:49.154Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f",
+      "created": "2019-12-10T16:07:41.083Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)",
+      "modified": "2022-04-15T16:00:59.657Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.218Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.218Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164",
+      "type": "relationship",
+      "created": "2020-01-27T17:49:05.664Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:49:05.664Z",
+      "description": "(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.497Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.497Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000",
+      "created": "2022-03-30T15:13:42.462Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T15:13:42.462Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.916Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.071Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf",
+      "type": "relationship",
+      "created": "2020-09-11T15:43:49.309Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:43:49.309Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.407Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.407Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df",
+      "created": "2020-12-14T14:52:03.351Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.174Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee",
+      "created": "2020-11-24T17:55:12.895Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1",
+      "created": "2020-10-29T17:48:27.272Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-15T16:53:00.735Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.516Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.443Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50",
+      "type": "relationship",
+      "created": "2021-09-20T13:50:02.036Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:50:02.036Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93c20f43-6684-471c-910f-d9577f289677",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-19T15:47:05.436Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c",
+      "created": "2019-09-03T20:08:00.687Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e",
+      "created": "2022-03-30T20:45:34.433Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Package Visibility",
+          "url": "https://developer.android.com/training/package-visibility",
+          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
+      "modified": "2022-04-11T19:19:52.562Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695",
+      "type": "relationship",
+      "created": "2020-09-11T16:23:16.363Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:23:16.363Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
+        }
+      ],
+      "modified": "2019-10-10T15:18:51.154Z",
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.120Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.120Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf",
+      "created": "2020-09-24T15:34:51.213Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.572Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.396Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-16T20:52:21.426Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.515Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.216Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.704Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489)’s code is obfuscated.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.425Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef",
+      "created": "2022-03-30T20:41:43.314Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
+      "modified": "2022-03-30T20:41:43.314Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0",
+      "created": "2017-10-25T14:48:53.741Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.",
+      "modified": "2022-03-30T20:25:46.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.495Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9",
+      "created": "2020-09-15T15:18:12.419Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a",
+      "created": "2022-03-30T19:54:43.835Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
+      "modified": "2022-03-30T19:54:43.835Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1",
+      "type": "relationship",
+      "created": "2020-07-20T13:49:03.693Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.242Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.125Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.125Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9",
+      "created": "2022-04-06T13:57:38.847Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:38.847Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0",
+      "created": "2020-10-29T17:48:27.394Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.471Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:51:37.979Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.282Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.282Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e",
+      "created": "2020-07-15T20:20:59.200Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -37168,12 +24233,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access the device’s contact list.(Citation: Bitdefender Mandrake)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37181,21 +24246,116 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209",
+      "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363",
       "type": "relationship",
-      "created": "2020-04-24T15:06:33.449Z",
+      "created": "2020-12-24T22:04:27.992Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-04-24T15:06:33.450Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2020-12-24T22:04:27.992Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760",
+      "created": "2022-03-30T14:41:20.735Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Changes to System Broadcasts",
+          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
+          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)",
+      "modified": "2022-03-30T14:41:20.735Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.094Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.094Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.324Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.324Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
       "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37205,46 +24365,104 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6",
-      "created": "2020-09-11T16:22:03.266Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
+      "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71",
+      "created": "2022-03-30T20:53:54.296Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect SMS messages.(Citation: Lookout ViperRAT)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "description": "",
+      "modified": "2022-03-30T20:53:54.296Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--ca486783-9413-4f39-8d2f-3adcb3e79127",
+      "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade",
       "type": "relationship",
-      "created": "2020-12-24T21:55:56.657Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
         }
       ],
-      "modified": "2020-12-24T21:55:56.657Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used an AES encrypted file in the assets folder with an unsuspecting name (e.g. ‘GoogleMusic.png’) for holding configuration and C2 information.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2019-09-18T13:45:58.872Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.184Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:49.184Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b",
+      "created": "2022-04-06T15:51:11.939Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:51:11.939Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.255Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.255Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37254,159 +24472,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3",
+      "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9",
       "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "PaloAlto-SpyDealer",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
+          "source_name": "CheckPoint-Judy",
+          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/",
+          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86",
-      "created": "2022-04-06T13:55:37.498Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised that applications generally do not require permission to send SMS messages.",
-      "modified": "2022-04-06T13:55:37.498Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-07-16T15:35:21.063Z",
-      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88",
-      "created": "2022-04-01T12:37:42.068Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ",
-      "modified": "2022-04-01T12:37:42.068Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-DualToy",
-          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1",
-      "created": "2020-12-24T21:45:56.920Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ArsTechnica-HummingBad",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store.(Citation: ArsTechnica-HummingBad)",
+      "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)",
       "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
       "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37415,45 +24497,60 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3",
       "type": "relationship",
-      "created": "2020-09-14T14:13:45.296Z",
+      "id": "relationship--1284f6fe-d352-415c-9479-82141524380a",
+      "created": "2022-03-30T18:06:48.250Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
+      "modified": "2022-03-30T18:06:48.250Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.296Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d",
       "type": "relationship",
-      "created": "2020-12-31T18:25:05.133Z",
+      "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1",
+      "created": "2022-04-06T13:52:46.831Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 7 changed how the Device Administrator password APIs function.",
+      "modified": "2022-04-06T13:52:46.831Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.919Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-12-31T18:25:05.133Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2020-12-24T22:04:27.919Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37462,24 +24559,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22",
-      "created": "2019-03-11T15:13:40.454Z",
+      "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6",
+      "created": "2019-07-10T15:35:43.665Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "TrendMicro-Anserver",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/",
-          "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017."
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)",
-      "modified": "2022-04-18T19:04:48.388Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37487,32 +24584,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db",
       "type": "relationship",
-      "created": "2019-08-09T17:59:48.988Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:48.988Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fb1fe91d-0997-4403-b2a6-88400f174791",
-      "created": "2020-05-07T15:06:51.458Z",
+      "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d",
+      "created": "2020-05-04T14:04:56.179Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -37523,11 +24597,3195 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) had many fake reviews and ratings on the Play Store.(Citation: Google Bread) ",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)",
+      "modified": "2022-04-15T17:20:54.552Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.746Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-01T19:48:44.878Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45",
+      "created": "2019-09-15T15:32:17.580Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Notification Listeners",
+          "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)",
+          "description": "Android. (n.d.).  DevicePolicyManager. Retrieved September 15, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ",
+      "modified": "2022-04-01T14:50:28.686Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.385Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.877Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--08c81253-975c-4780-8e85-c72bc6a90c88",
+      "created": "2020-10-29T19:21:23.225Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can generate revenue by automatically displaying ads.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.098Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.098Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.888Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.888Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a",
+      "created": "2020-12-28T18:47:52.357Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48",
+      "created": "2020-09-24T15:34:51.298Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.381Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-28T18:59:33.140Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d",
+      "created": "2019-07-10T15:25:57.585Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f",
+      "created": "2020-06-26T15:12:40.100Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "modified": "2019-10-09T14:51:42.827Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737",
+      "created": "2022-04-18T16:53:24.617Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ",
+      "modified": "2022-04-20T16:33:23.507Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f",
+      "created": "2022-03-28T19:25:38.355Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches that inhibit system software compromises.",
+      "modified": "2022-03-28T19:25:38.355Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.312Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.433Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.433Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b",
+      "created": "2019-07-10T15:35:43.704Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-20T17:40:40.182Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3",
+      "type": "relationship",
+      "created": "2021-04-19T14:29:46.530Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T14:29:46.530Z",
+      "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.644Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.644Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.688Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.688Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb",
+      "created": "2022-04-05T19:46:05.853Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Samsung Keyboards",
+          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
+          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)",
+      "modified": "2022-04-05T19:46:05.853Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.383Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.383Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.157Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.157Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.191Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:49.191Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b",
+      "created": "2021-02-17T20:49:24.542Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f",
+      "created": "2022-03-30T20:07:33.291Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:07:33.291Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0",
+      "created": "2022-04-05T19:49:06.417Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-05T19:49:06.417Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b",
+      "created": "2020-04-08T15:51:25.128Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.664Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-01T19:48:44.840Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f0851531-e554-4658-920c-f2342632c19a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Adware",
+          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is packed with at least eight publicly available exploits that can perform rooting.(Citation: Lookout-Adware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.981Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.981Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.961Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.782Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c",
+      "created": "2022-04-01T18:51:44.595Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
+      "modified": "2022-04-01T18:51:44.595Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c",
+      "created": "2020-12-24T21:55:56.693Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-19T16:26:30.170Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a",
+      "type": "relationship",
+      "created": "2019-08-09T17:56:05.588Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.588Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d",
+      "created": "2019-09-23T13:36:08.451Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed",
+      "created": "2019-07-10T15:35:43.668Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a",
+      "created": "2020-06-26T14:55:13.304Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27",
+      "created": "2022-03-30T15:08:28.814Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect unauthorized operating system modifications. ",
+      "modified": "2022-03-30T15:08:28.814Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.928Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.928Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "source_name": "CrowdStrike-Android"
+        }
+      ],
+      "modified": "2020-03-20T16:37:06.668Z",
+      "description": "(Citation: CrowdStrike-Android)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
+      "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817",
+      "created": "2019-09-20T18:03:57.062Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android 10 Execute",
+          "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission",
+          "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)",
+      "modified": "2022-04-01T18:37:44.516Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-DualToy",
+          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.304Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.304Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2",
+      "created": "2020-04-24T17:46:31.589Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2022-04-19T20:05:42.315Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d",
+      "created": "2020-12-17T20:15:22.496Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.682Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9",
+      "created": "2020-07-20T13:27:33.509Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112",
+      "created": "2022-04-05T19:59:03.285Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:59:03.285Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.375Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60",
+      "created": "2020-11-24T17:55:12.828Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8",
+      "created": "2019-09-04T14:28:15.970Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.613Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.613Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2",
+      "created": "2022-03-30T19:12:31.481Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:12:31.481Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e",
+      "created": "2022-03-30T13:45:39.184Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T13:45:39.184Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622",
+      "created": "2020-07-15T20:20:59.280Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650",
+      "created": "2019-07-10T15:35:43.663Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca",
+      "created": "2022-04-01T13:14:43.195Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:14:43.195Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341",
+      "type": "relationship",
+      "created": "2019-07-16T14:33:12.085Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.480Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.778Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.778Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3",
+      "created": "2020-11-24T17:55:12.830Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9",
+      "created": "2022-03-30T19:50:37.739Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:50:37.739Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9",
+      "created": "2020-09-11T14:54:16.649Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376",
+      "created": "2020-06-02T14:32:31.913Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)",
+      "modified": "2022-04-19T20:20:20.149Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35",
+      "created": "2020-09-14T13:35:45.886Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3",
+      "created": "2022-04-05T19:38:18.760Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ",
+      "modified": "2022-04-05T19:38:18.760Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc",
+      "created": "2020-04-08T15:41:19.400Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can modify administrator settings and disable Play Protect.(Citation: Cofense Anubis)",
+      "modified": "2022-04-15T15:49:01.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.114Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e",
+      "created": "2022-03-30T18:07:07.306Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
+      "modified": "2022-03-30T18:07:07.306Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.177Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.177Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228",
+      "created": "2022-04-01T18:44:46.780Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-01T18:44:46.780Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.314Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.314Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a",
+      "created": "2020-11-20T16:37:28.475Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.767Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.767Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea",
+      "created": "2022-03-30T19:32:43.015Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.",
+      "modified": "2022-03-30T19:32:43.015Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b110d919-acd4-4fe0-a46a-ac4819508667",
+      "created": "2020-07-20T13:58:53.589Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has been installed via a malicious configuration profile.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.878Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.878Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.081Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.025Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.025Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80",
+      "created": "2022-03-30T19:33:05.375Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.",
+      "modified": "2022-03-30T19:33:05.375Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d",
+      "created": "2022-04-05T17:14:23.789Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:23.789Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396",
+      "created": "2022-04-20T17:46:43.542Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "modified": "2022-04-20T17:46:43.542Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556",
+      "created": "2019-09-04T15:38:56.678Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        },
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy)  [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb",
+      "created": "2020-11-10T17:08:35.846Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175",
+      "created": "2022-03-30T15:52:09.759Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T15:52:09.759Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2",
+      "created": "2022-04-01T15:13:55.124Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not open links in applications they don’t recognize.",
+      "modified": "2022-04-01T15:13:55.124Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d",
+      "created": "2020-07-15T20:20:59.380Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-18T19:18:24.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce",
+      "created": "2021-01-05T20:16:20.412Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544",
+      "created": "2022-04-05T19:40:25.071Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:40:25.071Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.478Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:52:48.001Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e",
+      "created": "2022-04-01T18:42:37.987Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.",
+      "modified": "2022-04-01T18:42:37.987Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c",
+      "created": "2019-08-09T18:02:06.688Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.507Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1",
+      "created": "2020-07-20T13:27:33.514Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Tripwire-MazarBOT",
+          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
+          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can intercept two-factor authentication codes sent by online banking apps.(Citation: Tripwire-MazarBOT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.713Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.713Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f",
+      "created": "2019-11-21T19:16:34.776Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingWhale",
+          "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/",
+          "description": "Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HummingWhale](https://attack.mitre.org/software/S0321) generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, [HummingWhale](https://attack.mitre.org/software/S0321) runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.(Citation: ArsTechnica-HummingWhale)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.748Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "modified": "2020-07-20T13:49:03.687Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d",
+      "created": "2022-03-30T20:13:40.625Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.",
+      "modified": "2022-03-30T20:13:40.625Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.201Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-03-26T20:50:07.154Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.405Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-28T18:47:52.600Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8",
+      "created": "2022-03-30T19:54:24.468Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ",
+      "modified": "2022-03-30T19:55:15.724Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e",
+      "created": "2020-06-26T15:32:24.921Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.050Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.050Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59",
+      "created": "2020-11-24T18:18:33.743Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-15T17:39:22.154Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11",
+      "created": "2022-04-05T19:37:16.086Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:37:16.086Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-10-15T19:37:21.366Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2",
+      "created": "2020-12-24T22:04:28.027Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184",
+      "created": "2022-03-30T17:53:56.805Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T17:53:56.805Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.296Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-15T19:47:48.036Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d",
+      "created": "2019-09-03T20:08:00.760Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-19T20:18:36.894Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8",
+      "created": "2019-11-21T16:42:48.437Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "modified": "2019-10-09T14:51:42.845Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
+        }
+      ],
+      "modified": "2019-10-10T15:18:51.121Z",
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56",
+      "created": "2020-06-26T15:32:25.045Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab",
+      "created": "2020-09-11T14:54:16.589Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126",
+      "created": "2019-09-03T19:45:48.517Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.495Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc",
+      "created": "2022-03-30T19:36:20.304Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
+      "modified": "2022-03-30T19:36:20.304Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.744Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.744Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.531Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:55:55.049Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.900Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.634Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.634Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6",
+      "created": "2020-04-08T15:51:25.125Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1",
+      "created": "2019-09-04T15:38:56.809Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.398Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.398Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.799Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.138Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record video.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Tripwire-MazarBOT",
+          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
+          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
       "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37537,8 +27795,991 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8",
-      "created": "2020-06-02T14:32:31.903Z",
+      "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8",
+      "created": "2022-04-05T19:49:59.027Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:49:59.027Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404",
+      "created": "2022-04-01T15:17:21.511Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:17:21.511Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-14T17:15:52.637Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331",
+      "created": "2022-03-30T15:08:13.679Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "url": "https://source.android.com/security/verifiedboot/",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
+      "modified": "2022-03-30T15:08:13.679Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.566Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.566Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d",
+      "created": "2022-03-28T19:39:42.538Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:39:42.538Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3",
+      "created": "2020-07-20T13:27:33.486Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365",
+      "created": "2019-09-04T14:28:15.950Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe",
+      "type": "relationship",
+      "created": "2020-11-20T15:54:07.747Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T15:54:07.747Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb",
+      "type": "relationship",
+      "created": "2020-10-29T19:21:23.162Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:21:23.162Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7",
+      "created": "2022-03-31T19:53:01.320Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-31T19:53:01.320Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120",
+      "type": "relationship",
+      "created": "2019-07-10T15:47:19.659Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-07-16T15:35:21.086Z",
+      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2793d721-df10-4621-8387-f3342def59a1",
+      "created": "2022-03-30T18:14:36.786Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
+      "modified": "2022-03-30T18:14:36.786Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.982Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.982Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016",
+      "created": "2022-04-15T18:12:53.512Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Xiao-KeyRaider",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/",
+          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407/) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)",
+      "modified": "2022-04-15T18:12:53.512Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545",
+      "created": "2019-09-23T13:36:08.429Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.332Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.332Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16",
+      "created": "2022-03-30T14:43:46.034Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:43:46.034Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.603Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.603Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7",
+      "type": "relationship",
+      "created": "2019-10-15T19:33:42.204Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
+        }
+      ],
+      "modified": "2019-10-15T19:33:42.204Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.531Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e",
+      "created": "2020-10-29T17:48:27.380Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.494Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.179Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.144Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044",
+      "type": "relationship",
+      "created": "2017-10-25T14:48:53.734Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-07-29T13:57:09.300Z",
+      "description": "Android 7.0 and higher includes additional protections against this technique.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9",
+      "created": "2022-03-28T19:32:05.234Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
+      "modified": "2022-03-28T19:32:05.234Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d716163d-2492-4088-9235-b2310312ba27",
+      "created": "2022-04-06T15:44:48.422Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:44:48.422Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273",
+      "type": "relationship",
+      "created": "2019-09-15T15:26:22.926Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:02:13.533Z",
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041",
+      "type": "relationship",
+      "created": "2017-10-25T14:48:53.742Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:08:18.481Z",
+      "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6",
+      "created": "2022-03-30T13:48:43.977Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
+      "modified": "2022-03-30T13:48:43.977Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.710Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.842Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.496Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-14T16:47:53.226Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c",
+      "created": "2020-09-11T14:54:16.646Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4",
+      "created": "2022-04-06T15:28:20.249Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ",
+      "modified": "2022-04-06T15:28:20.249Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.074Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.074Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791",
+      "created": "2022-03-30T19:33:17.520Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
+      "modified": "2022-03-30T19:33:17.520Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.485Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.485Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.596Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.799Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.589Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e",
+      "created": "2020-06-02T14:32:31.900Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -37549,12 +28790,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37562,22 +28803,68 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859",
+      "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39",
       "type": "relationship",
-      "created": "2020-09-24T15:34:51.276Z",
+      "created": "2020-04-08T15:41:19.364Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
         }
       ],
-      "modified": "2020-09-24T15:34:51.276Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)",
+      "modified": "2020-04-08T15:41:19.364Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)",
       "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.421Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.421Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.502Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.502Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37586,24 +28873,43 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3",
-      "created": "2021-02-08T16:36:20.788Z",
+      "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a",
+      "created": "2022-04-01T12:49:32.365Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ",
+      "modified": "2022-04-01T12:49:32.365Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385",
+      "created": "2020-10-29T17:48:27.440Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-15T17:35:26.197Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37612,7 +28918,672 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c",
+      "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696",
+      "created": "2022-03-28T19:38:23.189Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:38:23.190Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1db350b2-1e8b-4d58-9086-eac41de1b110",
+      "created": "2022-04-05T17:13:56.584Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:13:56.584Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "modified": "2022-04-19T20:08:26.141Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b",
+      "created": "2020-12-24T21:55:56.743Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.745Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.745Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b",
+      "created": "2020-09-11T14:54:16.638Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c",
+      "created": "2022-04-06T15:52:07.805Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:52:07.805Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5",
+      "type": "relationship",
+      "created": "2019-09-03T20:08:00.764Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-09-15T15:35:33.379Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689",
+      "created": "2022-04-06T13:35:43.203Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult",
+      "modified": "2022-04-06T13:35:43.203Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81",
+      "created": "2022-04-05T20:03:46.789Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:03:46.789Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b",
+      "created": "2022-04-06T13:52:37.470Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be cautioned against granting administrative access to applications.",
+      "modified": "2022-04-06T13:52:37.470Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.490Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.490Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.800Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:54:20.494Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.339Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.339Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2115228b-c61a-4ebb-829a-df7355635fbf",
+      "created": "2020-12-17T20:15:22.491Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d",
+      "created": "2019-09-03T20:08:00.708Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T16:55:56.825Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.686Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23",
+      "created": "2020-12-24T22:04:27.911Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113",
+      "created": "2020-06-26T15:32:25.032Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T15:39:17.961Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.276Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.276Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f",
+      "created": "2022-03-30T14:49:47.451Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "url": "https://source.android.com/security/verifiedboot/",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
+      "modified": "2022-03-30T14:49:47.451Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.549Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.524Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.310Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.310Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.726Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.726Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.145Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f",
       "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
@@ -37624,11 +29595,620 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)",
+      "modified": "2022-04-18T19:27:33.225Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Proofpoint-Marcher",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
+          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.445Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.445Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--44da429b-9dee-43c9-9397-445c6f9e647e",
+      "created": "2022-03-30T19:54:59.651Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android includes system partition integrity mechanisms that could detect unauthorized modifications. ",
+      "modified": "2022-03-30T19:54:59.651Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0",
+      "created": "2019-08-07T15:57:13.453Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.962Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.747Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.183Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.183Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-06T15:32:46.533Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1",
+      "created": "2022-04-05T19:48:31.354Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:48:31.354Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21",
+      "type": "relationship",
+      "created": "2021-01-20T16:01:19.323Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zimperium z9",
+          "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/",
+          "description": "zLabs. (2019, November 12).  How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.323Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--022e941f-30c3-45a9-9f6f-36e704b80060",
+      "created": "2020-04-24T17:46:31.574Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) registers for the `SCREEN_ON` and `SMS_DELIVER` intents to perform actions when the device is unlocked and when the device receives an SMS message.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.386Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-09-23T13:36:08.386Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)",
+      "modified": "2022-04-19T20:09:40.582Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4",
+      "type": "relationship",
+      "created": "2021-03-25T16:39:40.200Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2021-03-25T16:39:40.200Z",
+      "description": "(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
+      "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.945Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.945Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952",
+      "created": "2020-04-24T17:46:31.564Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.728Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.728Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467",
+      "created": "2022-04-11T20:06:56.034Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-11T20:06:56.034Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.524Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.524Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.248Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3",
+      "created": "2020-07-15T20:20:59.287Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-15T15:57:54.150Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34351abd-1f58-420a-a893-ad822839815d",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures call logs.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.000Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.856Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea",
+      "created": "2019-10-18T14:52:53.193Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
+      "modified": "2022-03-30T20:07:50.094Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.415Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.339Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b",
+      "created": "2022-04-01T16:51:04.584Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "GoogleIO2016",
+          "url": "https://www.youtube.com/watch?v=XZzLjllizYs",
+          "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)",
+      "modified": "2022-04-01T16:51:04.584Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68",
+      "created": "2020-06-26T14:55:13.311Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37638,16 +30218,143 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce",
-      "created": "2022-04-01T18:42:50.381Z",
+      "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856",
+      "created": "2020-05-04T14:04:56.211Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)",
+      "modified": "2022-04-19T20:17:16.407Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39",
+      "created": "2020-06-26T14:55:13.387Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) communicates with the C2 using HTTP requests.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-19T20:05:11.228Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6",
+      "created": "2022-04-20T17:36:25.707Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-20T17:36:25.707Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--54dac52d-5279-407f-b7b4-5484ae90b98c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.402Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.402Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has downloaded and installed additional applications.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a",
+      "created": "2020-01-27T17:05:58.265Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s call log.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920",
+      "created": "2022-04-05T19:46:22.326Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.",
-      "modified": "2022-04-01T18:42:50.381Z",
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
+      "modified": "2022-04-05T19:46:22.326Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37657,23 +30364,268 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8",
-      "created": "2019-11-21T16:42:48.459Z",
+      "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49",
+      "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+          "source_name": "Lookout-PegasusAndroid",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)",
+      "modified": "2022-04-19T20:22:47.253Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd",
+      "created": "2021-02-08T16:36:20.707Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.986Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.986Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can install new applications which are obtained from the C2 server.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.419Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.419Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.562Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "source_name": "FortiGuard-FlexiSpy"
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.500Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36",
+      "created": "2020-05-07T15:33:32.895Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510",
+      "created": "2019-10-07T16:32:27.127Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.340Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T18:55:29.238Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.390Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-10-14T20:49:24.646Z",
+      "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288",
+      "created": "2020-07-15T20:20:59.291Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
       "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37683,28 +30635,292 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9",
-      "created": "2019-07-16T14:33:12.113Z",
+      "id": "relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f",
+      "created": "2019-10-18T14:50:57.494Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities.",
+      "modified": "2022-04-11T14:26:44.192Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee",
+      "created": "2019-08-07T15:57:13.443Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Krebs-Triada June 2019",
-          "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/",
-          "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)",
-      "modified": "2022-04-19T15:47:32.152Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.640Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.640Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can encrypt exfiltrated data.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6",
+      "created": "2022-04-05T19:54:12.660Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:54:12.660Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50",
+      "type": "relationship",
+      "created": "2019-10-10T15:14:57.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-10T15:14:57.378Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.553Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.518Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.489Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.128Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
+      "created": "2022-04-01T17:08:15.158Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "CSRIC5-WG10-FinalReport",
+          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
+          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
+      "modified": "2022-04-11T19:09:00.362Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3",
+      "created": "2019-10-18T15:51:48.487Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
+      "modified": "2022-04-05T19:42:51.306Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e",
+      "created": "2022-03-30T20:43:31.249Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:43:31.249Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564",
+      "created": "2020-11-10T17:08:35.771Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.427Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:42:15.628Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "HackerNews-Allwinner",
+          "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html",
+          "description": "Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.(Citation: HackerNews-Allwinner)",
+      "modified": "2022-04-15T15:16:35.892Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--08784a9d-09e9-4dce-a839-9612398214e8",
       "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37713,21 +30929,461 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451",
+      "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-09-11T16:22:03.231Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)",
+      "modified": "2020-09-11T16:22:03.231Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)",
       "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cea30219-a255-43ae-b731-9512c5044523",
+      "created": "2022-04-18T19:46:02.547Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-18T19:46:02.547Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65",
+      "type": "relationship",
+      "created": "2021-04-19T17:05:42.574Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T17:05:42.574Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7",
+      "created": "2022-04-01T18:45:11.299Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.",
+      "modified": "2022-04-01T18:45:11.299Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d",
+      "created": "2019-10-18T14:50:57.491Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities.",
+      "modified": "2022-03-30T15:52:58.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f",
+      "created": "2020-12-24T21:55:56.749Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has hidden its app icon.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.740Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-12T13:51:41.045Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--492d5699-f885-411a-8431-254fcf33fb12",
+      "created": "2019-08-09T16:14:58.367Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Capture Sensor 2019",
+          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
+          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device’s camera.(Citation: Android Capture Sensor 2019)",
+      "modified": "2022-04-01T13:56:12.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d",
+      "created": "2020-06-26T14:55:13.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-15T17:39:39.931Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383",
+      "created": "2022-04-05T20:17:46.149Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:17:46.149Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a",
+      "created": "2019-07-16T14:33:12.175Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Triada March 2016",
+          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/",
+          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Triada](https://attack.mitre.org/software/S0424) variants capture transaction data from SMS-based in-app purchases.(Citation: Kaspersky Triada March 2016) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.997Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.997Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.537Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de",
+      "type": "relationship",
+      "created": "2019-10-14T20:49:24.571Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-10-14T20:49:24.571Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.701Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.399Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8",
+      "created": "2022-03-30T18:06:21.355Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Symantec-iOSProfile2",
+          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
+          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
+        },
+        {
+          "source_name": "Android-TrustedCA",
+          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
+          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
+      "modified": "2022-03-30T18:06:21.355Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af",
+      "created": "2020-12-14T14:52:03.322Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.452Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.452Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b",
+      "created": "2022-03-30T19:28:42.179Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ",
+      "modified": "2022-03-30T19:28:42.179Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.178Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.178Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37737,24 +31393,838 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c",
-      "created": "2022-04-01T18:45:00.923Z",
+      "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a",
+      "created": "2022-04-05T19:52:38.539Z",
       "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "CSRIC-WG1-FinalReport",
+          "description": "CSRIC-WG1-FinalReport"
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.",
-      "modified": "2022-04-01T18:45:00.923Z",
+      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ",
+      "modified": "2022-04-05T19:52:38.539Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
       "type": "relationship",
-      "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11",
-      "created": "2022-09-29T20:08:54.389Z",
+      "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32",
+      "created": "2020-06-26T20:16:32.181Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ",
+      "modified": "2022-04-19T20:19:01.733Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e",
+      "type": "relationship",
+      "created": "2020-01-14T17:47:08.826Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2020-01-14T17:47:08.826Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0",
+      "created": "2022-03-30T20:31:57.183Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.",
+      "modified": "2022-03-30T20:31:57.183Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69",
+      "created": "2020-04-08T15:51:25.078Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef",
+      "created": "2022-04-05T20:14:17.442Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:14:17.442Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38",
+      "type": "relationship",
+      "created": "2020-05-11T16:37:36.616Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
+        }
+      ],
+      "modified": "2020-05-11T16:37:36.616Z",
+      "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--22f5308c-77ee-4198-be1c-54062aa6a613",
+      "created": "2020-12-31T18:25:05.160Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2022-04-19T20:05:27.076Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328",
+      "created": "2022-03-30T19:34:09.377Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:34:09.377Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.514Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.514Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can list all hidden files in the `/DCIM/.dat/` directory.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--529107fd-6420-4573-8dbf-cdcd49c2708c",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.307Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.307Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can gather device network information.(Citation: Cybereason EventBot) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.510Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.382Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.382Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.582Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.582Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--27247071-356b-4b5f-bc8f-6436a3fec095",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's location.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898",
+      "created": "2019-09-04T14:28:16.414Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.692Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.367Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.367Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd",
+      "created": "2020-07-15T20:20:59.289Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--07dd3318-2965-4085-be64-a8e956c7b8da",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.319Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.319Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has stored encoded strings.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1",
+      "created": "2019-07-10T15:35:43.661Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415",
+      "created": "2022-03-30T14:50:07.291Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect unauthorized operating system modifications.",
+      "modified": "2022-03-30T14:50:07.291Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Charger](https://attack.mitre.org/software/S0323) locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.(Citation: CheckPoint-Charger)",
+      "modified": "2022-04-18T19:27:07.679Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024",
+      "created": "2022-04-15T18:11:06.097Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Skycure-Profiles",
+          "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/",
+          "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288/) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)",
+      "modified": "2022-04-15T18:11:06.097Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa",
+      "created": "2020-11-10T17:08:35.761Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56",
+      "created": "2020-04-24T15:06:33.455Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-20T17:30:39.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.512Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.388Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-18T13:44:13.453Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.686Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.686Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--496976ef-4a0c-4782-95e7-231bd44df162",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.295Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.295Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device information, including device model and OS version.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.259Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.259Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc",
+      "created": "2021-10-01T14:42:49.174Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-15T15:52:38.253Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31",
+      "created": "2022-09-29T20:11:55.474Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -37767,11 +32237,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2022-09-30T18:38:37.195Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)",
+      "modified": "2022-09-30T18:39:16.003Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)",
       "relationship_type": "uses",
       "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "2.1.0",
@@ -37781,41 +32251,84 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b",
       "type": "relationship",
-      "id": "relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6",
-      "created": "2022-04-01T14:59:53.782Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken devices.",
-      "modified": "2022-04-01T14:59:53.782Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.505Z",
+      "created": "2020-12-17T20:15:22.397Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
         }
       ],
-      "modified": "2021-01-05T20:16:20.505Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2020-12-17T20:15:22.397Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.421Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.421Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251",
+      "type": "relationship",
+      "created": "2020-07-20T13:58:53.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.302Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0",
+      "type": "relationship",
+      "created": "2019-09-15T15:32:17.563Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-07-09T14:07:02.315Z",
+      "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -37824,16 +32337,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce",
-      "created": "2022-04-06T13:57:24.730Z",
+      "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc",
+      "created": "2022-04-01T13:18:40.460Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:24.730Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ",
+      "modified": "2022-04-01T13:18:40.460Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37843,23 +32356,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0",
-      "created": "2020-12-24T21:55:56.741Z",
+      "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3",
+      "created": "2020-04-08T15:41:19.404Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the contact list.(Citation: Lookout Uyghur Campaign)",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37869,68 +32382,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158",
-      "created": "2020-10-29T17:48:27.325Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-19T20:13:03.349Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a",
-      "created": "2020-06-26T15:32:24.962Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e",
-      "created": "2022-03-30T19:29:07.379Z",
+      "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94",
+      "created": "2022-04-15T17:52:24.125Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
-      "modified": "2022-03-30T19:29:07.379Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "description": "",
+      "modified": "2022-04-15T17:52:24.125Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37939,21 +32400,168 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372",
+      "type": "relationship",
+      "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2",
+      "created": "2020-07-27T14:14:57.020Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)",
+      "modified": "2022-04-15T15:53:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e",
       "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Xiao-KeyRaider",
-          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)",
+      "modified": "2019-10-10T15:27:22.175Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f",
+      "created": "2020-12-17T20:15:22.501Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.621Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.621Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b",
+      "created": "2020-12-17T20:15:22.492Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.355Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.459Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37963,16 +32571,42 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c",
-      "created": "2022-04-01T18:48:03.156Z",
+      "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e",
+      "created": "2020-04-08T15:51:25.122Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad",
+      "created": "2022-04-05T19:45:03.117Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-01T18:48:03.156Z",
+      "modified": "2022-04-05T19:45:03.117Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -37981,22 +32615,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912",
+      "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9",
       "type": "relationship",
-      "created": "2020-05-11T16:13:43.062Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
         }
       ],
-      "modified": "2020-05-11T16:13:43.062Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ",
+      "modified": "2019-08-09T17:52:31.818Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38005,8 +32639,60 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad",
-      "created": "2021-10-01T14:42:49.159Z",
+      "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941",
+      "created": "2020-07-27T14:14:56.994Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1",
+      "created": "2021-10-01T14:42:49.176Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -38017,12 +32703,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-15T17:33:49.565Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38031,24 +32717,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3",
-      "created": "2020-12-14T14:52:03.283Z",
+      "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9",
+      "created": "2019-09-04T14:28:15.316Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-20T16:43:23.973Z",
+      "description": " [Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ",
+      "modified": "2022-04-15T16:02:44.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38056,45 +32742,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c",
+      "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864",
       "type": "relationship",
-      "created": "2020-07-27T14:14:56.954Z",
+      "created": "2020-06-26T15:12:40.077Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
         }
       ],
-      "modified": "2020-08-10T22:18:20.777Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)",
+      "modified": "2020-06-26T15:12:40.077Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)",
       "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.777Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.777Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38103,24 +32766,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d",
-      "created": "2017-10-25T14:48:53.746Z",
+      "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52",
+      "created": "2019-09-23T13:36:08.459Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "TelephonyManager",
-          "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html",
-          "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016."
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ",
-      "modified": "2022-03-30T21:04:59.921Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38128,21 +32791,44 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4",
+      "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb",
       "type": "relationship",
-      "created": "2020-09-11T15:57:37.770Z",
+      "created": "2020-12-18T20:14:47.412Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
-      "modified": "2020-09-11T15:57:37.770Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2020-12-18T20:14:47.412Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)",
       "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.371Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T21:00:05.246Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38151,9 +32837,1210 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794",
       "type": "relationship",
-      "created": "2019-11-21T16:42:48.488Z",
+      "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237",
+      "created": "2019-11-21T16:42:48.441Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2",
+      "created": "2019-09-03T20:08:00.704Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:18:58.074Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb",
+      "created": "2020-09-15T15:18:12.466Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)",
+      "modified": "2022-04-19T20:23:15.470Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76",
+      "created": "2020-12-17T20:15:22.441Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with “86”.(Citation: Palo Alto HenBox)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac",
+      "created": "2020-12-18T20:14:47.310Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd",
+      "created": "2022-03-30T20:08:40.223Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ",
+      "modified": "2022-03-30T20:08:40.223Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a",
+      "created": "2020-10-29T19:21:23.143Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-03-26T20:50:07.266Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2022-04-15T16:02:14.739Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.780Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943",
+      "created": "2022-04-05T20:11:51.188Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ",
+      "modified": "2022-04-05T20:11:51.188Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37",
+      "type": "relationship",
+      "created": "2020-05-07T15:24:49.583Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-05-27T13:23:34.544Z",
+      "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Judy",
+          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.",
+          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10",
+      "created": "2019-09-03T20:08:00.649Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2",
+      "created": "2019-09-04T14:28:15.482Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-15T16:38:09.953Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.382Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.382Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4",
+      "created": "2021-01-05T20:16:20.507Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can execute commands .(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd",
+      "created": "2022-04-01T15:03:02.553Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:03:02.553Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d",
+      "created": "2022-04-01T17:06:06.950Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ",
+      "modified": "2022-04-01T17:06:06.950Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.548Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.548Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7",
+      "created": "2020-11-24T17:55:12.889Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--29357289-362c-447c-b387-9a38b50d7296",
+      "created": "2022-04-15T17:20:06.338Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        },
+        {
+          "source_name": "Check Point-Joker",
+          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
+          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)",
+      "modified": "2022-04-15T17:20:06.338Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e",
+      "created": "2020-01-27T17:05:58.335Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37",
+      "created": "2020-01-27T17:05:58.263Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.094Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.312Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.312Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25",
+      "type": "relationship",
+      "created": "2020-09-11T15:55:43.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2020-09-11T15:55:43.774Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.913Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-06T15:32:46.477Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.783Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7",
+      "created": "2022-04-01T14:59:17.991Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ",
+      "modified": "2022-04-01T14:59:17.991Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089",
+      "type": "relationship",
+      "created": "2020-04-24T15:12:11.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:12:11.189Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BankInfoSecurity-BackDoor",
+          "url": "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534",
+          "description": "Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February 6, 2017."
+        },
+        {
+          "source_name": "NYTimes-BackDoor",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Adups](https://attack.mitre.org/software/S0309) was pre-installed on Android devices from some vendors.(Citation: NYTimes-BackDoor)(Citation: BankInfoSecurity-BackDoor)",
+      "modified": "2022-04-19T15:46:20.166Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca",
+      "created": "2019-09-03T19:45:48.510Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.035Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        },
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.035Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd",
+      "created": "2020-12-24T21:41:37.047Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-18T16:04:02.127Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b2896068-4d54-41e1-b0f2-db9385615112",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.426Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.426Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has shown a persistent notification to maintain access to device sensors.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.005Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.005Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.215Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9",
+      "type": "relationship",
+      "created": "2020-09-11T15:52:12.520Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:52:12.520Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-10-15T19:56:13.162Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5",
+      "created": "2019-08-08T18:47:57.655Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android 10 Privacy Changes",
+          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
+          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ",
+      "modified": "2022-04-01T16:35:38.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ac523dfb-36be-4402-acf2-abe98e183eef",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingBad",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "In July 2016, [HummingBad](https://attack.mitre.org/software/S0322) generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Obad",
+          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad",
+      "created": "2020-12-24T21:55:56.752Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-19T16:32:53.368Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.443Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.526Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d",
+      "type": "relationship",
+      "created": "2021-09-20T13:54:19.957Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:54:19.957Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.444Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.456Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -38167,11 +34054,11 @@
           "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
         }
       ],
-      "modified": "2020-01-21T14:20:50.474Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "modified": "2020-01-21T14:20:50.455Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
       "relationship_type": "uses",
       "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38179,44 +34066,92 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce",
       "type": "relationship",
-      "created": "2019-09-04T14:28:15.975Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f",
+      "created": "2020-09-11T14:54:16.642Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2019-10-14T17:51:38.054Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "If running on a Huawei device, [Desert Scorpion](https://attack.mitre.org/software/S0505) adds itself to the protected apps list, which allows it to run with the screen off.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809",
       "type": "relationship",
-      "created": "2020-12-18T20:14:47.374Z",
+      "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57",
+      "created": "2020-11-24T17:55:12.826Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can wipe the device.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a",
+      "created": "2022-03-30T15:52:29.935Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can potentially detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T15:52:29.935Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
         }
       ],
-      "modified": "2020-12-18T20:14:47.374Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2019-08-09T17:56:05.642Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38226,24 +34161,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c",
+      "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "TrendMicro-XLoader",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018."
+          "source_name": "Zscaler-SpyNote",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38251,10 +34186,335 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1",
+      "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.887Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-15T19:44:36.125Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--40f30137-4db9-4596-b4c7-a12f1497fd92",
+      "created": "2020-11-10T17:08:35.831Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has performed rudimentary SSL certificate validation to verify C2 server authenticity before establishing a SSL connection.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-18T16:02:42.303Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.017Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.017Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f973c3c-45f8-432a-9859-e8749f2e7418",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.848Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d",
+      "created": "2022-03-30T19:14:20.374Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:14:20.374Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.230Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.230Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-WireLurker",
+          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[WireLurker](https://attack.mitre.org/software/S0312) obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.(Citation: PaloAlto-WireLurker)",
+      "relationship_type": "uses",
+      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484",
+      "created": "2020-04-24T17:46:31.616Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd",
+      "created": "2022-04-01T18:50:00.027Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:50:00.027Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.217Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.305Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9",
+      "created": "2020-04-08T15:51:25.149Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6",
+      "created": "2020-01-21T14:20:50.409Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630",
+      "created": "2020-07-15T20:20:59.300Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f",
+      "created": "2022-04-06T13:39:39.883Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:39:39.883Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956",
+      "created": "2020-11-24T17:55:12.873Z",
+      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "Talos GPlayed",
@@ -38262,10 +34522,62 @@
           "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
         }
       ],
-      "modified": "2020-11-24T17:55:12.887Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ",
+      "modified": "2022-04-19T20:04:57.164Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03",
+      "created": "2020-12-24T21:45:56.962Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.301Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.301Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38275,16 +34587,42 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec",
-      "created": "2022-04-01T15:54:48.924Z",
+      "id": "relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3",
+      "created": "2020-09-15T15:18:12.462Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb",
+      "created": "2022-04-06T15:41:03.981Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ",
-      "modified": "2022-04-01T15:54:48.924Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "description": "",
+      "modified": "2022-04-06T15:41:03.981Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38294,24 +34632,43 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133",
+      "created": "2022-03-30T20:31:41.927Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
+      "modified": "2022-03-30T20:31:41.927Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809",
+      "created": "2020-01-27T17:05:58.305Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) tricks the user into sending SMS messages to premium services and then deletes those messages.(Citation: Wandera-RedDrop)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38320,24 +34677,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936",
-      "created": "2019-08-29T18:57:55.926Z",
+      "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2",
+      "created": "2020-07-15T20:20:59.375Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Samsung Keyboards",
-          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
-          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
-      "modified": "2022-04-05T19:41:57.905Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-15T15:46:05.503Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38346,9 +34703,149 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1",
-      "created": "2019-09-04T15:38:57.037Z",
+      "id": "relationship--e2ee6825-43c2-441f-ba96-404a330a9059",
+      "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Charger](https://attack.mitre.org/software/S0323) steals contacts from the victim user's device.(Citation: CheckPoint-Charger)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2",
+      "created": "2017-10-25T14:48:53.742Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.",
+      "modified": "2022-04-01T15:34:50.556Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.426Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:13.000Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.377Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.377Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.786Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.139Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b",
+      "created": "2020-07-15T20:20:59.307Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
           "source_name": "FlexiSpy-Features",
@@ -38356,14 +34853,109 @@
           "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)",
-      "modified": "2022-04-15T17:34:17.813Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-09-10T14:59:26.171Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ",
       "relationship_type": "uses",
       "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.854Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.274Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5",
+      "created": "2022-09-30T19:23:02.689Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T19:23:02.689Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a",
+      "created": "2020-11-20T16:37:28.591Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)",
+      "modified": "2022-04-19T20:06:25.036Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38372,8 +34964,181 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421",
-      "created": "2020-04-24T15:12:11.217Z",
+      "id": "relationship--4f812a57-efdc-463b-bf37-baa4bca7502b",
+      "created": "2020-05-04T14:22:20.348Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can uninstall itself from a device on command by abusing the accessibility service.(Citation: SecurityIntelligence TrickMo) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99",
+      "created": "2017-10-25T14:48:53.742Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Elcomsoft-iOSRestricted",
+          "url": "https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/",
+          "description": "Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September 21, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)",
+      "modified": "2022-04-01T15:35:28.360Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.801Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.571Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included video recording in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.461Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.686Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576",
+      "created": "2020-12-24T22:04:27.991Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.321Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:50:02.057Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469",
+      "created": "2020-04-24T15:06:33.526Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -38384,11 +35149,115 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-19T20:11:19.381Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99",
+      "created": "2020-11-20T15:44:57.481Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070",
+      "created": "2020-12-18T20:14:47.302Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-18T19:18:56.475Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e",
+      "created": "2020-12-31T18:25:05.165Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ",
+      "modified": "2022-04-18T16:00:57.320Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae",
+      "created": "2020-12-24T22:04:27.902Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-20T17:35:38.895Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38397,22 +35266,45 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73",
+      "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e",
       "type": "relationship",
-      "created": "2020-07-20T14:12:15.566Z",
+      "created": "2020-06-02T14:32:31.875Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Check Point-Joker",
-          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
-          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2020-07-20T14:12:15.566Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)",
+      "modified": "2020-06-02T14:32:31.875Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ",
       "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.615Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.615Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38421,24 +35313,120 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02",
+      "created": "2020-06-26T15:32:25.144Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout-PegasusAndroid",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-19T16:54:05.627Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)",
+      "modified": "2022-04-19T20:12:22.454Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.499Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.499Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.815Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.815Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15",
+      "type": "relationship",
+      "created": "2021-09-24T14:47:34.447Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-04T20:08:48.439Z",
+      "description": "Device attestation can often detect rooted devices.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56",
+      "created": "2017-10-25T14:48:53.738Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ",
+      "modified": "2022-04-01T13:51:48.934Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38447,7 +35435,2089 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438",
+      "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b",
+      "created": "2022-03-30T20:48:00.360Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
+      "modified": "2022-03-30T20:48:00.360Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06",
+      "created": "2020-09-11T16:22:03.269Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2",
+      "type": "relationship",
+      "created": "2020-09-11T15:53:38.453Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "modified": "2020-09-11T15:53:38.453Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can automatically reply to SMS messages, and optionally delete them.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.078Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.078Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.489Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.489Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e",
+      "created": "2020-12-14T15:02:35.291Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c",
+      "type": "relationship",
+      "created": "2019-07-16T14:33:12.117Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.643Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "modified": "2020-07-20T13:49:03.710Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33",
+      "type": "relationship",
+      "created": "2020-09-11T15:45:38.450Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:45:38.450Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab",
+      "created": "2022-04-11T20:06:38.811Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.",
+      "modified": "2022-04-11T20:06:38.811Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.340Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e",
+      "created": "2022-04-05T17:03:34.941Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:03:34.941Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632",
+      "created": "2019-08-07T15:57:13.441Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.173Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.294Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)",
+      "modified": "2022-04-15T15:59:32.511Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.394Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.394Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390",
+      "type": "relationship",
+      "created": "2019-08-09T18:08:07.109Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.109Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be",
+      "created": "2021-02-17T20:43:52.337Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted contact lists.(Citation: NYTimes-BackDoor)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745",
+      "created": "2022-03-30T17:54:56.603Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T17:54:56.603Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443",
+      "created": "2020-07-20T13:49:03.676Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2022-04-20T17:58:16.567Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414",
+      "created": "2019-10-18T14:50:57.521Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
+      "modified": "2022-03-30T20:08:17.127Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e",
+      "type": "relationship",
+      "created": "2019-09-03T20:08:00.757Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-09-15T15:35:33.380Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.495Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d",
+      "created": "2020-09-29T13:24:15.234Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39",
+      "created": "2020-12-14T15:02:35.294Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.519Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.519Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.273Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03",
+      "type": "relationship",
+      "created": "2020-11-10T16:50:39.134Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T15:40:36.387Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.021Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73",
+      "created": "2020-12-31T18:25:05.162Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.498Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--17558571-7352-470b-b728-0511fb3f699d",
+      "type": "relationship",
+      "created": "2019-10-18T15:51:48.484Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:02:13.534Z",
+      "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41",
+      "created": "2020-12-14T15:02:35.208Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)",
+      "modified": "2022-04-19T20:11:55.606Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb",
+      "created": "2020-12-14T14:52:03.184Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193",
+      "created": "2021-10-01T14:42:49.152Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f",
+      "created": "2020-06-24T18:24:35.707Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.597Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "source_name": "FortiGuard-FlexiSpy"
+        }
+      ],
+      "modified": "2019-09-10T14:59:25.979Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.897Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.897Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.093Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.093Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3",
+      "created": "2019-07-10T15:35:43.712Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78",
+      "type": "relationship",
+      "created": "2019-10-10T15:17:00.972Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "source_name": "FlexiSpy-Features"
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.666Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072",
+      "created": "2021-10-01T14:42:49.171Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-18T19:01:58.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435",
+      "created": "2022-04-05T19:51:08.770Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 12 Features",
+          "url": "https://developer.android.com/about/versions/12/features",
+          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
+      "modified": "2022-04-05T19:51:08.770Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d",
+      "created": "2019-07-10T15:35:43.658Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9",
+      "created": "2021-01-05T20:16:20.500Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb",
+      "created": "2020-09-11T16:22:03.294Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.820Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.820Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.469Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.469Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4",
+      "created": "2020-09-15T15:18:12.362Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394",
+      "created": "2021-02-08T16:36:20.639Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.210Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134",
+      "created": "2020-05-04T14:04:56.158Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47",
+      "created": "2022-04-01T17:08:41.293Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
+      "modified": "2022-04-01T17:08:41.293Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865",
+      "created": "2022-04-06T15:50:42.481Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:50:42.481Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd",
+      "type": "relationship",
+      "created": "2019-10-10T15:22:52.545Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+        }
+      ],
+      "modified": "2019-10-10T15:22:52.545Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80",
+      "type": "relationship",
+      "created": "2020-07-20T13:49:03.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.191Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d",
+      "created": "2020-12-24T21:45:56.969Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451",
+      "type": "relationship",
+      "created": "2019-10-10T15:03:27.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-10T15:03:27.682Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304",
+      "type": "relationship",
+      "created": "2019-10-10T15:27:22.091Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.091Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56",
+      "created": "2019-09-03T20:08:00.737Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:39:08.123Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.503Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.503Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78",
+      "created": "2020-10-29T19:21:23.215Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2022-04-19T20:11:03.972Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420",
+      "type": "relationship",
+      "created": "2021-01-20T16:01:19.409Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.409Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9",
+      "created": "2021-10-01T14:42:49.170Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276",
+      "type": "relationship",
+      "created": "2021-09-24T14:47:34.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-04T20:08:48.556Z",
+      "description": "Mobile security products can often detect rooted devices.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c",
+      "created": "2021-01-05T20:16:20.508Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect the device’s call logs.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.644Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.644Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.250Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.250Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.753Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.753Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.296Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.610Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213",
+      "created": "2022-04-20T17:31:58.697Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-20T17:31:58.697Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.509Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f5d24a31-53d2-4e84-9110-2da0582132cb",
+      "created": "2020-05-07T15:33:32.936Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440)’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)",
+      "modified": "2022-04-15T16:44:17.145Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.760Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.253Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.253Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.010Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.010Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19",
+      "created": "2020-09-24T15:26:15.607Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2022-04-20T17:48:38.013Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788",
+      "created": "2020-05-07T15:33:32.903Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828",
       "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
       "external_references": [
@@ -38459,12 +37529,12 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38472,81 +37542,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d",
       "type": "relationship",
-      "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca",
-      "created": "2022-04-06T13:22:57.754Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:22:57.754Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "created": "2020-10-29T19:21:23.235Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4449ac76-8329-4483-b152-99b990006cbc",
-      "created": "2019-09-04T15:38:56.937Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can collect a list of known Wi-Fi access points.(Citation: FlexiSpy-Features) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb",
-      "created": "2020-12-24T22:04:28.024Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--10560632-6449-4579-90eb-20fc46dcca08",
-      "created": "2020-10-29T19:21:23.200Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "WeLiveSecurity AdDisplayAshas",
@@ -38554,52 +37553,1092 @@
           "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
         }
       ],
+      "modified": "2020-10-29T19:21:23.235Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d",
+      "type": "relationship",
+      "created": "2020-01-21T15:30:39.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2020-01-21T15:30:39.335Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38",
+      "created": "2022-04-01T18:43:25.764Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
+      "modified": "2022-04-01T18:43:25.764Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409",
+      "created": "2020-06-26T15:32:25.146Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)",
+      "modified": "2022-04-20T16:37:46.192Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9",
+      "created": "2022-04-01T13:19:41.207Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:19:41.207Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.979Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T14:29:46.650Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.417Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354",
+      "type": "relationship",
+      "created": "2021-09-20T13:42:21.104Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-09-27T18:05:43.107Z",
+      "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.318Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.318Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) modifies the system partition to maintain persistence.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-15T16:01:53.756Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3",
+      "created": "2020-12-18T20:14:47.316Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
       "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "aliases": [
-        "Dark Caracal"
-      ],
-      "x_mitre_domains": [
-        "mobile-attack",
-        "enterprise-attack"
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "type": "intrusion-set",
-      "created": "2018-10-17T00:14:20.652Z",
+      "type": "relationship",
+      "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb",
+      "created": "2022-03-30T14:06:01.859Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T14:06:01.859Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4088b31b-d542-4935-84b4-82b592159591",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0070",
-          "external_id": "G0070"
-        },
-        {
-          "source_name": "Dark Caracal",
-          "description": "(Citation: Lookout Dark Caracal Jan 2018)"
-        },
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-10-10T15:22:52.591Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.708Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
         {
           "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
           "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
           "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "modified": "2021-10-11T19:08:18.503Z",
-      "name": "Dark Caracal",
-      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)",
-      "x_mitre_version": "1.3",
+      "modified": "2019-08-09T18:06:11.797Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c",
+      "created": "2017-10-25T14:48:53.747Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ",
+      "modified": "2022-03-30T20:32:46.334Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.213Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.213Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e",
+      "created": "2021-02-08T16:36:20.630Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.483Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.688Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.501Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.492Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.655Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.410Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.946Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.136Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046",
+      "created": "2022-04-05T17:14:35.469Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:35.469Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4",
+      "created": "2022-03-28T19:30:27.364Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.",
+      "modified": "2022-03-28T19:30:27.364Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63",
+      "type": "relationship",
+      "created": "2020-05-07T15:24:49.530Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-05-27T13:23:34.536Z",
+      "description": "Security updates frequently contain patches to vulnerabilities.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.237Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.237Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476",
+      "created": "2022-03-31T19:51:15.415Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Package Visibility",
+          "url": "https://developer.android.com/training/package-visibility",
+          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
+      "modified": "2022-04-11T19:19:34.658Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-10-15T19:27:27.997Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-10-15T19:37:21.273Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--77efa84c-5ef0-4554-b774-2dbfcca74087",
+      "type": "relationship",
+      "created": "2020-10-29T19:20:58.116Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:20:58.116Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.941Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.589Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af",
+      "created": "2022-04-01T15:29:36.082Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications",
+      "modified": "2022-04-01T15:29:36.082Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2",
+      "created": "2022-04-08T16:29:55.322Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-08T16:29:55.322Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
+      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69",
+      "created": "2019-10-14T19:14:18.673Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Group IB Gustuff Mar 2019",
+          "url": "https://www.group-ib.com/blog/gustuff",
+          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7c6207c7-d738-4a17-8380-595c86574b64",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.298Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.298Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can track the device’s location.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.623Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.568Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.319Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.319Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a",
+      "created": "2020-07-27T14:14:56.996Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.316Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.316Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.699Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.839Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195",
+      "created": "2019-10-18T14:50:57.473Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "OS security updates typically contain exploit patches when disclosed.",
+      "modified": "2022-03-28T19:20:44.337Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014",
+      "type": "relationship",
+      "created": "2019-08-05T13:22:03.917Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.873Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2022-04-15T16:03:04.364Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f",
+      "created": "2022-04-01T18:49:19.284Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.",
+      "modified": "2022-04-01T18:49:19.284Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-09-30T21:05:22.490Z",
+      "name": "Operation Dust Storm",
+      "description": "[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm)\n\n[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)",
+      "aliases": [
+        "Operation Dust Storm"
+      ],
+      "first_seen": "2010-01-01T07:00:00.000Z",
+      "last_seen": "2016-02-01T06:00:00.000Z",
+      "x_mitre_first_seen_citation": "(Citation: Cylance Dust Storm)",
+      "x_mitre_last_seen_citation": "(Citation: Cylance Dust Storm)",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "type": "campaign",
+      "id": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "created": "2022-09-29T20:00:38.136Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/campaigns/C0016",
+          "external_id": "C0016"
+        },
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.0.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_domains": [
+        "mobile-attack",
+        "enterprise-attack"
+      ]
+    },
+    {
+      "aliases": [
+        "Bouncing Golf"
+      ],
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "type": "intrusion-set",
+      "created": "2020-01-27T16:55:39.688Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "external_id": "G0097",
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G0097"
+        },
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "modified": "2020-03-26T20:58:44.722Z",
+      "name": "Bouncing Golf",
+      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -38608,8 +38647,8 @@
         "Bahamut"
       ],
       "x_mitre_domains": [
-        "mobile-attack",
-        "enterprise-attack"
+        "enterprise-attack",
+        "mobile-attack"
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -38650,202 +38689,6 @@
       "x_mitre_version": "1.1",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "modified": "2022-10-12T20:11:40.313Z",
-      "name": "Sandworm Team",
-      "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
-      "aliases": [
-        "Sandworm Team",
-        "ELECTRUM",
-        "Telebots",
-        "IRON VIKING",
-        "BlackEnergy (Group)",
-        "Quedagh",
-        "Voodoo Bear"
-      ],
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "2.2",
-      "x_mitre_contributors": [
-        "Dragos Threat Intelligence"
-      ],
-      "type": "intrusion-set",
-      "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
-      "created": "2017-05-31T21:32:04.588Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0034",
-          "external_id": "G0034"
-        },
-        {
-          "source_name": "Voodoo Bear",
-          "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "ELECTRUM",
-          "description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "Sandworm Team",
-          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "Quedagh",
-          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "BlackEnergy (Group)",
-          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "Telebots",
-          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "IRON VIKING",
-          "description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
-        },
-        {
-          "source_name": "US District Court Indictment GRU Oct 2018",
-          "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.",
-          "url": "https://www.justice.gov/opa/page/file/1098481/download"
-        },
-        {
-          "source_name": "Dragos ELECTRUM",
-          "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.",
-          "url": "https://www.dragos.com/resource/electrum/"
-        },
-        {
-          "source_name": "F-Secure BlackEnergy 2014",
-          "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.",
-          "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf"
-        },
-        {
-          "source_name": "iSIGHT Sandworm 2014",
-          "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html"
-        },
-        {
-          "source_name": "CrowdStrike VOODOO BEAR",
-          "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.",
-          "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
-        },
-        {
-          "source_name": "InfoSecurity Sandworm Oct 2014",
-          "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.",
-          "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/"
-        },
-        {
-          "source_name": "NCSC Sandworm Feb 2020",
-          "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.",
-          "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory"
-        },
-        {
-          "source_name": "USDOJ Sandworm Feb 2020",
-          "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.",
-          "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html"
-        },
-        {
-          "source_name": "US District Court Indictment GRU Unit 74455 October 2020",
-          "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.",
-          "url": "https://www.justice.gov/opa/press-release/file/1328521/download"
-        },
-        {
-          "source_name": "Secureworks IRON VIKING ",
-          "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.",
-          "url": "https://www.secureworks.com/research/threat-profiles/iron-viking"
-        },
-        {
-          "source_name": "UK NCSC Olympic Attacks October 2020",
-          "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.",
-          "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_domains": [
-        "enterprise-attack",
-        "ics-attack",
-        "mobile-attack"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "aliases": [
-        "Bouncing Golf"
-      ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
-      "type": "intrusion-set",
-      "created": "2020-01-27T16:55:39.688Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "external_id": "G0097",
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0097"
-        },
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
-        }
-      ],
-      "modified": "2020-03-26T20:58:44.722Z",
-      "name": "Bouncing Golf",
-      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-09-30T21:05:22.490Z",
-      "name": "Operation Dust Storm",
-      "description": "[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm)\n\n[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)",
-      "aliases": [
-        "Operation Dust Storm"
-      ],
-      "first_seen": "2010-01-01T07:00:00.000Z",
-      "last_seen": "2016-02-01T06:00:00.000Z",
-      "x_mitre_first_seen_citation": "(Citation: Cylance Dust Storm)",
-      "x_mitre_last_seen_citation": "(Citation: Cylance Dust Storm)",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "type": "campaign",
-      "id": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "created": "2022-09-29T20:00:38.136Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/campaigns/C0016",
-          "external_id": "C0016"
-        },
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.0.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_domains": [
-        "enterprise-attack",
-        "mobile-attack"
-      ]
-    },
     {
       "modified": "2022-10-17T19:51:56.531Z",
       "name": "Earth Lusca",
@@ -38892,6 +38735,43 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "aliases": [
+        "Dark Caracal"
+      ],
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "type": "intrusion-set",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G0070",
+          "external_id": "G0070"
+        },
+        {
+          "source_name": "Dark Caracal",
+          "description": "(Citation: Lookout Dark Caracal Jan 2018)"
+        },
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2021-10-11T19:08:18.503Z",
+      "name": "Dark Caracal",
+      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)",
+      "x_mitre_version": "1.3",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "aliases": [
         "APT28",
@@ -39110,6 +38990,130 @@
       "x_mitre_version": "4.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2022-10-12T20:11:40.313Z",
+      "name": "Sandworm Team",
+      "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
+      "aliases": [
+        "Sandworm Team",
+        "ELECTRUM",
+        "Telebots",
+        "IRON VIKING",
+        "BlackEnergy (Group)",
+        "Quedagh",
+        "Voodoo Bear"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "2.2",
+      "x_mitre_contributors": [
+        "Dragos Threat Intelligence"
+      ],
+      "type": "intrusion-set",
+      "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
+      "created": "2017-05-31T21:32:04.588Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G0034",
+          "external_id": "G0034"
+        },
+        {
+          "source_name": "Voodoo Bear",
+          "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "ELECTRUM",
+          "description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "Sandworm Team",
+          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "Quedagh",
+          "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "BlackEnergy (Group)",
+          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "Telebots",
+          "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "IRON VIKING",
+          "description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)"
+        },
+        {
+          "source_name": "US District Court Indictment GRU Oct 2018",
+          "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.",
+          "url": "https://www.justice.gov/opa/page/file/1098481/download"
+        },
+        {
+          "source_name": "Dragos ELECTRUM",
+          "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.",
+          "url": "https://www.dragos.com/resource/electrum/"
+        },
+        {
+          "source_name": "F-Secure BlackEnergy 2014",
+          "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.",
+          "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf"
+        },
+        {
+          "source_name": "iSIGHT Sandworm 2014",
+          "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html"
+        },
+        {
+          "source_name": "CrowdStrike VOODOO BEAR",
+          "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.",
+          "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/"
+        },
+        {
+          "source_name": "InfoSecurity Sandworm Oct 2014",
+          "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.",
+          "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/"
+        },
+        {
+          "source_name": "NCSC Sandworm Feb 2020",
+          "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.",
+          "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory"
+        },
+        {
+          "source_name": "USDOJ Sandworm Feb 2020",
+          "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.",
+          "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html"
+        },
+        {
+          "source_name": "US District Court Indictment GRU Unit 74455 October 2020",
+          "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.",
+          "url": "https://www.justice.gov/opa/press-release/file/1328521/download"
+        },
+        {
+          "source_name": "Secureworks IRON VIKING ",
+          "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.",
+          "url": "https://www.secureworks.com/research/threat-profiles/iron-viking"
+        },
+        {
+          "source_name": "UK NCSC Olympic Attacks October 2020",
+          "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.",
+          "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "ics-attack",
+        "mobile-attack"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
diff --git a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
index a02db239d3..48c3d43147 100644
--- a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
+++ b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8be966c2-e3c9-4d35-9f97-a070aac6c154",
+    "id": "bundle--367a0f85-0708-4088-a458-385130aa7bb0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
index 65eac3fcdd..a3c0adc8e6 100644
--- a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
+++ b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4fb1d9c-5467-4eaf-8e94-de8c25411945",
+    "id": "bundle--4acdbd84-b8db-4d67-b3f7-076ee0ecb058",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
index 1161b30c0f..2531172707 100644
--- a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
+++ b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7ed8896-7399-46f5-a19f-746b1e9e52f8",
+    "id": "bundle--31ad5211-625e-4897-a02c-21d5eee8a0e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
index d3ee993403..0f29979d28 100644
--- a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
+++ b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fa2792b-93bb-498f-8fa8-24630faaf7a0",
+    "id": "bundle--01030959-d4c9-40ac-96db-5b54d46e4574",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
index 6435532f46..f2a463991a 100644
--- a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
+++ b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e91d05e9-18f1-4270-9aa8-fa52ee81ae2b",
+    "id": "bundle--1eab472e-d915-4365-9c8d-093166e5cfab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
index ec9d87e94b..cdf2073fb1 100644
--- a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
+++ b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7d2e304-c8e2-40b5-b741-c505d3f70c82",
+    "id": "bundle--1342f483-14b4-48f6-a7ef-8039acf3b01d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
index fea44c8367..67ab7c7e21 100644
--- a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
+++ b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6edb3c35-8fd9-4ef9-a315-92c78cfa0f7f",
+    "id": "bundle--72e7aec4-73b7-4478-8ff3-925ef290324a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
index db33c1abc1..419d533f1c 100644
--- a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
+++ b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a57982d-76a2-4e14-8417-33a39f3b87d9",
+    "id": "bundle--b226f792-97e6-45f5-bb2e-2e3695ee70fe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
index 7ed9e1ee85..5b27aaba0e 100644
--- a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
+++ b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--490c0ea2-43cc-4a25-8ab1-a354cd028c58",
+    "id": "bundle--c9f8bc9a-5971-446b-a248-09c66d6b4c68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
index 78457cbc4b..f523e3d083 100644
--- a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
+++ b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--037786a0-f63d-4352-8e0d-074548a6556c",
+    "id": "bundle--43aefc77-003b-47da-bbff-9cac5e93ef1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
index 2ab4384a45..afc5e16e4f 100644
--- a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
+++ b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc53592d-d115-4bd4-93ed-29cb34686961",
+    "id": "bundle--4c105fa8-2d44-4b98-8455-8be5d6f9215a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
index 86240c1f2b..9fb4dab4d9 100644
--- a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
+++ b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fbcb20d-2716-4c1a-a2c4-8ab1a5d01530",
+    "id": "bundle--5b5333e6-c8ca-4f78-8736-c08e4680725c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
index e6792189c0..a041cf4d3c 100644
--- a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
+++ b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--467203e0-5040-4d76-ae92-d6d66822d51d",
+    "id": "bundle--d5a3e41b-d6df-43de-8c3d-ffcfb16a8ba3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
index 067d820256..400ddf6caf 100644
--- a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
+++ b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3187c5b-b815-4069-9bd3-59b711514331",
+    "id": "bundle--53c4920a-2ef8-410d-8629-9eccc510de88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
index 0f7fcb4b3a..38a48b302a 100644
--- a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
+++ b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9738627-411a-4cbf-b6de-2c4206cdc9aa",
+    "id": "bundle--0b11717a-afbf-4599-b484-da6797dc0253",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
index 2598f92d5e..96236dd86e 100644
--- a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
+++ b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f272fd0-c862-4cfe-9526-df161ce016cf",
+    "id": "bundle--05c7a761-ee1c-4532-bc98-8b39b63f8f2d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
index ad12f06ef9..5d87fe8e90 100644
--- a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
+++ b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4cba1b5-23ee-44ec-8636-c154a978f8b1",
+    "id": "bundle--5d401e70-c772-4d73-b2ad-c588361dc4b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
index a91e35b178..9e2e05c792 100644
--- a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
+++ b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e51a17ca-13eb-4c8d-b878-48d80e59e6cf",
+    "id": "bundle--61ec87ed-1c63-4a31-96d4-8130ff733d3e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
index 2197a7fe08..88420e6e65 100644
--- a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
+++ b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb4d8024-ef35-4748-9fdf-156e58680d16",
+    "id": "bundle--0a6f0b69-d194-41fa-a517-8d1f4c11cbfe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
index 68c10f711e..dc50bf4d97 100644
--- a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
+++ b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a0a12c0-c8d5-4d81-8180-3ab35c677719",
+    "id": "bundle--bf8b7188-2c1d-4bbb-b955-3babd3ca5820",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
index e05b1be77d..21adfbb641 100644
--- a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
+++ b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd7b4d06-ff82-4d9e-9097-a3c8ed50755b",
+    "id": "bundle--4c08f301-322f-4527-b484-16bb8450bf17",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
index 73c2264015..beb39a047b 100644
--- a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
+++ b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbc460d4-1a3e-4dea-b092-4bf97cbc2ae7",
+    "id": "bundle--5559f28f-4003-4a3d-877c-d0b56f28fd0a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
index 990a50a81d..765e273a66 100644
--- a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
+++ b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f64a7c0-7c65-4363-83e2-0fe40a0f82b4",
+    "id": "bundle--01c6fac2-4260-42cd-b03f-b5d6fba602cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
index 61ff6a3ec9..c831c6d154 100644
--- a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
+++ b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53e7f068-8f20-4e95-9eb4-e9a579d3a3b7",
+    "id": "bundle--f01b4dc3-d232-4fa9-86a9-51c66ba20769",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
index 3e003f93d1..d132a8de9f 100644
--- a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
+++ b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d926635d-617a-423d-a1ea-60dfc7e79499",
+    "id": "bundle--17dbc08b-c6f7-4e16-a89b-c769df497500",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
index 3aeb7d966b..834b6e1601 100644
--- a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
+++ b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--caf09945-8a00-4ade-9490-cc76589b000a",
+    "id": "bundle--0ca20513-dcb1-4230-a98b-a7b0fc792ee9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
index 45157f68e4..9e580e3182 100644
--- a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
+++ b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d1bc4b5-cca3-4795-bdf9-ff8b47ee0911",
+    "id": "bundle--a2c3019f-a019-4d2a-9352-fb0b967a6103",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
index b96eb10e7a..9188e54e0e 100644
--- a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
+++ b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63bda14f-44db-4b10-b374-3f167b08575b",
+    "id": "bundle--b8da0d5e-9bdf-4009-bcaa-d5558e8cd180",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
index cd3ddfc765..fdb1f27d90 100644
--- a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
+++ b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--591236a5-3737-4d08-b941-5d181e4cbd54",
+    "id": "bundle--f08f1481-85d3-4f4c-8d3b-ecc39b13d866",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
index 713d55000b..5a3ded4cc3 100644
--- a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
+++ b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0580f846-3a7b-4e19-96d2-3034cde2c438",
+    "id": "bundle--d0459640-2531-4653-9860-dd17ff6d30aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
index aeff38ba15..1098b29d2e 100644
--- a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
+++ b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c58f9674-3bec-4884-aedc-96e602241fd1",
+    "id": "bundle--88c66bc9-3548-45fc-bc4b-2c704ce06363",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
index 7de37140b8..1fd3a39b77 100644
--- a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
+++ b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5814d6f1-28fa-432a-bfff-9167b7c0b868",
+    "id": "bundle--ff8f77ba-496e-4173-a4fc-d3b040c1e397",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
index cf696063bd..d29a8ed95b 100644
--- a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
+++ b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2efd8f4a-370d-4c75-be60-871b2e6d8b5b",
+    "id": "bundle--ba5e016d-9b84-4d96-b512-0963ff45ecba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
index 40a41e90d7..fe7cc627c7 100644
--- a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
+++ b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d6b007f-31b1-4572-afe0-af41889fada0",
+    "id": "bundle--00c835e4-48e0-40e8-95d2-debd905db689",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
index b91689dd5e..36cde64e66 100644
--- a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
+++ b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b990fc74-7759-4661-85b5-da271c40dfe7",
+    "id": "bundle--12b0cd5a-fbc7-4118-b402-b3033d39f158",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
index 7fa10f3008..071e2f2e6b 100644
--- a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
+++ b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--48080f8d-b9f9-4f72-aad3-f9a648aeacf9",
+    "id": "bundle--1891394c-b162-447d-a9be-d80889ca78a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
index 32905a6783..e5a9a56982 100644
--- a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
+++ b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--924c85a2-c791-4087-a567-18ba5bf4ebaf",
+    "id": "bundle--6161f39e-9561-4f27-ae0e-ab433975755c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
index c38ef0c437..690c1a0b7b 100644
--- a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
+++ b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b2c8080-02f9-4f2a-a6d1-accfb2396d16",
+    "id": "bundle--c356c351-0075-497e-8d63-f4d89e30c42e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
index 6a32c8c143..ff2c554f92 100644
--- a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
+++ b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34ef50f5-a743-4797-9ab6-a976244c96fb",
+    "id": "bundle--0d738005-ca74-4449-b166-ff8a0a3780b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
index fb4363d739..da02f64c21 100644
--- a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
+++ b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d46e192-12b1-4e82-85e4-f2d424d0057e",
+    "id": "bundle--ddbd954b-20f2-4811-b17c-62c147d6f402",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
index 809c8c93d2..929d621673 100644
--- a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
+++ b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a80f096-ca5f-4516-b821-a542509abd8b",
+    "id": "bundle--c5bff621-a279-40a8-a085-10c6b24fddd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
index 424dca5196..692cbeff8c 100644
--- a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
+++ b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf21385a-85e5-47df-a086-021100ede190",
+    "id": "bundle--d2bb2e29-b8ae-4232-93ee-36e3229264b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
index f3d01974ff..805c2af14f 100644
--- a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
+++ b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f6a340a7-8145-4622-bc93-5c7e6a3c9b6d",
+    "id": "bundle--4018d4d3-0f56-4ed1-bdaf-807ac5dca084",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
index dfad08831a..5fa6853717 100644
--- a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
+++ b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9b89437c-20fd-4e42-b08c-5339074c4a03",
+    "id": "bundle--a4ad8b6d-9654-462b-88b0-997b6b648bd3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
index f35f3ea476..91f98a37c5 100644
--- a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
+++ b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31bb0595-c312-4f61-959d-e328aaaeabff",
+    "id": "bundle--9db51699-afdc-4455-8c87-5d5e48c88ae6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
index 8c041e0c85..09ab5d4dd3 100644
--- a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
+++ b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c1d016c-8350-48b4-b1a3-462581da6245",
+    "id": "bundle--2b47a021-43b9-45dc-9805-481dc9d92909",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
index a4d78ca1d5..251d9309c5 100644
--- a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
+++ b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95eea8f7-17c2-4fcf-a61f-e0b780b75b7c",
+    "id": "bundle--bb8754ec-ee70-40ba-b8f0-04d6a45a2921",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
index 4c16b70fd8..81e489c803 100644
--- a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
+++ b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0d6746f-1b1c-438c-80e0-598ddd734a5a",
+    "id": "bundle--c053e4ea-0194-448a-95e9-8bb5d558e61d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
index 5688594f2e..6db233eec6 100644
--- a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
+++ b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c10daeaa-369c-47c6-8c08-11342b809430",
+    "id": "bundle--1f49ff89-cde6-4335-a756-d9029968fa5c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
index 5ece5cf99d..f7c0d256ab 100644
--- a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
+++ b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--549f26ee-c7a6-46e1-8f30-f16b1972db72",
+    "id": "bundle--147b1ba3-541f-4737-9d7b-ced153bd3ab7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
index 7896e162ff..eed04dae43 100644
--- a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
+++ b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da249b2e-5664-47d5-ba34-7936fa94ad81",
+    "id": "bundle--d2074dec-b005-4d41-9563-56531c5575ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
index 915d514d5d..57cff9ba72 100644
--- a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
+++ b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7dfb909-d0cb-409f-bfff-50ed70cc40f3",
+    "id": "bundle--0ab113cf-7606-401b-8526-c761492bc500",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
index 017f97f2dc..c169c387db 100644
--- a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
+++ b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27416cf6-19b0-4cbd-88c1-72672fbf3601",
+    "id": "bundle--a1730167-6bcd-4bf5-ae3f-9d2dbddeaa3a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
index a4de657492..d8e9bdcf8d 100644
--- a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
+++ b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8c4a41b-e495-4f0b-b689-4faf7d835ea5",
+    "id": "bundle--c6f83065-1275-4c9f-97f5-713b6ab162b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
index f07e5666cc..4f164ad574 100644
--- a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
+++ b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c6cdf3c-fbad-44a1-ba45-2d4760a7815c",
+    "id": "bundle--30d2758c-08f5-4a32-bb38-efe404144593",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
index 94c4cb93fc..58eaea8944 100644
--- a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
+++ b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d4c44220-ba59-4abf-9228-0ca3ca5b59b1",
+    "id": "bundle--d8a00ded-c016-4748-80ce-9eac49c6306f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
index 872a4ac4ac..b31c82b5b5 100644
--- a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
+++ b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--74d4a2a8-458c-4558-984a-f699d1c01777",
+    "id": "bundle--abf9ebc2-dd34-4834-b8e3-b2d04b7584b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
index efa1ede2f1..e70c529daa 100644
--- a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
+++ b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9b52a76f-7f07-4c52-b4bb-b524d45137cd",
+    "id": "bundle--b5f0add5-06ab-43f2-bb47-46a08666a59b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
index 2d193264d6..5cae04646f 100644
--- a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
+++ b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab121a9d-22e2-4c51-9aa3-5bf058b53976",
+    "id": "bundle--659df868-7156-4d62-b5b6-bdd83bea36de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
index 1c95ac96ec..7cf5d181b3 100644
--- a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
+++ b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03b95e89-fd80-40f5-a052-54bd52932a48",
+    "id": "bundle--7f1c0a4a-f425-480c-b372-a2c161aa33d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
index 9cd94e5d17..33fc37049e 100644
--- a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
+++ b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2655d80-c439-42b3-a0af-81ad8c217b2c",
+    "id": "bundle--5fed6230-2881-4690-9f91-5dad5fb4a1f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
index 5f8b042536..109a6da125 100644
--- a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
+++ b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b77461b9-8aed-4c72-98ff-246d3cb70f72",
+    "id": "bundle--7b9118fa-7cf4-4c03-b822-8304897d89ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
index eeafe5e726..01cd213bfb 100644
--- a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
+++ b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af3ef4b6-ccd5-4837-b9d6-e50da25b8536",
+    "id": "bundle--655f9812-d293-4b33-9be3-8351b1d6924b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
index e80ecc5727..5cc43ee012 100644
--- a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
+++ b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--793c42ce-68c2-4759-b4e8-ff73b311ccc4",
+    "id": "bundle--3b784bb0-f831-412a-ad95-319ddba08fcd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
index 5b78203a7c..4baf33a181 100644
--- a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
+++ b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ed868a9-8ce9-44c1-9580-fef18c262756",
+    "id": "bundle--63729bcf-1137-458d-a687-d2463068c81d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
index a53aaebcc3..f8c590246b 100644
--- a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
+++ b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebf1f36e-7ed1-421f-bab5-d5232b16fa3d",
+    "id": "bundle--03118783-ac21-4840-a0a1-e9090e13f8ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
index a75cf31133..cc871bad3f 100644
--- a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
+++ b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d821b209-b743-40ce-9505-80826753ff58",
+    "id": "bundle--4d52b74a-e229-4d31-98ef-2dd53cb5c688",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
index a3857005dd..2b691efa76 100644
--- a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
+++ b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--48bb1af5-e0a8-41e5-8fdd-c9c1825965a4",
+    "id": "bundle--7edaedd6-6308-49f5-b39e-81bb17980400",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
index 3c1f56f34f..a6e1f5db4f 100644
--- a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
+++ b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de08fa3a-f107-4c0a-8cc8-0081dadad564",
+    "id": "bundle--bf5ad62a-e79c-4422-ae63-9c8782750734",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
index b806bf2b49..0087418fef 100644
--- a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
+++ b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--602994a4-74f6-41f0-b1ff-b7404742daf8",
+    "id": "bundle--63bfd409-e158-42d8-94a4-72bda51c8999",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
index 96d463ea21..fc24cdf1b4 100644
--- a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
+++ b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff67e19e-e3ca-4c14-a213-c3dbbe066abe",
+    "id": "bundle--d7fb43a1-d310-41cf-a501-4593b5620c64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
index 6c4556f442..56bb28f003 100644
--- a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
+++ b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13214733-59fd-48ff-9f4e-cd496ae68e14",
+    "id": "bundle--ff032f81-2498-4cac-b277-913a33e88300",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
index 0461988b13..8f3e6055c1 100644
--- a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
+++ b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f27bed5-2111-47ec-bf33-2b640407ebd3",
+    "id": "bundle--a353eb79-d4b5-4309-9f9a-b09329821aba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
index 18fa286bac..25e1691812 100644
--- a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
+++ b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a32023b-76e5-49ad-a11f-c7ca679c9795",
+    "id": "bundle--caa3e728-212c-4778-b242-12b721f50330",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
index 290f0a7224..04e1e267f7 100644
--- a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
+++ b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--061eb9f4-9656-44e5-aa36-15ba503d13fc",
+    "id": "bundle--a0b82dba-6522-4e66-88af-de51f59388b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
index bcd87bde40..0eb1edd813 100644
--- a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
+++ b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a574f7b-7a05-48fc-97b7-d97ea488323e",
+    "id": "bundle--2f8898a8-b6d5-41d9-812d-75da1216bb90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
index a1fdcfe911..2e9d4ef843 100644
--- a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
+++ b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d488c196-af2a-4290-9dbb-a856a340f14c",
+    "id": "bundle--fba88a33-23eb-49a9-bd9f-735e9a454635",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
index 8cb18fe8a8..d1661abe01 100644
--- a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
+++ b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d89b0fd6-9a12-4510-8708-c2704bbdcd5d",
+    "id": "bundle--e69b9f80-95f0-450c-830e-76132d451327",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
index ff395a464d..77e3cd5dc2 100644
--- a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
+++ b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16f73c1f-2b5e-483b-84aa-02d69a151f24",
+    "id": "bundle--bc85d7b3-96b3-4d2e-b036-ab6ba2c44a9b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
index 7d6666effc..eb916390dd 100644
--- a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
+++ b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b122311-d394-4d55-8afc-20c397549798",
+    "id": "bundle--3ddd3817-a452-4371-ad78-6bcd412ca067",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
index 16882179a7..efd8d298eb 100644
--- a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
+++ b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e224982-fac7-45c4-93db-e8b3661db956",
+    "id": "bundle--bdd2f4ca-cbfe-4828-a71b-b6585269e287",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
index 82b73316f1..44ffab47dc 100644
--- a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
+++ b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4f92e11-b616-447c-a0e1-e485897c8c73",
+    "id": "bundle--5835bfe1-4c87-4555-b237-ace9ac63458f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
index cd71eecce0..58933c3a85 100644
--- a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
+++ b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d90e514d-b9a3-48b0-8112-06261cb94f8c",
+    "id": "bundle--a97b9af4-471d-4907-ab83-8ef652c9598d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
index 901723df64..91f21bcadf 100644
--- a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
+++ b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b492bcbf-b2a4-4b28-9c4b-9ec9b6864cb0",
+    "id": "bundle--b6e6690d-33e5-449e-8137-d9a920297230",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
index b37f05f10d..244c18ede3 100644
--- a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
+++ b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b872647-bf2a-4323-80f1-75a4cf416ce4",
+    "id": "bundle--a69f7e7d-c1a4-45a7-b862-68ff5d7069ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
index 53bc32c901..4e2a14c0ec 100644
--- a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
+++ b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba74f580-3e6d-4326-aa18-b0ba66e3390f",
+    "id": "bundle--59ceaf78-aa08-480a-931c-cb5d18cf59f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
index 5590600ea7..791c34ce2e 100644
--- a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
+++ b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0bbb39a0-26f7-4386-9945-01247b76e7d2",
+    "id": "bundle--45787fdb-9e18-4dbb-b968-286247c56ca3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
index b66ff63360..f6c1dca8cc 100644
--- a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
+++ b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--75601738-7e31-47a9-84a0-540b67cecf6b",
+    "id": "bundle--0aa30741-5c1e-4486-9e83-e398a2572738",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
index 260d7c94e5..12fc4cfaed 100644
--- a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
+++ b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3c3b430-e30d-4c95-b660-1af60969d8aa",
+    "id": "bundle--0387f739-9190-4b63-bd16-519251d1108e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
index 2e58344655..575ee522d7 100644
--- a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
+++ b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94fd2986-3d04-4590-959a-0dda2a998d2a",
+    "id": "bundle--85d90c9e-dd68-4b26-9256-0056abdef12c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
index ba66a8362d..a617935910 100644
--- a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
+++ b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6631c07-496a-49ff-a670-c7e4be865a10",
+    "id": "bundle--79780128-04fe-438f-9267-176c2c6b4e45",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
index 7e220836bf..0a8bdb2c33 100644
--- a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
+++ b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--449ea918-defa-4115-b3a1-8889e807bb6e",
+    "id": "bundle--403ff13f-e37c-4095-b247-8afdf274e905",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
index 50a20b1d49..673834aab9 100644
--- a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
+++ b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca1bf16d-6121-4de9-9f14-8df38bb58f99",
+    "id": "bundle--1639a55d-4a15-4683-b76b-87577eec1395",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
index cb462de457..dfe8ca3dcf 100644
--- a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
+++ b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--893c887b-7465-4003-a34c-f848086c3702",
+    "id": "bundle--a503edb2-1286-45c6-bc30-31d42586a4f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
index 8cbe31aa5b..dc3b031f14 100644
--- a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
+++ b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de5d1e54-fa1a-47bc-b060-0a74f6e6be9b",
+    "id": "bundle--e2b6379e-0a02-4fb9-8f5c-b21f58d1eb3b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
index 564d11a7f2..916c55cb23 100644
--- a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
+++ b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d49652cf-808b-4c96-973d-f3a0059e92c2",
+    "id": "bundle--56ea2a40-2978-4dc4-8da8-0930a6f6de05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
index c3f7d280c0..36b3149ca4 100644
--- a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
+++ b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eeee96d6-5779-48f8-83ca-3d1dfb926551",
+    "id": "bundle--7b686187-385f-46bf-8380-5029d080f124",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
index a9274ce8e6..ed102d14b0 100644
--- a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
+++ b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e10045b-af43-48e6-9f46-7887e87cc5dc",
+    "id": "bundle--022b36e9-9a11-40c2-8452-e0dc2cf89f79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
index 309bbe8df6..64d9920d71 100644
--- a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
+++ b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0677072-0b4d-4210-81f2-da816628bf7e",
+    "id": "bundle--06e56129-d5e1-48f0-96e0-b8a2f23cc7de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
index f740830a91..539b78cc79 100644
--- a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
+++ b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22a28503-4875-4514-b516-6981951aef4c",
+    "id": "bundle--91d1a9ff-eb27-4526-a662-3aedc325e62b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
index d809070c74..e503b3d125 100644
--- a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
+++ b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--493fa4cf-2efa-4eab-b42f-c86f308c5b9b",
+    "id": "bundle--31d55c4b-8882-4127-8b84-aa8a069b1500",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
index f9d2ebf56c..9d1f711b8e 100644
--- a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
+++ b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--222f319e-a8a8-45e9-ae14-80358f4100da",
+    "id": "bundle--227f6ef8-05f9-47c8-878c-32dc9ed8cfdf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
index 76b5cfc7c8..ec94eecca0 100644
--- a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
+++ b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--118ecaff-10ec-47a2-bba1-6920bd4380c2",
+    "id": "bundle--5531ce74-6b4e-45e6-9917-8c3e4d6e3160",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
index e320dd47b2..42a7b58406 100644
--- a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
+++ b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ebf8b22-2a95-48f2-bff4-431bacf40388",
+    "id": "bundle--05b57218-a88c-45ac-afdd-6972e0968181",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
index c65505ce2d..1862eb890b 100644
--- a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
+++ b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8369e380-5fdc-46e8-a8a3-6fcfedf4d787",
+    "id": "bundle--38c7d81b-7eb6-4dc4-9ceb-897cf57d2e52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
index e9763c8e3a..91dc44ef17 100644
--- a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
+++ b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15a0f9ce-d647-4334-baa5-c565525da8cb",
+    "id": "bundle--ea876704-4bc5-4190-b97d-9c02963ac202",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
index 1b3e88d496..c850f2a65b 100644
--- a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
+++ b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--484db61b-f3ec-42c1-8677-7f5eebfc8bcf",
+    "id": "bundle--6ddb62fc-5d52-49b8-bb30-c92fa4104cbb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
index 4d7c3c48bd..d00f1b81be 100644
--- a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
+++ b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1c4afab-926f-4d64-8300-6ccc188a3768",
+    "id": "bundle--d160ba99-a458-403c-9b10-a02fd9730ea5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
index 80fd209df3..56ab45acee 100644
--- a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
+++ b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7bd4eb7a-f51e-4431-aaf0-a8595748b1c3",
+    "id": "bundle--4d8d8d75-d56a-4988-bf4c-3bf245de2218",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
index 93bcaeec4e..2208a2e49d 100644
--- a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
+++ b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--114db05f-fcff-4ddb-90eb-e41ece86f528",
+    "id": "bundle--c8944382-8676-4756-a499-727a2cbb40b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
index 439e6edcee..0c1e891894 100644
--- a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
+++ b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8855b9b-ae26-41a6-ae2f-5487896413ea",
+    "id": "bundle--cbf50cfe-20c2-49a3-8744-9e22c82fcb11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
index e37685c20e..30f6a4ae87 100644
--- a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
+++ b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b316a92-7c92-4181-8caa-b57417ae6fe4",
+    "id": "bundle--6fc6c3e4-a060-4c0d-8b4d-619c793f1d41",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
index f7c7bee49c..d4ea0cb10c 100644
--- a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
+++ b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--82dec53e-cbb8-431c-a136-0104fd872f4a",
+    "id": "bundle--aba1c053-1724-4723-a5fc-a2dda4a26778",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
index d2f3e99a3e..ef7a4b0a8b 100644
--- a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
+++ b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc4e9291-6af0-4fa0-a4cc-07e457f6d14c",
+    "id": "bundle--c6f6f994-4b51-4f34-9650-d3b3b3b070a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
index b9b3f1cf70..f648d434e3 100644
--- a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
+++ b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a8abcb7-f561-4192-bdc9-c4b973390d26",
+    "id": "bundle--3d13f361-3721-4b07-b905-284a6a0e9211",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
index 638a4f6d7e..a372e6f440 100644
--- a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
+++ b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e087186d-402a-4208-82f5-fe622d23f7cc",
+    "id": "bundle--87924af6-00e5-4e36-ba27-229790d500be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
index 5a271b1672..49e33c76d4 100644
--- a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
+++ b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f770c18-9b1e-4786-b40d-6d8eb8a33ecf",
+    "id": "bundle--3e41d9cb-ccb8-49b4-b970-e56adf1f48e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
index 1b2b8744a5..7f356056db 100644
--- a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
+++ b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6078be3c-4d63-4321-b1b0-48c07a36dcc2",
+    "id": "bundle--60026dec-90f2-4269-bddd-73e97764b59d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
index f93df68500..17b62a9502 100644
--- a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
+++ b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a722d48-5fdc-4f63-92bc-3e6a79acca89",
+    "id": "bundle--51cff0fc-fc55-4b13-ab6a-f97672d9e65c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
index 6277fbb8ef..344996c0e9 100644
--- a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
+++ b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--91c0ae27-ae4e-4c65-b4a9-700cc062d03e",
+    "id": "bundle--33bb26d4-71e7-4fdf-8502-e43b613fc441",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
index b40d46a4e8..e72c95a4c1 100644
--- a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
+++ b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f277afd7-56d1-4d47-a7c3-db6a28a06fe3",
+    "id": "bundle--5e1e0c8b-1c4a-4e6a-b285-314652410018",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
index 626639d902..c607b1052e 100644
--- a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
+++ b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0b0a410-150f-4e58-b019-4144428f22cd",
+    "id": "bundle--60343f5f-0fee-499f-9db2-3474c8a2855b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
index 00c10c0061..08cda5c2a2 100644
--- a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
+++ b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6ad4dd8-b5d3-4b73-adfc-fd81ceed4557",
+    "id": "bundle--83bc262e-7a7e-4047-b3f9-97af165d46ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
index b5b416e6d6..79e9d5117c 100644
--- a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
+++ b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8850cd6-6629-4cae-b145-68f5831bf0b4",
+    "id": "bundle--898d2ca0-7833-4fc7-8328-c6ea320aa489",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
index 02bc467c20..fda0df707c 100644
--- a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
+++ b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--956b1e20-cffe-48bd-abcc-2938c9d7de8a",
+    "id": "bundle--43e54152-81f1-480d-817a-dcca29a931bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
index a76a28d58f..997e33ed7c 100644
--- a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
+++ b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f598f01d-5156-490d-853d-78849b0fcc50",
+    "id": "bundle--fe8569df-6e7a-40ed-bbc9-555caccc7f5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
index b0aea7ebfa..98352ee841 100644
--- a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
+++ b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b39215b-bf34-4476-8ef1-bd91e7a7c576",
+    "id": "bundle--d5006da2-4d8b-4aef-97fa-400c26ea95d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
index ff0df9fccf..5d2e21dcee 100644
--- a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
+++ b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a021c1b2-1abb-4e1f-bfb0-56fd212f830a",
+    "id": "bundle--515679ec-633c-43ca-86c2-0112cb6dece9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
index 1fd464f771..42e5dede7d 100644
--- a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
+++ b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a748135-e009-4013-b351-3fd61c008e48",
+    "id": "bundle--75f6964d-2c86-4dbd-8b8e-185fa36ce9fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
index 18fc00f565..e67d8aa907 100644
--- a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
+++ b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c32618c5-c51f-4d4c-89d3-49fc0b9d22d1",
+    "id": "bundle--11ff59b1-3a03-4cbc-8dff-86fe08a3be2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
index 0cd075e2e6..283ec65764 100644
--- a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
+++ b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b7ef8b2-5d80-4755-97d0-edd6d1beb390",
+    "id": "bundle--55eb4758-06e5-4996-a362-33c545b74319",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
index 74aa37faf7..2476e87878 100644
--- a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
+++ b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea96b5ec-35d9-404b-ba94-e33c87caa413",
+    "id": "bundle--aa29b76d-93bc-4169-9c7c-c34a08e5f4c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
index ba0e37010f..8a75f17864 100644
--- a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
+++ b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--108bae8a-2547-44e9-8611-e7a2e4d6c886",
+    "id": "bundle--10f3204a-f44d-4497-bdfb-f56fbbfc0f28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
index 4244ef0ab9..be1d25220e 100644
--- a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
+++ b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7396de7f-ef3a-476d-b341-f719cd4c766e",
+    "id": "bundle--836ce202-99dc-4cbf-a0bd-cca2f84845b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
index 7d81fbf488..93e8056cab 100644
--- a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
+++ b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4168bca5-71db-4b87-9dae-f2a314070538",
+    "id": "bundle--27530bd2-bb12-4449-b20d-f108532ae84d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
index 349422777e..9fdb99736e 100644
--- a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
+++ b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9ba8554-cef3-4cc0-aba7-61ed7c44ae09",
+    "id": "bundle--b61f82c7-836a-422e-9b06-ae7cc97971e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
index b1ac25c7f6..0fd7578de9 100644
--- a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
+++ b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5423884-55fc-4448-a0ea-916cc1e9b50b",
+    "id": "bundle--0960a642-464e-4e18-a288-d98b53a9e3c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
index fb9805dd0e..c9ce7b7c0f 100644
--- a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
+++ b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3fc78ac3-169c-461d-b1cd-6ba6446b5010",
+    "id": "bundle--a5c4f73b-5e3f-4dda-a741-5d61c1d6f2a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
index 5ef8dfd333..27999cd023 100644
--- a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
+++ b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--168c76da-4abb-4599-bf1e-4c35b10f976c",
+    "id": "bundle--0a955747-ee9b-46e0-a280-2d654c511511",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
index a37b5d7091..939cbd72ce 100644
--- a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
+++ b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e929d02c-eea4-420d-956c-e45cea984280",
+    "id": "bundle--91d98273-3f73-402f-919a-92d8b963a930",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
index 8c5bbdd1a3..a1d25caf32 100644
--- a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
+++ b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b1ca810-051e-4a1c-81bd-28b76a9985ce",
+    "id": "bundle--ad3f4634-18a1-4306-8528-333f0204544d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
index e8aee21397..b7f74d336a 100644
--- a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
+++ b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e556bd1-1255-4214-b242-39ec9b655b17",
+    "id": "bundle--cc749dd6-bfba-48bc-9f78-ecf3531da1a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
index 08e4786215..1d7cda7dd2 100644
--- a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
+++ b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbb1e8ec-b003-4f4e-aec5-62c22bf91b47",
+    "id": "bundle--2f210e07-7696-4b66-9d62-0576a19fb8c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
index a4d8afabea..c293c6bed4 100644
--- a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
+++ b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed951a8d-2d7c-453e-80a7-fa63a26030fa",
+    "id": "bundle--43a52eca-8818-41aa-b301-cae6a903f8ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
index 8153bf4c9a..61cb4db22e 100644
--- a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
+++ b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0677a009-26bf-4a20-b03b-d3db3e708ce7",
+    "id": "bundle--f473af88-7ccf-497f-adc4-034415fdc56c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
index a1767e8f2d..2270b2b569 100644
--- a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
+++ b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0dcbeb70-cd86-4aa2-8006-3ffe7718527e",
+    "id": "bundle--cf3a8a96-adfc-4e74-b17c-849c5d4e1160",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
index 14c87e6347..f36f0a0ca1 100644
--- a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
+++ b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7634a01b-a486-4392-95a0-3167000698e1",
+    "id": "bundle--49223815-a8f4-496c-b0d2-d51211a033da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
index 367ed3329a..83cc66f570 100644
--- a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
+++ b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--997e69ac-0689-4f28-a829-7edd625f7cdc",
+    "id": "bundle--72fcad8d-0e12-42e6-857d-3c739d685421",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
index 1d37a8e86c..9ca86152b8 100644
--- a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
+++ b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cba7186f-7d90-4bad-aba9-42d79abe0458",
+    "id": "bundle--ea319ebe-be92-4b2e-90f9-d5dc05ad8200",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
index df13938df7..51011b695d 100644
--- a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
+++ b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be50fac0-6ff1-4fa5-8056-c3677b57df5e",
+    "id": "bundle--d099902e-eedd-49fc-aef4-8b5b3f54650f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
index c02e3c63a6..d99c1780a3 100644
--- a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
+++ b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13369fb0-b433-4c36-b1af-926b3eb71c68",
+    "id": "bundle--15b5f2b7-8363-4930-8321-76b675807c2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
index 9f86778e23..6f58baee0b 100644
--- a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
+++ b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4902ad1-0bd9-4f9c-8084-d1f689ccbffc",
+    "id": "bundle--f52eefed-3287-4301-9b96-f791db336411",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
index 9b7d547632..595fb6255b 100644
--- a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
+++ b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dabe8a67-f515-4890-9a37-5076f8788381",
+    "id": "bundle--5cb80e5e-2a78-42ca-a34e-9d7076c87098",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
index 69d8ec75aa..90f73f73d6 100644
--- a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
+++ b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca99bc23-b1c6-4a99-8e0e-0585b44762a9",
+    "id": "bundle--557d9640-90fe-4377-8bff-62f3c418fdb1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
index bd55f7b395..5260cdb892 100644
--- a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
+++ b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c4d8be7-64d3-4e6a-8ea7-d39b69464540",
+    "id": "bundle--e30db3ea-6423-48e7-8f17-adab2666c25e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
index c92628d818..2e00bf00eb 100644
--- a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
+++ b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71c54648-5ee5-44b2-bfef-d336e646a563",
+    "id": "bundle--ed4456bb-6452-48cf-9d62-d6e5098dd5b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
index 8dedd9429b..27761dee2f 100644
--- a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
+++ b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cfb57282-17c6-4ae4-b60d-eb059a5ba54a",
+    "id": "bundle--0066ba1d-3b2f-4296-be50-fe665a381913",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
index 260ccad556..91b2f34b7c 100644
--- a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
+++ b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93fb0d45-4a0c-4027-961f-99831acb5f28",
+    "id": "bundle--7dff9a63-1699-4b75-96db-b46075321a36",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
index 64000dc8d6..f0cf632061 100644
--- a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
+++ b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fea0641e-e22f-482f-8d1c-e812b07a1d83",
+    "id": "bundle--5cdb4304-80e3-48da-906f-6cf1092b20a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
index 7b3fbb574c..8e0f659038 100644
--- a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
+++ b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67dfa0e1-6e85-4471-9d29-edba17424263",
+    "id": "bundle--3fe0a817-e056-4f56-b8a7-95449b8dbc99",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
index 4d5a8b87f9..3ac6b3f161 100644
--- a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
+++ b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af34986e-cda3-46e8-96b0-2d2373ae88c6",
+    "id": "bundle--b845d3b6-93f9-4d57-b8fd-10a662f5f47b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
index 5f61e72041..a350e630de 100644
--- a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
+++ b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67d3ff25-3ca6-4342-a2f7-4a83a1797189",
+    "id": "bundle--667ab716-dd34-466a-9422-d18a39d5faaa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
index 80e16417ae..92d2628d89 100644
--- a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
+++ b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39ce3c62-7627-4732-9ce3-57aab2cbadbc",
+    "id": "bundle--f226b573-90af-43d6-aa0b-2db40dfc596a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
index 81ebdffdc9..0939b26873 100644
--- a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
+++ b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d26533a-ca09-4cf2-a88b-510cf34f730a",
+    "id": "bundle--0c1acfd6-11a2-4a69-bd3d-2f8fc56f6bd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
index 8d0f1cb463..44991e62ee 100644
--- a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
+++ b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7195b11c-fc20-488e-919b-a374bb14b743",
+    "id": "bundle--40b12d2d-6362-4a56-aaaf-d0c78bf15d80",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
index 689bccbe51..f2ef043f89 100644
--- a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
+++ b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9aedd8cf-75b6-4c31-9916-bd783be6b78a",
+    "id": "bundle--b51dcd15-f3d0-4422-9f06-0cd5f12bb72c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
index 37740f996c..f033caee29 100644
--- a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
+++ b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87f1d2c0-0f52-4ab3-ba2f-b832475a99d4",
+    "id": "bundle--64e0927a-b7b0-4059-9071-214f13fed44c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
index fe01943d04..2d198daf5f 100644
--- a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
+++ b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--417af596-c739-4d9c-bf4c-f8d5a4618b14",
+    "id": "bundle--3ca82261-feeb-489c-a28a-f11f7f1b56d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
index 3bb276abb0..475073170e 100644
--- a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
+++ b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8385a666-9e4c-4b0b-99c2-ea1fd30d60a0",
+    "id": "bundle--3655c6d1-6ee8-4ab1-8a3d-cb37b831a838",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
index b683b29bb8..64aeef998b 100644
--- a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
+++ b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--955076f3-a186-44c5-8c62-df7c68d9e85e",
+    "id": "bundle--ffca1c38-10d0-44db-b269-d4e63af6fed8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
index 5ab0e57310..e316a52529 100644
--- a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
+++ b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--80fa9540-81d4-476e-96b5-de5bbb314525",
+    "id": "bundle--051b37e0-cfc0-487c-ad82-eb866046a49d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
index a62304a1d4..9186551535 100644
--- a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
+++ b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebe91454-b96a-413a-9ff8-1cc492a60dc2",
+    "id": "bundle--5319291a-6098-4ae5-9af8-5bd7cb3b3a25",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
index e0ab39523d..44738bd925 100644
--- a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
+++ b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99163f8a-15f4-495b-bcc2-aadf8986133e",
+    "id": "bundle--5929454e-0837-4cf8-9df9-1f41d34f7623",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
index cb7219b677..aa7f73c851 100644
--- a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
+++ b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bdcfef29-1c49-41e4-976b-647e45dee541",
+    "id": "bundle--25c79059-0383-4633-b2e5-cb8b6485e739",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
index e6cefa9a5a..988449a874 100644
--- a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
+++ b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ef2774b-0e71-429b-b9ea-7985de84fcad",
+    "id": "bundle--eb187a36-8574-4ef2-bed5-88b1a6dea388",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
index 3d35f4b98b..e7ef7bd880 100644
--- a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
+++ b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--698109a0-dea0-4840-a674-c6f56957dcab",
+    "id": "bundle--5f2a76fa-47cc-4c3b-b827-8f636a23edca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
index 462d90e33b..f6cf8e50f2 100644
--- a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
+++ b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28f5395a-b6ae-4627-adbe-e41cac4f381b",
+    "id": "bundle--189c7a6a-0963-411c-abb3-bc254086c563",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
index 604dad1dd9..4a36eecaf2 100644
--- a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
+++ b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b35b79c-3ad9-4f58-b734-4efc563ab0ae",
+    "id": "bundle--c33c79f5-7567-488b-9870-93f26aac7132",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
index 9369461f9e..73ef9dbb0b 100644
--- a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
+++ b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca230ec9-7fc8-4755-9452-1d52a3773ad6",
+    "id": "bundle--9dbdb232-d663-41ed-ad36-ec3ed333cb0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
index c6a0b44550..dbd0a5905f 100644
--- a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
+++ b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--004e4b5c-96e2-4b25-a462-ef985101cc15",
+    "id": "bundle--351df948-b001-49ad-8189-aef8298e7a59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
index c797280137..03a8da27a3 100644
--- a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
+++ b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--078c9212-b40c-4105-9491-23f9af29e554",
+    "id": "bundle--a94cd54d-f19f-43c6-b77d-2d19f72caadc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
index e873f85bee..fb4d649c1b 100644
--- a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
+++ b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--699dec44-ebe6-49b1-b849-74df7a989786",
+    "id": "bundle--8091c202-e09b-4ab0-b8c1-003a52a9eaff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
index ed755079d5..37ca7d9713 100644
--- a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
+++ b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4932535-935b-4d2e-908b-8e560aad909f",
+    "id": "bundle--f2b41ce3-7050-4801-82f0-fd3bd9a2f8f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
index 3d521b7778..3d1c8f68fc 100644
--- a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
+++ b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--540a105e-fd9c-4297-a761-601079d45f20",
+    "id": "bundle--f6087df7-44be-42f4-ab97-9305a620132a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
index a085659b56..652a7cbd2e 100644
--- a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
+++ b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea4e21bf-afa5-491f-b9ee-36bc98f31a1c",
+    "id": "bundle--45540fc4-8305-45ee-9910-ef4edda892ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
index 59d189132e..09830a5627 100644
--- a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
+++ b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed015367-c0d6-4816-981c-cb0f459db5db",
+    "id": "bundle--31c84588-e0b4-4b75-b9d8-d5b06e6ac928",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
index 20f6e611d8..7f988910d3 100644
--- a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
+++ b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98845432-fbe0-46f4-bf07-f8b7e56293ff",
+    "id": "bundle--b1eecd3d-016e-4cd8-b7cb-bece1b7730dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
index 954e35f4ed..1505a17143 100644
--- a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
+++ b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13563ff1-075c-4cac-ab10-4eca7c0c8ed7",
+    "id": "bundle--4a7e11e7-0fb5-48cf-8825-9c9f5563fa09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
index 81b7617d0a..add7a2f43a 100644
--- a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
+++ b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65122d23-9359-4d9b-b5a9-44a0baa098b9",
+    "id": "bundle--47454907-aff8-4f9e-adb6-2d9dea078911",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
index 07784da762..16ff739495 100644
--- a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
+++ b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cda4ccda-57c5-423b-9eba-63eb4ffb4fd9",
+    "id": "bundle--1bb36043-bece-4200-80be-c2bdddfb68ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
index 761b254524..d543000178 100644
--- a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
+++ b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06333369-7fdf-4b76-b77d-ab4c1fdae8f3",
+    "id": "bundle--42fe4786-e0f3-469c-9071-5f46807c86dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
index 2ad08683f8..a205c8480c 100644
--- a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
+++ b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a70b780c-0b1c-46b1-a765-8ac7779b04e9",
+    "id": "bundle--94d168f6-9f04-4d8d-bde8-f25e01817425",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
index e8ce5ab35d..c65371c818 100644
--- a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
+++ b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--592d41ab-3d29-4096-8c7a-3472d6ce5918",
+    "id": "bundle--88b080bf-8dfe-4368-a87f-06cf613a830a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
index 62150c680e..5d05dc7218 100644
--- a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
+++ b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27489909-1633-4ab8-bdc4-5986fd07076e",
+    "id": "bundle--5b5e6936-7f21-46e9-a300-68e0488987fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
index 71282fc0b1..b5463f7e9a 100644
--- a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
+++ b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8680209-0d3c-4ab0-a02b-abbb561deb36",
+    "id": "bundle--3d5d1e1e-a2ab-4809-af93-c74d7198b7ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
index 63bd383f57..7ddd3eca12 100644
--- a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
+++ b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d25173ab-59a6-421b-8f60-8f36928854f8",
+    "id": "bundle--9910ff45-2dbb-41f6-9be4-9b23d06865e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
index de10e8ec0b..eb67fb283f 100644
--- a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
+++ b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d24c9ca-ed57-47a5-8896-be7dd1b20b0e",
+    "id": "bundle--73e04fee-cd74-4357-9dbf-ca291859946d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
index ba7897a237..3541deba48 100644
--- a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
+++ b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f70a30f-71d4-4bb0-b52b-a2c745c01e9a",
+    "id": "bundle--80fa4b6e-a457-48c3-97ac-2096c3b4c87b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
index f5d0286f3e..2603109eba 100644
--- a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
+++ b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e789fd7-cda5-4408-aac6-472beb3a7190",
+    "id": "bundle--7bf67eee-a1de-4556-af43-52432baaba11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
index 78a6244056..be587e06e8 100644
--- a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
+++ b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f58c68aa-e534-4e78-8962-bced03f62501",
+    "id": "bundle--71b5d751-f1de-4a8d-882c-03ae7a505805",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
index 1ef24ca0ec..cc5e4942ac 100644
--- a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
+++ b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb88bef7-607c-4a62-ab05-656dd03815f1",
+    "id": "bundle--16828a8c-e9ed-4104-bf58-28ea27976c7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
index 282dade993..189fa47ffd 100644
--- a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
+++ b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47990561-6cbd-48c3-9a6c-2993090b0c28",
+    "id": "bundle--66e91698-b433-4b19-8781-1c5c1f9f884a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
index fb5cfb7fed..acf62183d8 100644
--- a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
+++ b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--912c6527-7403-4719-9181-d35d848942da",
+    "id": "bundle--8fa3255a-c147-4524-aa1d-1742400325d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
index 9f827bd5a8..7c8297ddd6 100644
--- a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
+++ b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c92c54cf-e5b3-4280-b4ac-b1faf8198550",
+    "id": "bundle--ff766f80-74d4-4f08-85a3-4a6af12724ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
index 978839bd99..69151b670b 100644
--- a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
+++ b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba02bd3a-d044-4a9f-8717-d42d74245a61",
+    "id": "bundle--893b5300-c55e-4844-973c-c2bd9f7b2d0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
index fd788589af..cddd8393ab 100644
--- a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
+++ b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb076ce3-b55a-4cf4-82e6-ac370308848f",
+    "id": "bundle--add4c985-bbab-4354-91d3-f52b75a1da89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
index 5be7b1a779..434852009b 100644
--- a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
+++ b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--197cc1ec-3104-40de-8bf2-cccebbfada56",
+    "id": "bundle--c3cddf6b-3953-4716-bfc9-84580333872f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
index d93d5936ad..37eb903e74 100644
--- a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
+++ b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--272a67d1-0a10-46a1-a4ac-b0a18a693289",
+    "id": "bundle--a00c2e10-cd17-47b5-a149-cb23d4d18062",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
index ef23977b66..9a3b906ab1 100644
--- a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
+++ b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30912f94-5836-4733-8b0e-124512bc9c8d",
+    "id": "bundle--0dd53d3f-abf7-490a-8202-7ac2ce2827a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
index 0dcb1665dd..f703f40009 100644
--- a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
+++ b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8afaa40f-4776-487f-bee4-0e07c8feeba3",
+    "id": "bundle--bc2e002d-ae4c-4be2-ba15-b20a16f8bc72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
index 863b135252..29f1e9ff91 100644
--- a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
+++ b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--965978cb-41a4-40e3-a4eb-26777d53e279",
+    "id": "bundle--4a09ec2a-1fae-455a-a9a4-46f701d4479f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
index e49834d9b3..d00ddcc16e 100644
--- a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
+++ b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04a31ff0-47ff-4a0a-8943-6719d0899979",
+    "id": "bundle--7dfe684b-ae81-4795-ae38-426ce7fcda13",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
index edf951c977..58e4ee7d54 100644
--- a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
+++ b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9372d657-adb1-4f20-b1b4-de9a01e5f368",
+    "id": "bundle--e5322f58-c1e3-43c3-a768-16e5b40c8e37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
index 27b021c953..c5b2e99560 100644
--- a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
+++ b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0086d3d4-7887-46a3-b1ce-5c417d3818a8",
+    "id": "bundle--d86bbbd6-7646-45b7-a404-7d869c55aca7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
index 626b32f706..db6e59ea73 100644
--- a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
+++ b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96b2a6fa-e730-4bd5-a266-000d69c14912",
+    "id": "bundle--5efe2c1e-1115-41be-804d-e2959d96d3a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
index 13640f54cd..4b22c493d4 100644
--- a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
+++ b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2661e4fc-2655-4af5-8ab6-a7ab4013ba93",
+    "id": "bundle--e04de767-753a-4d4e-aa04-eb7ccade58fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
index 5bf527c5a0..ce50f34090 100644
--- a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
+++ b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--853d3fa9-75d3-4d7f-a305-85503d4be00a",
+    "id": "bundle--7cf81a2e-fb94-4718-91e5-3eb897cff713",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
index e222b06703..c0a94fabb8 100644
--- a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
+++ b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93eecfca-173e-475b-830a-5c35862d14a8",
+    "id": "bundle--51190b15-0fa2-4e61-b5d2-e1972240c88b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
index 8bef21d02e..6b6aa85e33 100644
--- a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
+++ b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95a9c696-5aa9-48d2-8755-d40bdcb63e5a",
+    "id": "bundle--3fac7758-9662-466e-a1ab-1bef5b009d5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
index 0b58cc8435..f1261094d7 100644
--- a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
+++ b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--717a747f-f6ca-4a49-a76d-3f62707a8268",
+    "id": "bundle--248bc815-40df-46aa-9680-574c3d8a0b18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
index b3b9eb2cab..d6ea8fb934 100644
--- a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
+++ b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30509a94-5a7e-4466-899f-936c97a39bfb",
+    "id": "bundle--a1501422-1864-4e69-8f81-0211a9b1ce85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
index 6eaaa37ffd..5acc5c62a6 100644
--- a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
+++ b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6360e6fc-1c51-46b5-98de-220d17586931",
+    "id": "bundle--c50b61d2-6a18-43fb-acab-f86010b4f164",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
index f5ddae9176..6447f57587 100644
--- a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
+++ b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1bc90f83-5bbf-4f3b-b822-677236228119",
+    "id": "bundle--9b5da5dc-e8da-451f-894f-02445ed87097",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
index 940d24d5f1..b29c5d7b86 100644
--- a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
+++ b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6ab7bfa-c495-48a3-8223-cb7509aa5de0",
+    "id": "bundle--11cd1b80-8e39-4a03-b7a2-00dcbf7f6552",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
index 6608599612..899fad2cec 100644
--- a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
+++ b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a225867-b50c-45b7-bbf8-907f558f52eb",
+    "id": "bundle--9ba45db4-f280-4574-a59a-59f6a6772f4c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
index 8a00aafa46..a7635812b9 100644
--- a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
+++ b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d615c3f9-14ed-4f29-a805-2fc8aa60d6c9",
+    "id": "bundle--3d90e229-a09b-4acd-95a4-6a4bec9dd4a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
index 1d5c139b6b..5cf2856fa9 100644
--- a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
+++ b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f136961e-9fa5-45a5-96a9-e07a9f7d0a70",
+    "id": "bundle--1a16ea2e-46e7-414d-bef5-b5ee16a78d6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
index 9aa8fcc2f5..11599cdd68 100644
--- a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
+++ b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47860218-bc1f-4e96-b93c-c10ab704e322",
+    "id": "bundle--71684794-1572-4871-b575-8c0796c24039",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
index 207169881c..13afb4852c 100644
--- a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
+++ b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c603822-e732-4d43-a1e8-c52d6e754245",
+    "id": "bundle--afd400f8-10cf-44ce-b101-448b078a9e6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
index 54d84e0285..74b0874734 100644
--- a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
+++ b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd631c89-de89-4291-8385-1a256969a94f",
+    "id": "bundle--a87f42eb-6e1b-4be2-949e-20218cb47f0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
index b79a896a95..779e861fbb 100644
--- a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
+++ b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f9f7e1a-c989-4a50-8e32-da817c1dcd57",
+    "id": "bundle--4b9c659b-43bd-428f-b292-5e99b4963b05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
index 399ce5ef23..2d8e90e956 100644
--- a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
+++ b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdb704ab-4907-4859-89c5-d6e2f206ef0d",
+    "id": "bundle--67f41e13-adf5-44c5-80e7-ec9abba0d02f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
index 1c9f6ad62f..82a4116b08 100644
--- a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
+++ b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1dd0af8-6c0f-43fe-9f6a-2a45cc7a7002",
+    "id": "bundle--15175a1f-3db7-4eaa-93ff-e9b38a70af8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
index 37f12c9b58..e8e8c3cca8 100644
--- a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
+++ b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b228bf4-c7c2-4f16-a147-21a9a4b9f853",
+    "id": "bundle--1292bb7c-a868-49f7-a63c-70b803683d7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
index d9a9bd8c30..4a762d0ff2 100644
--- a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
+++ b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bcc12291-484e-444d-a08d-d83cd0365fd4",
+    "id": "bundle--a6b702d6-5610-4a80-92ad-2a384d11c504",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
index 3413988c32..2fcb856fd5 100644
--- a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
+++ b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--562a6a98-ae64-4aa5-970b-dc27d93fec22",
+    "id": "bundle--b1671a18-b212-4445-b734-79336547c771",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
index 262456c001..91bfdc853c 100644
--- a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
+++ b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8763bf71-8d2e-4393-89ef-f9dede5ddb82",
+    "id": "bundle--bcf8bc3a-4720-42f9-a6a1-816e1c053008",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
index 956fede91d..95c020b6de 100644
--- a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
+++ b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--170c45ed-5a83-4704-8a2f-9399e995de06",
+    "id": "bundle--9db4773a-f91a-4e08-86c7-423b18fc6bc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
index 8dcdcf7fbf..b8e2b7459d 100644
--- a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
+++ b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e06f735d-1db1-4eae-89d1-f42ef4bdf83d",
+    "id": "bundle--8f8050ec-2dcf-4121-b705-8574f5b6a1a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
index 0c758696dc..c6f71acdb9 100644
--- a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
+++ b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bcd765cc-2d32-4887-b40e-e07413fe28fe",
+    "id": "bundle--0088aa3f-69b1-4177-ad90-5bb0fcb9078e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
index f0f62be743..a2c105e18d 100644
--- a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
+++ b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e8b8523-f860-4ef5-b58c-827d98e6552c",
+    "id": "bundle--3954505b-4080-4ead-9293-506421be368a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
index b119ab5010..ff400f557f 100644
--- a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
+++ b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c415e89-ff53-4fc4-b5b0-1e07f7cbcef6",
+    "id": "bundle--6b1c5425-71cd-4223-823c-ab5c2a84bf97",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
index 432e9b24cf..d8aa4d90d7 100644
--- a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
+++ b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc2ea937-dbaf-4536-9bd5-276e4d34ccf2",
+    "id": "bundle--d8a3f7a3-4658-49f5-b271-5e0c5597a17c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
index f5b568ff90..de696d7f24 100644
--- a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
+++ b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11a8c657-acad-489d-b3e9-69cbd84af2fb",
+    "id": "bundle--009a8130-b22e-468d-bb28-935c00d71aba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
index f903b1d493..8bbd848557 100644
--- a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
+++ b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--952eb7f0-f16d-4226-ac18-30562f3b11b7",
+    "id": "bundle--f4eedd11-bbce-4ef7-898c-559ed1f1e8ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
index 93702005f8..f1ca4b67f7 100644
--- a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
+++ b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e998f959-b86f-409c-b7c8-6d8023297c9a",
+    "id": "bundle--a500c847-ac2e-4b81-a227-53dde68a1191",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
index 445ff33a26..360b9b58ea 100644
--- a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
+++ b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a7b57a6-0ba9-4978-8857-e7a3404b2be1",
+    "id": "bundle--0f182def-228e-46ad-b976-243316564fa8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
index 765385a6a5..b2aa5155be 100644
--- a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
+++ b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90715807-ff25-4f0f-8d55-0dc7b46222de",
+    "id": "bundle--d32ab1c8-246f-4d7e-a821-668ed14b1fc7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
index 3485856f02..d352bcc0ab 100644
--- a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
+++ b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bccf4698-2f4b-4d35-83e4-8b671687cac1",
+    "id": "bundle--1e3d8aa5-7644-4c43-a187-2be19b552671",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
index 46ad41e5c6..e68127bd60 100644
--- a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
+++ b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b5766a8-23df-494d-8186-a2feb8dffaff",
+    "id": "bundle--4f824dbf-116f-4ff8-ad8a-793cedb5e308",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
index 9b380116d7..950a2d2b82 100644
--- a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
+++ b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a191aff0-c1d8-47b2-bf41-ca40f530cd33",
+    "id": "bundle--159b25c3-5f80-4ce6-8f64-737e3bb46728",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
index b8b8e36651..6968621d75 100644
--- a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
+++ b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53f35dd9-6ff7-4eab-8cad-faef1ba727ca",
+    "id": "bundle--9da1e9fd-800a-4910-b4d1-68136ee89c7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
index af3614c4f8..229bbbd29d 100644
--- a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
+++ b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7947d5b7-f475-4fce-9238-09c1b28e56b2",
+    "id": "bundle--a66990c9-28b1-4711-a3bc-32fc01b753fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
index 0a1f1aabee..a9c6a7ff97 100644
--- a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
+++ b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22ad2c21-0722-4774-b9d3-f5ed73b352a9",
+    "id": "bundle--c72db6d2-65e6-411a-a635-0633082d5c26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
index 273066c814..c6668aa239 100644
--- a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
+++ b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e56e8066-a73c-443f-915e-e406e5465d3c",
+    "id": "bundle--6ef46449-a856-453a-94e4-7c9bbc0c9675",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
index 855593cdac..fd9c757bad 100644
--- a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
+++ b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9143afdb-6280-4633-a2d2-bfcb5374d3f9",
+    "id": "bundle--a635f4db-d51e-44b9-a82e-19e0e5f82dae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
index e0d3c86b6e..904c61e8d3 100644
--- a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
+++ b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8b3679d-7d14-4e10-bc08-01b8f75c535e",
+    "id": "bundle--b4fd68da-886b-4af4-b491-86f1aef33328",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
index cdf97d416d..8ee517f16e 100644
--- a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
+++ b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8a7709b-29ff-4d8c-8059-766780b3a9b4",
+    "id": "bundle--73e267d2-3782-4bcf-9cbd-4e4dedc92837",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
index 74d7ace988..0bc94af1ae 100644
--- a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
+++ b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f86f750b-23d0-4fd4-9f2d-40eb3db5f6fd",
+    "id": "bundle--b0490591-b298-425f-b1e4-8522c7c22ee9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
index 1a15406aae..5563b11c02 100644
--- a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
+++ b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc6a8816-7db5-4d80-8d18-dff81efa5065",
+    "id": "bundle--e1c38ff5-94bc-46b2-b078-908ffae8dd66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
index 1332cecf3e..66ab497582 100644
--- a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
+++ b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94d20f1a-b128-4a4c-85ac-77e8c6e65bb2",
+    "id": "bundle--755ede21-5cb1-44b9-9c21-967d9f93db5e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
index 75fd4cae78..77e2a0a286 100644
--- a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
+++ b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c9a8d703-fc32-4cc2-aa78-f745acbfd969",
+    "id": "bundle--739d1f0e-db5d-4e00-ae76-9112e816a865",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
index ad5d792790..a91867e88f 100644
--- a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
+++ b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64fbcb04-ebe0-45d6-89ad-a2b2bdb36787",
+    "id": "bundle--e471096d-94c7-46c6-9a2f-6f274ccf39f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
index 289d7f85ea..bd04678367 100644
--- a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
+++ b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f1cee43-8fd2-4225-ab11-ae7542bea640",
+    "id": "bundle--94d01e16-81ba-4f6b-81d3-b396059615f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
index 56437fbf9f..0194023557 100644
--- a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
+++ b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1324db95-f7d3-45da-9ae4-91137240940b",
+    "id": "bundle--b284072c-d316-49cb-a71a-c61ceca19e5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
index e9cf4e14f3..b363fc0262 100644
--- a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
+++ b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--29e9f4af-f80c-4321-9e1e-fc1364c7f29a",
+    "id": "bundle--095b23e4-3781-4f8a-ab4a-390ad5ffd58f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
index af9275e229..234bdcc63b 100644
--- a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
+++ b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6521ffd9-0d90-4c04-aed2-49408e396cc5",
+    "id": "bundle--2df34efc-66e9-4af3-ac4e-9756293fe073",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
index 986e66438b..025fb496e3 100644
--- a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
+++ b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb213f28-d92f-4819-968e-52c4cdf995e1",
+    "id": "bundle--6d18ce6b-745c-403e-82dc-9f58451ba3ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
index c8b35f1f01..9be73d6a38 100644
--- a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
+++ b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--42ace379-d49e-4f3b-93fc-b1c99368b901",
+    "id": "bundle--f7ebef31-773b-4867-8da0-75c3a0ef7544",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
index ac7ea424dd..e513cc9cc4 100644
--- a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
+++ b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38394c89-4a77-4ff2-9095-e448669d39b1",
+    "id": "bundle--ca30ebad-8709-49dd-8281-881fcf41255b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
index 9b074e378d..b302c0e26c 100644
--- a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
+++ b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8b6a185-1d1e-4f75-babc-c59ae25bb05d",
+    "id": "bundle--4da82cfb-18fc-4327-98dd-af6aa790796d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
index 3be52727ec..fe24d08770 100644
--- a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
+++ b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dd2f33c-330e-40da-985c-1da823650536",
+    "id": "bundle--4cf18f3a-f2ed-4106-82cb-49fe3ce88bcc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
index 5bdba09095..735c9eea91 100644
--- a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
+++ b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c4e4481-eea7-4062-bf58-25cc6834e774",
+    "id": "bundle--2965f481-6161-40cd-a0fe-060c196047d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
index ad0b071c74..50db73cb49 100644
--- a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
+++ b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f883b657-5fc4-4a05-a2cf-d766c23e48cf",
+    "id": "bundle--97533b0b-feae-4ad2-a6d1-fbefef952bc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
index d5ea9afe9a..dce112057c 100644
--- a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
+++ b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e1a1ba5c-708c-4b50-9a68-0a82748fc25a",
+    "id": "bundle--11730275-ad1d-445b-96b4-b60e4536eb88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
index 48557419e0..1a59bbcf71 100644
--- a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
+++ b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2210160-5ee1-4169-ac32-e9b698f5c534",
+    "id": "bundle--642077f4-7d8b-408a-bb21-de99bece79cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
index 119627ab9f..ef61d61d9c 100644
--- a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
+++ b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c780834-4e4e-4818-bcd9-4f551b850d4c",
+    "id": "bundle--cc338381-7432-423d-bc48-d831962d61e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
index cfee297202..09d8802ed3 100644
--- a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
+++ b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99a9340e-a199-4e69-951c-55ffc37e74f7",
+    "id": "bundle--5eb59865-5406-4a9b-936b-444229560cf5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
index a57578b9a0..5adec5c7af 100644
--- a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
+++ b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--51d62b21-fdae-4098-bbb8-ecac772d9264",
+    "id": "bundle--4f65699e-a8ee-4548-9f2a-73e0a0582ce1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
index 391e0d4f69..af00fac9d3 100644
--- a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
+++ b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d128a204-1510-45ef-9fe6-269a26948cae",
+    "id": "bundle--128dc1e6-b5fd-49e8-9772-4b618404e8fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
index 64720a71f3..e5b941a6ee 100644
--- a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
+++ b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ae2125c-ca85-4f6a-be1c-c2e8a4563ad6",
+    "id": "bundle--f25927ae-9de8-408b-b8b6-c3712b8b7d87",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
index 6e71062858..628a08f61f 100644
--- a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
+++ b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--153c7bf3-aa70-4ff2-858d-183804aa217f",
+    "id": "bundle--05ddb446-ef94-4895-825b-07c3bea84a57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
index 3f091a3ee9..d0825ecc7f 100644
--- a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
+++ b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1ad692f-246b-47f9-b27c-f93f602cdcef",
+    "id": "bundle--89f33614-e74d-4ecb-a123-b89d27a58ef2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
index 8535afd992..802cd0d076 100644
--- a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
+++ b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f6588e75-9192-446c-8079-964b00194fe3",
+    "id": "bundle--c5b45add-9eac-4e9f-89e2-737ff18986dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
index 407ffd3fe1..c7d3da1fbb 100644
--- a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
+++ b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c78583b6-0820-4dbb-9f39-e2bb40d20b72",
+    "id": "bundle--3a23deca-fcf1-4946-a0b9-880b22798ade",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
index dc0054bed1..259acf0817 100644
--- a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
+++ b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70d4a193-58e2-4725-9cfb-819e804b26fb",
+    "id": "bundle--d094e0dc-306c-4bb1-b0be-041c14a84cab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
index 50027a0cc7..8a678b6183 100644
--- a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
+++ b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01d417ac-2e47-41b4-b1bb-f1d7388ab2fd",
+    "id": "bundle--f0293e8c-2b44-4a98-8d51-ad9cc7fa4509",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
index f6f5bbb451..9bd89a574d 100644
--- a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
+++ b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--317cd7e6-f8e2-4ac8-adf2-c2326d024aeb",
+    "id": "bundle--c8d571b3-8317-4081-b8c6-900a30302ab9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
index 94b76839fc..a3a081e46f 100644
--- a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
+++ b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7db36a50-1084-47c4-ab9f-9c7ad25e5b1d",
+    "id": "bundle--d17a2165-31e6-4d9e-ba2b-0e2526cd7a3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
index 3e60355744..d718faa5ac 100644
--- a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
+++ b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--19a955ac-f279-4143-88b1-b26e81664436",
+    "id": "bundle--ab89770e-5d68-4236-b6ac-f96c69052a60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
index b8cea14e4a..a6a28430a4 100644
--- a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
+++ b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5e9105a-5dd0-496f-b4fa-e622f1e236fc",
+    "id": "bundle--a5801d99-abe2-483a-aa13-5166736ca3a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
index 9e597b8fe7..2cbf023ee0 100644
--- a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
+++ b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d61ac927-2e28-47e8-9875-4b20880cd857",
+    "id": "bundle--6528f694-0b61-4290-8d68-3b0bb4a604cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
index 146db081c6..0e49beb2f3 100644
--- a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
+++ b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc0b5a5e-ea12-4493-acf6-c1029d93939f",
+    "id": "bundle--b7f0954c-cfa9-4b82-941e-69b6bb445e83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
index 4e7f048edc..fe1ffd5e5e 100644
--- a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
+++ b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c7936524-04c9-4ebc-b2f1-e760edfc6e45",
+    "id": "bundle--84793ec4-2f89-4da4-b855-e6666a675866",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
index d624eddb27..9deb07af34 100644
--- a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
+++ b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ec1d578-6af7-455d-96a4-4dd2ed600a6e",
+    "id": "bundle--784869a6-b482-4875-ad2f-10bb4e83f42a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
index 3737743b6c..762604f4b0 100644
--- a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
+++ b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33a70d75-8e26-486a-ba60-c9db37ea592b",
+    "id": "bundle--612c112f-3140-4bc3-a996-5c82c2231b43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
index 441a7f7203..3dbadaef66 100644
--- a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
+++ b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a1a442a-3698-4c57-b142-dde518b46ea6",
+    "id": "bundle--7c82fe16-1be7-44e7-a557-cd032425a433",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
index 85268b6caf..926381ccb4 100644
--- a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
+++ b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a46c1838-5c18-4940-b37e-89c60f472834",
+    "id": "bundle--4fa15d4a-1bd6-429f-89ff-092513b3c0d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
index c4cc0530e5..7b8ddd7eb0 100644
--- a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
+++ b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--197e8e1a-29c4-4578-94ad-dde936a7f5cd",
+    "id": "bundle--5d22d52f-6cd5-4647-a916-37e26f5a6828",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
index 346687b95a..62db54e105 100644
--- a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
+++ b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8cd4ae8a-fe82-4717-91b6-de2022370232",
+    "id": "bundle--c2373f07-6a72-4a41-8b8d-dd1f644b43c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
index e6c4a40456..409d3df2ad 100644
--- a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
+++ b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77713821-01f5-4a94-952b-1dcbf757e4e8",
+    "id": "bundle--f81656b4-b86d-4e0e-8751-7943f520ca85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
index d8695d90be..4ddc471eae 100644
--- a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
+++ b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--221b84de-d567-46db-b09a-49e0ae32a84c",
+    "id": "bundle--8e213a22-1c35-454e-9912-de90fd0c604a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
index 95ec7b9e9a..d8edcf0836 100644
--- a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
+++ b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--55287420-dd9a-4ce9-a6d1-b492c6523f9d",
+    "id": "bundle--ebef0e97-b1de-4d90-a85e-39654f3bd289",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
index 3718e62b60..d588fa52c2 100644
--- a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
+++ b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27c83b53-3cf7-4f4e-b834-1b56c7cdf4af",
+    "id": "bundle--6de68bc3-484d-4867-815f-2b42ab28abec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
index 2c27fb4b11..de4404ad92 100644
--- a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
+++ b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8e9ce5f7-92f2-4c60-928d-31dfe1ccafb6",
+    "id": "bundle--c3246902-4315-40ef-86fc-323f5d710a6c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
index 44093c2f4b..0328019422 100644
--- a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
+++ b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da8b88b9-3924-4e00-930d-9425d7659ae6",
+    "id": "bundle--271d5309-773d-4541-a0ca-167f1a073b08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
index 48190fa74c..2ed4c23668 100644
--- a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
+++ b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff58c3b0-183a-45b6-84a1-6c5b0b609ba3",
+    "id": "bundle--a9624bb1-79c2-4102-af60-b23000aefd15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
index 467405d35c..4de75598b9 100644
--- a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
+++ b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78272589-8416-42af-b404-08bc40662a27",
+    "id": "bundle--2d6f3605-7282-4b53-81f2-0de8ed0ffcf9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
index c5ba0af29e..de9cf72787 100644
--- a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
+++ b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c496cf30-e771-4674-8ad1-3b25b443d60a",
+    "id": "bundle--f2550c8e-0afe-4b99-8aed-33666ca3d5bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
index 3962337e3d..05ff631c74 100644
--- a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
+++ b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d255e232-cdb2-4239-bcdb-82d7a5610f0c",
+    "id": "bundle--ae654eb9-ea33-4dee-848e-f4ba8fd85bbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
index 14b8c39240..5fdad6c547 100644
--- a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
+++ b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--10d300b7-8404-4eb7-843d-ea9a36c107d0",
+    "id": "bundle--24120879-cd15-48a2-8fe9-d45cbaa718a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
index 590bca4b0a..730c19f80c 100644
--- a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
+++ b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40f7d09d-6051-4672-b07e-0ddaa127f745",
+    "id": "bundle--edb55787-87ad-488a-9808-e7464664c7d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
index 6da6146bfc..7d5de135cb 100644
--- a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
+++ b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--505b2355-c808-41db-a0f6-b5e4ad4f6544",
+    "id": "bundle--07c9e31e-0895-41bd-a52b-000683105a64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
index ba1840722d..4d0fa16855 100644
--- a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
+++ b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a37bee2-7f2a-4970-9f7e-b4ee8422f3d1",
+    "id": "bundle--695edc58-1f83-4a1b-8119-80308cabf2fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
index 4c853418bf..81f6a24757 100644
--- a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
+++ b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebaecbbe-ef7a-451e-8271-794b5ea4941e",
+    "id": "bundle--b76175d4-e1db-4443-9ef2-747771c82b35",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
index 9793f133bf..cd738ed55d 100644
--- a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
+++ b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f0fff08-bf4f-43b9-907c-6f87a4af639a",
+    "id": "bundle--1beb17c0-362d-4362-978c-e8f081c27c9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
index 9e82b79fd0..22d28a57a2 100644
--- a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
+++ b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a49da821-d412-4005-a1d8-a7af629603de",
+    "id": "bundle--7b6310d9-5d71-4fd1-ba08-d224f85fe1d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
index bb39685c12..91687a91d7 100644
--- a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
+++ b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--83e09d65-414d-4b9d-b8b3-af112f4e457e",
+    "id": "bundle--e716b445-2dc7-4795-8bec-db32f0036e28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
index 64bf65e7eb..c8c5f75c4d 100644
--- a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
+++ b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a6a3881-1174-424e-987e-f0dd59bcea50",
+    "id": "bundle--c05b9eb4-391e-40c2-a4be-f3dfa1a5f4a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
index 2a6bf9e41f..6fe05005e6 100644
--- a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
+++ b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b881d8f0-816e-4bb5-ad64-d47015110a3b",
+    "id": "bundle--51f480e3-a46d-4ee0-b601-8ec540598bf8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
index e0cbbab1ca..0744a7117e 100644
--- a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
+++ b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a59eb4b-7203-43a4-ad33-a2a621d79f64",
+    "id": "bundle--9c0e29a7-b495-410c-837e-d6259a1f2b52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
index 5fc03a3dd7..a7bce027b3 100644
--- a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
+++ b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff8e7f42-cf16-4ac0-93ca-fafebb8308f1",
+    "id": "bundle--0ce229b6-3fa8-4ea0-8739-0a07e6e3efc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
index 4e2abbf17b..2490cb50c4 100644
--- a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
+++ b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9494e73-3f10-4ec6-94f2-673f02b5817f",
+    "id": "bundle--261e5d61-c640-481e-8d13-bc0c71b7a06e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
index a9a0aa51a9..852f1f1414 100644
--- a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
+++ b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2a50ef9-0de7-402a-97b0-d56748408e1e",
+    "id": "bundle--cff03b4f-ac36-43e8-a17c-f32ac78328e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
index 0b7f040357..6ae67f9e19 100644
--- a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
+++ b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--942c05d9-d7c0-4d65-b2f7-52c8419cd8fd",
+    "id": "bundle--84527d4a-20af-4a61-9d45-b53a0be617b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
index 95c8e1c417..af396c83f0 100644
--- a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
+++ b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--766c6c31-c72c-4298-8e80-8d76c7850dd6",
+    "id": "bundle--64d117ce-bbf4-4f45-8414-45ef53791b98",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
index f862317ff0..ff728814f2 100644
--- a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
+++ b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b3bcf36-dc9d-4fab-a7cb-68ca436e0908",
+    "id": "bundle--efee7739-cccd-4e27-8a4a-34d828223929",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
index bf1e4bc5ed..07d7ea9d2d 100644
--- a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
+++ b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--361ff71a-e17a-4c79-9d19-fa0cd91703f3",
+    "id": "bundle--5b5045ed-5b84-4c45-8710-8be7190a1d91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
index c7c2566217..c5c9e19aa3 100644
--- a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
+++ b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--573b86e0-74a7-47ba-a6e5-c6ac451890e3",
+    "id": "bundle--3ba4794a-da3f-49a3-9dbf-c7a2868adcb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
index 66448fafc5..d5dd2acfb8 100644
--- a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
+++ b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8876032-6795-4083-80a6-faad2613b6b5",
+    "id": "bundle--9362d125-9aa3-40b4-830c-37a350914bae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
index de98f879ef..0ea22b4045 100644
--- a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
+++ b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b26c016-6a6f-4874-8d13-85c63fe08ede",
+    "id": "bundle--c1e97009-aeba-44d0-aa0e-25726a739136",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
index 326763adce..0f4306852d 100644
--- a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
+++ b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d80a2448-5768-4306-b4b3-e86f14d9fe0a",
+    "id": "bundle--61d81f04-0ed8-4646-b518-17457a01e18e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
index d63592abda..f93155c4cb 100644
--- a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
+++ b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7c69dc0-e612-4fd9-ac2a-fffab2af68db",
+    "id": "bundle--dacee3b1-7d1a-4029-8d68-39c733a4b32d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
index 77fa3502aa..c283a2f017 100644
--- a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
+++ b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe5aa9cc-4746-42ce-8e8d-18c575518b4d",
+    "id": "bundle--22923d9a-7887-42c4-a8b1-52339faf697a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
index 5655dcc6aa..faf9cad1d6 100644
--- a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
+++ b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40ff5cd7-f818-4988-9017-6f363e3045ba",
+    "id": "bundle--0811ecd8-1f69-41f1-9686-569187de537c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
index 1df54119ea..9d71e9f2d6 100644
--- a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
+++ b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c45e315-68b6-4c60-8ee5-113d6b7ae8a1",
+    "id": "bundle--034ad782-8abf-40b8-9caa-d4c4a564dd38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
index 287d3fbf03..b03182ba16 100644
--- a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
+++ b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c13add72-5c3b-49ab-96f3-56f27a762768",
+    "id": "bundle--2778ea83-a267-4f8c-888a-6b1a280b62a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
index 0db79ef645..a480a75836 100644
--- a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
+++ b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f1caefb-8d1d-4dca-8899-cdc6ccb8f21e",
+    "id": "bundle--bc7c4bdd-e43e-4ff3-8839-101a6cb76756",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
index 0f91c8e902..9ccd0e3c67 100644
--- a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
+++ b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9229576-195f-4ebe-8a12-4e78b4bc4d45",
+    "id": "bundle--b7a0b3cf-0609-47d2-bf1c-ed5c1ac671f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
index b407ce4330..6d048d65e3 100644
--- a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
+++ b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed049b20-5e89-466e-9141-66f1ac6a48ac",
+    "id": "bundle--4f56e152-33d9-453c-92a8-7c7b6f0c2793",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
index f9f4c0d5f2..5f4d724293 100644
--- a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
+++ b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2db47b96-76b7-4a76-9fa0-e24a841f90cd",
+    "id": "bundle--fafebc52-b285-458a-8f6d-3ef58003d59e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
index f786e221af..bc68348601 100644
--- a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
+++ b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--833d09fd-86a2-4ed9-848d-239b6551dc67",
+    "id": "bundle--aaf6cf02-f9b0-47a5-844e-f19946499a21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
index ca19933bf8..e817cd219e 100644
--- a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
+++ b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8f01158-633e-431a-bf4f-1ffb025205dd",
+    "id": "bundle--b0fb78f4-71b1-420b-ae29-4bceea46bd06",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
index a30bd2809e..e3a7848f92 100644
--- a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
+++ b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d58fe899-de4c-4476-9380-7a38fd5f7bf1",
+    "id": "bundle--18f04008-22ac-4c6f-b9c4-38ceb1ba33ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
index 68af556b7d..78d7572168 100644
--- a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
+++ b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca2c5aab-f376-42a3-ba49-2533bdf24746",
+    "id": "bundle--989eb66f-95b5-4d98-bee6-10e81d5ae0bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
index d7e16acde6..f2d3d00937 100644
--- a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
+++ b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9799908-12ca-45c5-911e-bfbc205c99da",
+    "id": "bundle--479acf89-ddf7-4c86-990a-a988df474e83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
index ab93e2f583..43f1db5876 100644
--- a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
+++ b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0aa5d283-99e8-446f-8f8e-1de1970679ac",
+    "id": "bundle--c72edc1c-3b19-4e9f-9cc8-23bf77e63eaf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
index d1d89773c5..11d0131510 100644
--- a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
+++ b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6773266-478e-4c4e-b789-9f68de39cc3d",
+    "id": "bundle--eed9b4e9-79f5-47ff-a193-3cd83b6d3c20",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
index 0faaa61828..9c8a729c55 100644
--- a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
+++ b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--495317fa-dcd9-4bd2-8348-2c1af37bdb05",
+    "id": "bundle--3628584c-6943-401f-8188-fb8c838d6b5a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
index 1103203c74..d0e65e275f 100644
--- a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
+++ b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2cd91ffd-eba9-482c-807c-ea3b444faf8c",
+    "id": "bundle--de49820c-6299-4280-9e0b-6ea9d7ca3295",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
index b00467b7a8..c120dc6ea6 100644
--- a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
+++ b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdf73472-5586-4bb3-a0f1-c8f70c2c8833",
+    "id": "bundle--75dadfae-092d-45ee-8ca1-b8757954d84b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
index 9801dbe862..dd4b2f958f 100644
--- a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
+++ b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--367a838e-6621-4cbc-ad7a-cef87db1ae3c",
+    "id": "bundle--fd2b9ad3-61a4-4442-b678-b845087201aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
index bcc0c611ac..149811eead 100644
--- a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
+++ b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31709ac0-177f-4a3b-b0b6-b6c40e4a787a",
+    "id": "bundle--2cd54212-a73c-4987-9fe1-183599c3b2ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
index ea5987564f..70262bef8c 100644
--- a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
+++ b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b2118d7-6728-47e7-8d8a-fa7c2ff8f09b",
+    "id": "bundle--189dfe8c-de78-418f-9bb1-a13cda46ff9a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
index 8ef6450e77..9b8567969e 100644
--- a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
+++ b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fd801b6-cb23-4271-a497-cab9b975bb2f",
+    "id": "bundle--c0689035-93f0-4d2c-b0e5-05b848fdf905",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
index 4b623fe888..f56d3ddb56 100644
--- a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
+++ b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--903db14f-dc66-499e-b21f-83aaaef453c8",
+    "id": "bundle--c0b4f3ca-8131-46ec-9620-af9132da11f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
index 9f4b2e60ba..bfe888f129 100644
--- a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
+++ b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b149ee3-21f8-44ba-ba51-f02456d849e2",
+    "id": "bundle--f1d7faaf-d76d-40dd-bf54-7a372471a6a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
index fb51780353..30b570b9e4 100644
--- a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
+++ b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ae08226-f541-4ac1-b2c7-ae625d249972",
+    "id": "bundle--15689f3e-abf6-4d93-acd1-39b1b6c496f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
index e208c8fdae..edd3c03bad 100644
--- a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
+++ b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af204521-cce9-40d2-91f4-7653c681d9a2",
+    "id": "bundle--f776df9f-7a75-47d2-a28c-cef69b724d7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
index e095993e09..544aec1258 100644
--- a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
+++ b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e4da8a4-bbd2-44c4-8f04-5bc3df0dbba0",
+    "id": "bundle--b69820b4-170a-4c1f-b512-e7e981b37325",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
index e46bed41db..da4bc8c2ae 100644
--- a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
+++ b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5c33253-0467-4279-a165-1965b55e594f",
+    "id": "bundle--3632682c-df50-4e87-84f5-d8411eb7144f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
index 5da770f592..1ba86ea298 100644
--- a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
+++ b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e252c86-ad68-4ac7-a614-cc98761cf15b",
+    "id": "bundle--4da15e5d-6824-4769-b960-f67bb5d7251a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
index 15182a99e7..e19d5c439d 100644
--- a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
+++ b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f616389-e75e-4ec2-9c4c-d828d3bcaea2",
+    "id": "bundle--10d90e17-db24-4d60-bfe2-4dfa99ded08d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
index d98f244375..6e10d5152a 100644
--- a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
+++ b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c0dd322-c071-42ac-aa52-bb8dcd7f18d1",
+    "id": "bundle--2896c0a0-1cdd-4f79-bae6-4cb44fdf12db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
index 26f6585ada..60f74a81c0 100644
--- a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
+++ b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68f5c790-1f34-461a-bd06-159f68e84e62",
+    "id": "bundle--bff04d30-596a-4b0a-87c5-e9d9b8642271",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
index 575246b628..69902fb45f 100644
--- a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
+++ b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e771ceca-cd5a-4cdc-b75e-b1b67b498a46",
+    "id": "bundle--ca3fd80a-9604-4379-8586-b909dcf1447b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
index 9ef5455509..d1dfb8b93b 100644
--- a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
+++ b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e79520f-2b26-426f-a32c-a5ded7e0ae8c",
+    "id": "bundle--11e7b78d-1fcf-4b08-9a4d-b985a1db5f69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
index 2105da3eea..f7ecddd362 100644
--- a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
+++ b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af1064ed-4476-4311-94b0-723aad617b71",
+    "id": "bundle--2a02dace-c2bd-497d-963c-a2945b386fa0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
index 94aafd461a..d086b19e98 100644
--- a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
+++ b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c5fb729-ca4b-4052-8e41-c0286bfd69a2",
+    "id": "bundle--1057f6ac-47b0-4176-9f7f-df9102295f30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
index 298a0d4d22..1f1283bc33 100644
--- a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
+++ b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--123e28ae-28c0-4d9e-91a6-eabb3d018fed",
+    "id": "bundle--e486e0b9-5fbe-4003-84d9-e2fa7371bf71",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
index 577d02253d..13a0cfab28 100644
--- a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
+++ b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03667b45-10bd-4b7b-b380-d410be0c6052",
+    "id": "bundle--6b055e59-898b-4c85-8fae-e377b63aa65f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
index 96b91733b0..9148e19a74 100644
--- a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
+++ b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--349e3722-fb8b-43b4-8f8e-5b7a60750461",
+    "id": "bundle--81527b7a-4434-4065-af8c-bd0e9d4292d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
index be767b51de..2cbc7a1ff4 100644
--- a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
+++ b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a39eb1f1-0b88-4048-94f0-ed94bf17c69f",
+    "id": "bundle--c5e1903e-c4c2-4fb7-8a76-37f718f2d485",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
index e20c1a2660..f82dd2180e 100644
--- a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
+++ b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a72c2a02-2fe8-44ac-a308-9ccec2cec38d",
+    "id": "bundle--414e9af8-352a-4da7-8266-83f04f1d0377",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
index 428a1ddc41..a9f11955e9 100644
--- a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
+++ b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--918a7b3a-dd32-4bbd-a530-6034e9a9c915",
+    "id": "bundle--e18be0fa-de60-467b-bedb-b12e0f73552e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
index 0387dfcba3..9693073446 100644
--- a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
+++ b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--158695d4-dce5-445a-a0a3-a866f4ebf6e3",
+    "id": "bundle--dd4e1cad-be97-4afb-8286-51966251f842",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
index 722252aa52..c901e5a374 100644
--- a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
+++ b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b17a24f7-7982-4e6f-9841-0e1258d6505c",
+    "id": "bundle--3d5efea9-01c2-40a8-aee0-20061fa7339f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
index f40663e035..0bc4bfa466 100644
--- a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
+++ b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bef7e11b-9c7d-4aa7-860a-25ac45595b1d",
+    "id": "bundle--1e116e62-b436-410e-ad9c-6b1a1f136d67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json b/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json
index a622d2bf49..c9bb9838e3 100644
--- a/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json
+++ b/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a981cccc-e9ae-4501-9adb-48373cd838aa",
+    "id": "bundle--237a2e4b-3036-4c97-9a15-fcf64b650a23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
index d22ac8b63b..806b2247f6 100644
--- a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
+++ b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30decc15-ef69-4801-a6bd-547c2595c8e9",
+    "id": "bundle--1ae32bf2-77ef-4db8-990b-75cf0d3f45db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
index 977f346e14..6dea4b7e47 100644
--- a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
+++ b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d37cea90-c15d-4c52-bd4d-be576a1134cc",
+    "id": "bundle--d594e270-5122-4348-903a-261a58216102",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
index 607c11415e..15cfdec8ec 100644
--- a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
+++ b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e6d930ff-ea7b-4588-ba52-f02149127966",
+    "id": "bundle--c101acd4-65c7-497a-afb5-7a16a38557b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
index fac79d45e9..d175d86406 100644
--- a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
+++ b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78d20c5a-8a0b-4a8d-8d5e-105273d36950",
+    "id": "bundle--36f8e729-0da4-4786-83b7-b06dbf824bb8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
index 5f6a0f6286..af4062252c 100644
--- a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
+++ b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24ef7db3-cc83-4396-ae10-cf3b45b2ced7",
+    "id": "bundle--a0462f9b-9ca7-4474-88e2-38854083d903",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
index b49e98b6f7..fd422d3185 100644
--- a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
+++ b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b2fef3b-0bf7-4e99-8c33-6efd70727b45",
+    "id": "bundle--999812d9-6e4d-4d6d-a1e1-844e92452c89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
index 5252bc7266..99819188e1 100644
--- a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
+++ b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd5d9552-b7f2-47f6-b5dc-3765b379afbe",
+    "id": "bundle--cf5ca48c-01e9-43ca-8562-31b1d6166e7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
index 92ac350cd7..2de63269dc 100644
--- a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
+++ b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--575b94b8-a209-492c-a141-8a436bbfb810",
+    "id": "bundle--1a656760-2da4-4a72-a63d-ea0facf136b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
index 3fe7bd0636..a0ff1480c9 100644
--- a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
+++ b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e399f6cd-0af6-42da-8b5c-1021018459f0",
+    "id": "bundle--c30f6fcf-6dea-414f-87b1-f8cc4605c36a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
index 37186c5ed4..9c7b3edeca 100644
--- a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
+++ b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--10d083d2-459c-4b2a-a387-b6bc1d24dadc",
+    "id": "bundle--4ddbdf9e-4a1e-4abd-b264-c6197a4966c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
index 8c1f47d256..7fc99e2324 100644
--- a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
+++ b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c5ba72c-0355-416c-97aa-6db28f7231a2",
+    "id": "bundle--4b13d99e-dd86-4078-8d58-7bf04bb19e51",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
index b05b21ffcb..c7038b3cf6 100644
--- a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
+++ b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8e45861c-4e92-4ef9-8f58-655d1f904514",
+    "id": "bundle--351d082f-3cb6-4350-9b61-319c4db7e02e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
index e6d3953b6d..80d93969c5 100644
--- a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
+++ b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4932e85-3960-4be3-845e-f5a55c8b639f",
+    "id": "bundle--1611500e-b9ac-4bca-8252-dc8f631c9340",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
index a1e0dd082f..04bd66d593 100644
--- a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
+++ b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4df31979-5350-4b39-9f90-0339d0ce2eb2",
+    "id": "bundle--e7d8b20a-2846-4224-af7d-a75c2e3fa136",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
index faefabeeed..47f42579db 100644
--- a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
+++ b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c2ca3a9-5f59-4792-af80-dc011bcef543",
+    "id": "bundle--cf336034-db6e-49e4-9de0-9d332c7989c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
index c77a08d53e..3809d5013b 100644
--- a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
+++ b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8e21dd2-d8d6-451d-ba02-433b4e6d65d2",
+    "id": "bundle--5742b271-d1ce-47ae-b604-5e3120bb2c70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
index 6079d0f258..e1f794e7a3 100644
--- a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
+++ b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bdc071cc-b6c4-4c36-a056-cd721619bfc6",
+    "id": "bundle--7b956e27-61fb-414b-b5b5-cf145aa1b37f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
index 3561c76eba..aface68803 100644
--- a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
+++ b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d7e3ab3-e5c1-4b22-9de6-77867874e62b",
+    "id": "bundle--deb16c19-a935-41f5-937f-d1603b064d95",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
index 9b8af4533b..5efcb7de18 100644
--- a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
+++ b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79df06b8-2109-4103-ad80-1ecd0d334515",
+    "id": "bundle--ca8a56b1-574f-4ce4-bce2-0249581e9162",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
index 6fca95aacf..40a8fee38f 100644
--- a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
+++ b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b79f0577-520b-4941-b4dc-2af2e24494f2",
+    "id": "bundle--cd17e051-7d89-4250-b21d-f421b07b7a38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
index 0d628d63c5..9a7978c07d 100644
--- a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
+++ b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc810d03-66c5-446c-b041-c79bb1917045",
+    "id": "bundle--59863b0b-18f6-4ec8-a015-acb2ebd9da18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
index 7f61aa1823..b090c18ca1 100644
--- a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
+++ b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--df2e8213-eaea-4751-9221-704a4d41daf5",
+    "id": "bundle--3f9e1967-eb49-42a1-9299-ad12cbf7c1a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
index aa51849b54..c1ac8095e4 100644
--- a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
+++ b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5285db05-3561-4a39-ac39-a491ad9c974d",
+    "id": "bundle--765b96b9-d987-46a9-b5c9-ed18ad157897",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
index 6ba3184992..a776c67d29 100644
--- a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
+++ b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b08b1781-84fa-4569-ab0d-4c1dfbd1509a",
+    "id": "bundle--86e6efbf-85c1-4331-8b96-f8a3f529238b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
index 01f5e1270a..6b86079c12 100644
--- a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
+++ b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07966d29-c194-47ba-aa19-dbee22c6d869",
+    "id": "bundle--808e867f-af51-4bd8-9c31-292f89bc4b16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
index 2fe79bc5c4..52a99b7abb 100644
--- a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
+++ b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e01c836-566e-4dd2-86ff-a1c38ec8072f",
+    "id": "bundle--a5f39680-e198-46e3-909a-78f07ae0fdc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
index ebe5a2cf1a..f66220a2ef 100644
--- a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
+++ b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dfee529c-29c0-4870-9277-d649b7abb8d4",
+    "id": "bundle--73222448-c4b2-47dc-b507-83105c0ac0f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
index f05f77f9af..5dbe55a11a 100644
--- a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
+++ b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da0ad2b2-565f-4052-9ff0-f65236447599",
+    "id": "bundle--f64ec752-0b29-4583-8989-ea24434f9a00",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
index 4caacedc2f..8e0913c18d 100644
--- a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
+++ b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7949b27c-f437-4d73-b334-9c6f27500e31",
+    "id": "bundle--cd796b4d-19a8-4c3f-b778-e91ca9fd608c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
index 51231b7e0f..ca9f9ec460 100644
--- a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
+++ b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f443b465-5a27-4a68-a894-487efff05973",
+    "id": "bundle--c1b41475-b9b8-4c64-bb8a-37c6e7391ce5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
index ea7cb850ac..9fccaf5654 100644
--- a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
+++ b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06bc6b08-a559-439b-bd10-98dd12510eb0",
+    "id": "bundle--974dcad0-8173-4b05-a428-23a105fd0c2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
index ef5759669e..b8c191abe7 100644
--- a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
+++ b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aaa3bf50-1023-4183-889b-e51aefc0cf62",
+    "id": "bundle--5691226a-89db-4185-b065-34c01ecaf8d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
index a24a02d431..4417be846c 100644
--- a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
+++ b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6414989e-4d1a-4c58-9dca-9628e8ec4071",
+    "id": "bundle--0568690c-868a-48e7-8410-9e96d0bb8695",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
index 5d1ece9d99..4217333e51 100644
--- a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
+++ b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--89872f55-8e12-44f1-acd8-fa5fde5516e9",
+    "id": "bundle--468e2764-99f5-429e-9996-7abd910b9281",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
index ba2ee10bcf..ed1a20f758 100644
--- a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
+++ b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7e3d506-dd40-4fb0-bcf5-54a1c975e801",
+    "id": "bundle--fa151808-a1ac-421f-a747-d391db6981b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
index 3f02ca301f..e11d090da6 100644
--- a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
+++ b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c966487-52bd-4a15-95cf-6adac895f297",
+    "id": "bundle--4b28f11b-816f-46a9-9fb2-0181123cbb4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
index ca4459116f..2b3194a355 100644
--- a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
+++ b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d455124e-39ea-4a01-9fe6-7c75e1a95d5c",
+    "id": "bundle--f3f572a7-9684-4014-a87d-51ef3f622615",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
index c2eed38bf8..625836b6a6 100644
--- a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
+++ b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b7c8033-0d30-43fb-97d4-a8bc003afba1",
+    "id": "bundle--5ee54a4f-d78e-4afd-af08-2ae0f0a14360",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
index 734957f363..4274f34f50 100644
--- a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
+++ b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb1a48c7-7a03-4935-bf2b-17618c1237a2",
+    "id": "bundle--f0631fe6-68dc-4a0d-ad01-757e2ef4fa90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
index 4f7f8456fa..d619c17ed1 100644
--- a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
+++ b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--db67707c-e77e-4b3f-b550-59c9ee540a51",
+    "id": "bundle--7c7ed6a2-9e1e-4cd6-bf66-4cb580973009",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
index 337ffb6b24..6b1193034f 100644
--- a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
+++ b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9f9e2189-fd24-47d8-8d55-d9665d67ac76",
+    "id": "bundle--f4376778-e38a-49e9-a100-ded03fb3079b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
index b26925a9fc..f737ca2997 100644
--- a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
+++ b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9531985c-7b44-4e5c-aa6e-1a78653c07c6",
+    "id": "bundle--c6d9a1bd-7a23-45ad-b6c2-0dbc7524da7b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
index 0e379af342..53921d0f6c 100644
--- a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
+++ b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8314574-d48e-4afe-897a-36a8d086623c",
+    "id": "bundle--59db8f7b-99eb-417a-876f-079a3e510762",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
index 63ac3bfed8..0a0b19d022 100644
--- a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
+++ b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d86af4f4-67e9-4865-a848-19fa8b216b8c",
+    "id": "bundle--206cd712-61d5-4e95-a4a8-0dd8b673a6a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
index 17ebfcfaf8..a539dcd3c0 100644
--- a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
+++ b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b43cdfa1-ad40-41da-b7ec-b0b2e4892cb7",
+    "id": "bundle--e4e3d9c7-7842-4347-ae1c-f822682aec41",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
index 3fbe566f23..0c2408f7b1 100644
--- a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
+++ b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d13115fa-dc6c-4346-b6e4-27df3371b74f",
+    "id": "bundle--1711f4d5-b5ae-452f-b443-2319cb7d0c5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
index 09a7acde5a..46daa9d929 100644
--- a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
+++ b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8e7fec89-f192-4070-96aa-87afaf48f7f6",
+    "id": "bundle--4bab666f-89bd-412a-b5da-0dddcabd63b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
index ae6ca7b51a..e7533478cd 100644
--- a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
+++ b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b433412-911d-482c-b6a8-501e7de1486a",
+    "id": "bundle--a0cbb8dd-8887-412d-8013-b8d9d4e54f42",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
index c28ad47fcb..479cfeec7c 100644
--- a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
+++ b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98837b4e-394d-44bd-89f1-e828a17b2361",
+    "id": "bundle--6df7e458-300d-4ff3-9c64-3ed8bffb66b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
index f3a1b55f42..045d0d2ef8 100644
--- a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
+++ b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--415974de-0763-4268-b31a-cfc4d90c952f",
+    "id": "bundle--f07f89bb-5caf-4fc5-9bf3-cb514658f3e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
index 43bcabd341..adf26863fb 100644
--- a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
+++ b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59d3e2e8-7e53-4f81-8e42-2dce61ba3bc0",
+    "id": "bundle--250988ed-97f3-4fcb-93e4-3f3db1cebb6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
index b45b44a2ce..044892f775 100644
--- a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
+++ b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea3b2dc5-7b35-4e85-909b-ad5120329c9f",
+    "id": "bundle--508003d0-f5ef-48d3-9324-0ef566885d3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
index 113fed0b38..9bde979f58 100644
--- a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
+++ b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8fdd0c99-c265-41b3-a083-031c0da26890",
+    "id": "bundle--d36dd4b4-7fd6-4bc7-a7fb-427a1ed3015e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
index 84f56cb7ce..1e88c032fd 100644
--- a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
+++ b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d76b0dd7-cd14-46c2-800f-df2864dc2228",
+    "id": "bundle--6d1c25e8-5474-43ed-8e4d-a136e2efa6d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
index a4ee53417c..629c4ceddc 100644
--- a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
+++ b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f22d79ca-2ff7-4aa8-a20d-a271d2e03e50",
+    "id": "bundle--d33b1455-0a1e-4be0-9274-c2dd79b9eab5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
index 1f9c309284..f6beedca62 100644
--- a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
+++ b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4e5f2b9-fc5c-4e17-9e70-dac3fef32c0e",
+    "id": "bundle--668a0a0e-ab43-4168-b7fe-baeb0b1e3576",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
index a4d3d95533..030c5cc931 100644
--- a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
+++ b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13c89953-2442-4755-a6fc-b36e6a89c8f4",
+    "id": "bundle--a672944d-f220-411c-8e1f-126b3bd253a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
index a1501ede92..a8f76e808a 100644
--- a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
+++ b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95e1c496-a96f-4a12-867b-01ac18b0ba51",
+    "id": "bundle--dc22da4a-f9c9-4b3f-9c95-201e6deacd31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
index 1836c43fcc..2c1f6df28c 100644
--- a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
+++ b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18d40be2-5ed4-4d14-9427-3ea0b506c606",
+    "id": "bundle--49ddb18f-dce5-4e2c-91ee-2d2974f795be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
index 4dcc415e76..b6414b38d5 100644
--- a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
+++ b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0c96e4c-0001-4f5d-961c-590897ad6598",
+    "id": "bundle--6962d20e-f585-49d5-b7da-a555635843ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
index 9c6c4d6084..c19f488e45 100644
--- a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
+++ b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--007fddcf-b80e-4724-a942-388199537f04",
+    "id": "bundle--510abacd-4cd6-4262-857f-999217a766ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
index 3cec61e97f..86757c6f0b 100644
--- a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
+++ b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--132f4a80-434f-489b-8052-24d94e1832f0",
+    "id": "bundle--7220de95-90ab-40dd-9d5a-6cecf0152f79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
index 51d854992d..11bd345b15 100644
--- a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
+++ b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7b818db-c457-4742-9649-7841e214f5e4",
+    "id": "bundle--973b2d79-025f-47c0-b622-e286306e2d59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
index 5c6ac428de..4d51ab88de 100644
--- a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
+++ b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84997d67-3157-4c3a-a684-f148161db347",
+    "id": "bundle--43bf7a80-be72-4050-8851-32470611dfab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
index 3b9b57fc31..9ffd64e633 100644
--- a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
+++ b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c9ff0c9-ccdd-4eea-833d-5aabf7340a30",
+    "id": "bundle--6d4773de-96a0-434f-b026-802eecbebde3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
index 6770a2b04c..5e085cc05d 100644
--- a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
+++ b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4278cd3-5978-4761-9754-ddba74134fdf",
+    "id": "bundle--0e4a20d6-8c20-48c0-90a5-ab4178e58d8e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
index c97f151e06..c4b68d5cec 100644
--- a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
+++ b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7cb33b82-eaed-47f1-a9c3-d52a151cdfcf",
+    "id": "bundle--4df8bd42-e6e4-4dee-af2d-c35b320498cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
index e1a491c3e7..aa29270092 100644
--- a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
+++ b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f76d4c55-07ec-44ac-8518-9da1306ad1b7",
+    "id": "bundle--46f997ba-9d29-4631-886c-8bc68bf1c024",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
index a698cf9af4..7a9438410a 100644
--- a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
+++ b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5af0757-25cb-4006-94ea-2820b84990e7",
+    "id": "bundle--60b9ada6-f290-46ee-9351-14f5afc79398",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
index f469c40521..7951380ddb 100644
--- a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
+++ b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--203dc0a3-b3c9-40b9-b49f-5b51ba3f53f1",
+    "id": "bundle--3b9d0b5c-554a-4893-a68d-a1b67e1632b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
index 3e71fdfd79..166ab0a9b2 100644
--- a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
+++ b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6284b4a7-89b6-4dff-9d9f-39139b0b711e",
+    "id": "bundle--d55e1afc-deef-4a0c-b9d1-bfe58276df22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
index dd50bdc9e0..712c8d3707 100644
--- a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
+++ b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--db4e2b31-1946-4dea-9a73-8a8895aa63b5",
+    "id": "bundle--ebd2e95f-1430-43f5-9ccf-c98a7098f315",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
index 045f746761..fbdb60ecf4 100644
--- a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
+++ b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ecf18a7-7e83-45f1-a90b-00db58498f99",
+    "id": "bundle--c105773f-4e41-45f4-b929-dc2f1ce7cecc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
index 07646ae24c..bfa7758735 100644
--- a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
+++ b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cde0befc-d30e-4dc7-8f35-1a271c3405c5",
+    "id": "bundle--7e8d11ee-0bdb-4214-8269-b28e2eed501c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
index b9e8d1c400..d153da7a5c 100644
--- a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
+++ b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8d3aa24-4f0b-42c0-8bdd-570df242d91a",
+    "id": "bundle--8ee46e2b-a347-40c3-97be-6cb8f7a33b39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
index fc1bef609f..7288a0facc 100644
--- a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
+++ b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22f04468-afe5-4648-975e-e281d2b9a6a4",
+    "id": "bundle--401291dd-5248-4e31-be12-c5ab7da10bcf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
index 55ecafeb11..3fc7e15b99 100644
--- a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
+++ b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--853ebc65-89ec-4224-9105-88c394a3fe6c",
+    "id": "bundle--6e4dc19a-39f9-4764-99c6-e8a99bf2eb3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
index b5c8b84d0f..b0b02ff53c 100644
--- a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
+++ b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2f20d96-b59f-41fc-bd2a-30b8e7ad7832",
+    "id": "bundle--c24bab03-797d-490e-b845-577b2561defa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
index 52703c0f33..5d003d67f4 100644
--- a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
+++ b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--91c84b51-2050-404b-b50a-dc8b99b324d6",
+    "id": "bundle--d8cb0329-58cf-4b8c-9726-826dcd7ed8b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
index 9f5627d89d..f68f6431a0 100644
--- a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
+++ b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9ae69c7-bfaa-474c-acb3-ddbd57a553ed",
+    "id": "bundle--874ee688-bcb9-4529-920a-48c499fcba9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
index f9be3884c3..7d9f80e240 100644
--- a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
+++ b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a93f8b1-d229-4112-b82b-e049cab78d3f",
+    "id": "bundle--8cbd52e4-0da7-4c7b-aa6b-9c108d159630",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
index 67f58eff5e..8b43955bfb 100644
--- a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
+++ b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7146ab8f-0e24-46a9-aa7f-99a3c4a33893",
+    "id": "bundle--3d2765da-1c57-4779-8543-c70ab1a1fe16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
index 209d12fcd1..dc66576125 100644
--- a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
+++ b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--380662a9-9973-41e1-8990-71c6d56114eb",
+    "id": "bundle--f079c0fd-767a-48f6-993c-2a141c6c538f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
index ffeb4cdadb..3c89912c99 100644
--- a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
+++ b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--74512b3d-9e80-4231-bd8c-ccf61494833b",
+    "id": "bundle--95a17cc9-1a8a-4c17-b677-85934ae2dc6b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
index e59dba7c06..cc97c559c2 100644
--- a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
+++ b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9acd1c4-0847-47d2-b996-a8cc7831cd7e",
+    "id": "bundle--7954c474-29c2-47a9-b3ef-acb433041b49",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
index 9db46097ae..5c4f3cd2fd 100644
--- a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
+++ b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2e4006f-180b-4190-b21e-3e7c1f0fc1aa",
+    "id": "bundle--fe9cfbdd-fec1-498f-a147-5b80bfca458f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
index c70bf63139..8fba19171c 100644
--- a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
+++ b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc6606d0-96cc-452d-bf86-d4a95436b5da",
+    "id": "bundle--68cd9a60-dc93-4e31-9989-8f4a79789b4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
index 588448c7b5..87ae359d31 100644
--- a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
+++ b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0ecc961-2b26-4743-8990-b52077c38cfb",
+    "id": "bundle--498fb8ce-6fc4-4de2-9f29-df0a44d6c0fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
index 54a2c28fee..282eabab4b 100644
--- a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
+++ b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9a64dcea-643f-4704-b2e7-4f8337b5ef16",
+    "id": "bundle--c32ac2aa-8858-41a7-9690-cd6fb566fa4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
index 871fc1d37f..21054dfaa1 100644
--- a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
+++ b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec85b71c-1aa0-423c-a184-671b3481eaba",
+    "id": "bundle--0e96de41-e1d8-43e3-a46c-95feef0a56a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
index 06dba30797..04a2fae2fb 100644
--- a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
+++ b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da852565-9b6e-4770-992d-1c448a44d54d",
+    "id": "bundle--51179703-69c6-4f86-9ef2-6f4f4f5633c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
index 4a09fd981e..02ed7afbf3 100644
--- a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
+++ b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c7606f2-93af-4ff8-8048-900e36daff92",
+    "id": "bundle--facd5261-2e38-422f-8ab2-4f17af84026e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
index dad1f1678d..76acd9f810 100644
--- a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
+++ b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1d415bc-0c02-4a82-af21-a479108f599e",
+    "id": "bundle--999946c4-3c7f-4cd3-b531-42d8830d7d0a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
index 87a094a73f..48e3d004bf 100644
--- a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
+++ b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--200142d9-27c2-41cd-8589-12b963d82be1",
+    "id": "bundle--07565527-2e67-4d00-a3ef-4fb08c1c64db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
index fcc8e55f1e..db94aa352a 100644
--- a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
+++ b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c440b339-8902-44ac-89cc-516226661e41",
+    "id": "bundle--b0d538ad-b41f-43d1-9f30-f4441ea54c22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
index 691caa8cef..0769138797 100644
--- a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
+++ b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53fbf1b0-5ee7-467d-8e83-7d102c9602fc",
+    "id": "bundle--d13c55a6-f0fd-4429-af62-32ffe285c1ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
index eb13090829..09a7b8ef4c 100644
--- a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
+++ b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb3d5451-6769-4c36-b38d-113cb3b5ecb3",
+    "id": "bundle--0cbeccd3-1689-4420-a525-9d4c1692114b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
index e704f601fb..e6df60d082 100644
--- a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
+++ b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49191850-d60f-4516-af44-cee9feaf033b",
+    "id": "bundle--b398ce39-78f5-4120-ba1a-1e0bb6eb17b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
index 7dffe8c565..25152ad85b 100644
--- a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
+++ b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a90c8a0-1e09-44b3-b293-7b5c49078d60",
+    "id": "bundle--87613664-7df4-44c1-beae-57d0e2ee383a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
index 6e6a8c2746..1d905b1bad 100644
--- a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
+++ b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--965467c2-5026-4c40-a6f5-9098490c8088",
+    "id": "bundle--be0e2f9b-29bd-4e9d-a79d-bbeabca1a0a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
index a4985e5d64..2b966b03dc 100644
--- a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
+++ b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc0d8ec6-582e-4f6e-a367-bfe057ea445a",
+    "id": "bundle--c2951391-4d99-4326-86c4-6f1ee0d2cb32",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
index a929aa76a7..26201dd3b6 100644
--- a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
+++ b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3cde1272-1556-4f57-ba3e-661ca8bdf04e",
+    "id": "bundle--cbf858cb-bde2-4fe6-bc89-06b7946c90eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
index 0a39675f0a..d17fd017c2 100644
--- a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
+++ b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--831da70e-4615-43f6-ad62-aa4c2be0d3b9",
+    "id": "bundle--a4e590ac-6e09-4cee-b8ce-f41666e48997",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
index 8f94cbe90d..4906a010ee 100644
--- a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
+++ b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--58ad538e-1a9a-4e19-842e-93989d7c49b3",
+    "id": "bundle--553a23c5-de82-419b-95b0-a383622fd560",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
index 59199919cc..85e1989434 100644
--- a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
+++ b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ec42073-702a-41d6-a418-341e424550f1",
+    "id": "bundle--63d9fdcc-bf20-4d31-9126-9445e4aafdb7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
index 6e750a936d..71f4f77ee4 100644
--- a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
+++ b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6a9b601-a1db-49cb-9cbc-0adcc6df358d",
+    "id": "bundle--05899b73-ce16-4e22-af3b-62d36f1a4852",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
index 67cae9c99d..35849e7cc8 100644
--- a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
+++ b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe4e9150-96c4-41a8-a5db-df1062ac1d80",
+    "id": "bundle--7a99d07a-be5d-4fc5-b3c9-dbe132e48b6f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
index 23c025f034..22169ef880 100644
--- a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
+++ b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f1286fb-38a2-48e2-9204-137263dab0b9",
+    "id": "bundle--37dbe5d0-01bd-4952-a43d-24900dc5ae8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
index 1ac1ee457a..718159ae15 100644
--- a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
+++ b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37e93d1e-edfd-4ade-bd90-4dc7ceb449c5",
+    "id": "bundle--b01770cc-619a-49c9-be67-0bf69c2e120a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
index ca4c214f57..0e4faddc68 100644
--- a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
+++ b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ff4e79b-8d7b-4bf3-be31-42c0b8034422",
+    "id": "bundle--023e7549-1fbd-4d45-afbf-7e51143b5b3f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
index 953dd50bab..0578aa8728 100644
--- a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
+++ b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca2a8cd2-a7c6-4229-9eef-489e1807dcd4",
+    "id": "bundle--76d6e68f-f466-41a1-9ee9-4af918667d7a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
index f484a5ed34..57f7d1a8fa 100644
--- a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
+++ b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ac00156-3b41-4de8-ad20-301db626233a",
+    "id": "bundle--337a2abf-f949-48c3-9f88-fab75092bc57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
index 68e29fee24..8ec626831a 100644
--- a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
+++ b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1b8da8a-bdae-4661-b343-69006323b71a",
+    "id": "bundle--fbefa761-4aac-4aef-b027-18b3dc0546ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
index 3271fc306d..b71ddd6ab9 100644
--- a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
+++ b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40e64804-8b4f-4a35-b04b-d43eda2812ae",
+    "id": "bundle--b08dfd1b-3e48-4bfc-9aeb-70fd09cbfc99",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
index ef8a616bc0..fb71af8fe2 100644
--- a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
+++ b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6de4ae3e-7489-4e33-892a-b7ede3d74d32",
+    "id": "bundle--672e1434-7316-4f35-b97f-3b636b7c19b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
index 291c2dcd74..e0b8ed2c36 100644
--- a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
+++ b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94560257-3c37-4569-a155-ccbc7ac4781d",
+    "id": "bundle--da2b5af8-6e20-437c-9a2f-8725cbb6caed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
index 801e62d126..f4782ecb53 100644
--- a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
+++ b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15cd0801-5cf5-4da4-9802-8f2e4b010a5b",
+    "id": "bundle--e20279a3-1a44-4334-b005-3af23f63d3bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
index e6fa72201b..bf0ad5292a 100644
--- a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
+++ b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--17bc4cc7-ab5d-4d46-9e28-036812d5667d",
+    "id": "bundle--7d16d392-fa7a-4766-8104-1b2f019cb684",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
index 09dc639f37..cb2916f790 100644
--- a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
+++ b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2b9a0c5-af65-4b3f-a4a9-7a9979c86c71",
+    "id": "bundle--8581bc58-af23-4a36-be28-133306730131",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
index 88831fc83b..15f70603e2 100644
--- a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
+++ b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5aedb0d3-1f9e-4bcc-8277-dec0d8950100",
+    "id": "bundle--f1ba3bdf-9b6c-495e-8411-5c30a0d24416",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
index 8a6cfffc9d..5ba6bdede3 100644
--- a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
+++ b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44036b73-e10f-43d7-92ba-059eef1eab78",
+    "id": "bundle--c194252e-4b00-4cf8-a944-d0432991dde5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
index 622e0fc131..9901443822 100644
--- a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
+++ b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d12ff5e-8428-42c7-90c8-b2b5251a875e",
+    "id": "bundle--6537b5b9-0b10-4046-83e8-6eafcd75f91a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
index a196e628bb..e3788a81a2 100644
--- a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
+++ b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99773dda-43cf-4b19-a7d2-de9bc4313b56",
+    "id": "bundle--13a9db77-0e51-4380-b276-cdc8e3ef39ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
index 214cfdcde3..df2b1c135f 100644
--- a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
+++ b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64c2e368-3c1e-4684-a0aa-8fad3bded9ca",
+    "id": "bundle--3a0bdc86-a78c-4c98-976f-2a176407409e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
index bf2e2a3242..7bcd5a0799 100644
--- a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
+++ b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d381aedf-b95a-4c0a-9d94-8f1a117dbdaf",
+    "id": "bundle--a354e1d8-aa82-4f99-80e9-cd67f9a933dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
index 32783f7aaa..c3d54527ed 100644
--- a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
+++ b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2f20e2d-5f22-4c48-a2f5-5c27bf228c83",
+    "id": "bundle--477b2d8c-f1e4-446d-a364-aaa32ed8bc64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
index a82fd45d78..8c44d3e276 100644
--- a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
+++ b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7a154a2-e5e4-452c-8c0a-0ddcedb312f8",
+    "id": "bundle--47a35d6a-0be9-4497-8f1e-a885238c72ec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
index a79ffe2fc9..745700c4cc 100644
--- a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
+++ b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f86d6650-f32e-4cec-be08-e9f7719badb5",
+    "id": "bundle--25e7053e-e803-4429-8912-9187ff68936f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
index 914ef9f0eb..7f638da074 100644
--- a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
+++ b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68f1aeb1-3c02-4b3b-86ca-e5c1f9fa32da",
+    "id": "bundle--7105eae3-26fd-470c-a454-a56cec7b4d8e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
index 7eae0451a8..e6796bb958 100644
--- a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
+++ b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3c6013c-19ab-488e-a354-de48b7615910",
+    "id": "bundle--3a80842a-6664-431a-9f31-a621b89522e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
index 1d8f90f40b..4ae1142348 100644
--- a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
+++ b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4bfb2554-1eae-489b-9e7e-3dd915d30a2e",
+    "id": "bundle--4204a837-6a28-4133-ac70-3c13edb17d5a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
index 1224793c03..9c58d0cc73 100644
--- a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
+++ b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2db31ea-bc20-4b03-8492-14523045733b",
+    "id": "bundle--68d3c4e1-b825-445d-9250-88b7a41306bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
index 45ecd4b35d..6f1d05ddb6 100644
--- a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
+++ b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1dcd4538-f4e4-4561-b5b6-fbd23ed73198",
+    "id": "bundle--09dcbd95-ad3e-493f-a983-2e9d530d0650",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
index 17ed795698..eaacfbc54f 100644
--- a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
+++ b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40a06579-6926-4f3d-958c-40f09ad52253",
+    "id": "bundle--e1fed489-24a5-4de2-8a65-dd238463930f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
index 74b037cb70..f7cd0d4ff9 100644
--- a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
+++ b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e81138b6-b39d-416b-9dfb-49dbf0f1f33a",
+    "id": "bundle--47a05aaf-a736-4cac-b86e-ed2d08b12471",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
index d0798fb8d7..53e4b7cd6a 100644
--- a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
+++ b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a9e61a1-cfee-43f6-99c3-3ceb7d214017",
+    "id": "bundle--403202e2-d579-46af-80c6-17e36f8fa2ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
index 31b2523434..548aea871f 100644
--- a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
+++ b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54205ee7-0761-4934-a617-c45ab27d5cd0",
+    "id": "bundle--8aff5a9e-557b-4c55-9262-6612712727d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
index 003ea632f6..f05fb2c160 100644
--- a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
+++ b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33ac30a9-6d7a-47d3-a90f-0163b69b0213",
+    "id": "bundle--efbd7aa6-105a-47d1-b59f-853b77744acb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
index 6e26992822..822715fda7 100644
--- a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
+++ b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f2341cc-611b-4157-a56d-977e4edf0ac9",
+    "id": "bundle--c837999f-afe0-46fc-90df-b53e122bbe60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
index 4979c5f09f..d3d0b136e3 100644
--- a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
+++ b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--137fbc97-8427-4e1d-901f-15d0a6c5eeef",
+    "id": "bundle--eb55ab63-2f5a-446e-a3f6-cf61ea96bb01",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
index ce1016564f..bf1404ad84 100644
--- a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
+++ b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a82e0589-e2a1-4cf0-b388-aee66c8ceb72",
+    "id": "bundle--9fcfa758-b4bb-444c-ac5f-ca798116fe04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
index 33afad6d19..fc599ba145 100644
--- a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
+++ b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f81f1e8b-e57c-4299-955b-ab5135db9de8",
+    "id": "bundle--9cae2d05-ba8c-4609-b497-e05a6c491783",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
index d91f9c7725..e67037e2cf 100644
--- a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
+++ b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c8e751f-5048-41ba-8c06-76a3262c6713",
+    "id": "bundle--0481fc6d-d901-4b2f-ac4c-cf049c0cf327",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
index bf1e709d14..31b1d5a964 100644
--- a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
+++ b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8b8dcd1-7072-495a-8289-d5e90fd9f25f",
+    "id": "bundle--472f6d77-035d-4814-90fb-25647ad0416b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
index 0bbb1b85f8..7030f34fb5 100644
--- a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
+++ b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--edbf6d4e-cc22-4a42-bba1-652cc5f45856",
+    "id": "bundle--de0f0abf-0055-4ce9-9d6b-8be2f3c1e60f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
index 05b37b6ce1..ceafa04d9e 100644
--- a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
+++ b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--979ebfd2-d819-42a0-be1c-2e1dfeb5040f",
+    "id": "bundle--91177363-993d-4681-904b-33ff8d08377b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
index e7a5269519..919b3731d8 100644
--- a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
+++ b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3259dd8a-8a10-4ecc-88a5-71396a8535bd",
+    "id": "bundle--4c3b3a32-c70d-4e30-ac30-2e1d428abeb0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
index b4e8e58a2f..ab5abab16e 100644
--- a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
+++ b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--323dcb38-c560-4798-bba0-b1289bbb4f6a",
+    "id": "bundle--e25381f1-78df-4d05-84d9-487bc3e63808",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
index d54ccf9164..c13894c653 100644
--- a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
+++ b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2786f82-8bd4-4da1-9342-162176ff49d2",
+    "id": "bundle--30e9ada1-a618-4773-ab83-8246469bfe21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
index 3b96d6a208..a4412f08a0 100644
--- a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
+++ b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dd7bb09-e261-4dbb-8ee6-047ee212a0c5",
+    "id": "bundle--a19f91f2-3466-4e63-b9a0-8af95f2aa3ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
index c79ba6aeea..77f6bfccc7 100644
--- a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
+++ b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d23f73e-6dbd-4b6f-ac92-9d8815bbf8be",
+    "id": "bundle--6e26cd75-5fcd-4d43-840a-9ee8bf5caa12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
index 4ce6c27c83..5ecd4fb124 100644
--- a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
+++ b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4ce1f35-dffe-481f-8ea5-40b3b0bc21ee",
+    "id": "bundle--47e08003-fb5d-4ea7-bde3-056adfb3dfdf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
index 28791ac2e7..0e40bda7f3 100644
--- a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
+++ b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f254ae6f-ffb0-4c8a-a1b6-ec308ca8f9cc",
+    "id": "bundle--ba12347c-ebd7-4325-a13a-d547a944dfb2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
index c9af8b93d3..0bb37f4ce1 100644
--- a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
+++ b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aeaf23f0-51a0-4cd6-94ba-601924f78c13",
+    "id": "bundle--bbaf78f5-7422-4a69-b9db-fcf139a8dcc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
index 5c521eac96..ea48e89441 100644
--- a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
+++ b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--872c17d4-3592-47de-b50e-0c2d4a16a02e",
+    "id": "bundle--582a2b98-283e-4140-b80b-b1fd503567b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
index cba0a8db8e..f25c60a9ce 100644
--- a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
+++ b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6133cbc2-8d2e-4560-a481-a7ffb2826ceb",
+    "id": "bundle--2e8bc550-24e9-46f7-8728-08c6fff25e88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
index beb8021946..82cd824f49 100644
--- a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
+++ b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93c56112-6248-47e0-862a-1c22d6682cc5",
+    "id": "bundle--baa80b1a-8832-4038-a7c1-824acce6cec0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
index d475091974..dded5e10a9 100644
--- a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
+++ b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87400691-8225-4f20-93bb-8062f2f6e055",
+    "id": "bundle--77513819-883e-4875-b6c0-e698f57bf963",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
index 4b11c7753e..f6ccf9b030 100644
--- a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
+++ b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--817b70e0-d888-4b28-b903-862fdbea21fa",
+    "id": "bundle--04fd1190-c372-4d8e-a943-d39577ae06db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
index 1a957fee94..e8508f81e4 100644
--- a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
+++ b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79134c98-6dd8-4930-8d17-d12679d72f69",
+    "id": "bundle--c382639d-0f58-49e4-9ea3-bc89db1df758",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
index e31deefe63..098d25142c 100644
--- a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
+++ b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12ce893d-b5e9-4aa3-8881-12d8b4d957c4",
+    "id": "bundle--3edc2d4a-3fe5-4fd4-b46b-da83b7b7f2c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
index f20e726a9b..826a68d7d9 100644
--- a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
+++ b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4483ef9b-ec96-4baa-8c57-f02b9c510c27",
+    "id": "bundle--fdf6cc99-995b-4d06-8f60-d444a2ee5e23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
index 0b8c6a6409..6a0beaf34f 100644
--- a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
+++ b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20488e42-89e2-4ccd-8006-055ca933b348",
+    "id": "bundle--a38a66f4-b801-48e6-8983-8473ff237e27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
index 183a521be8..9b9efeb930 100644
--- a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
+++ b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bb0bb2a-a4a6-4199-b850-32fd9fd17572",
+    "id": "bundle--0d1fcdaa-1d06-41af-af6e-51f72c24aed9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
index 32ae45725f..fab35a7ff2 100644
--- a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
+++ b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--203f913d-bc68-4cc1-9457-395359ad22c6",
+    "id": "bundle--968f1451-e98d-4569-9546-ea35eee115ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
index 5f80e2f475..4624e916fa 100644
--- a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
+++ b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1a23db9-b5f2-4e16-a2c4-4edb567a458a",
+    "id": "bundle--78d79769-91b0-4343-bb6a-9badc71063b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
index 0c6446201c..675954ad4f 100644
--- a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
+++ b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--05cdf0b6-29ab-424e-8f86-e18d96146ff0",
+    "id": "bundle--42e9215c-2b50-42f1-9761-bfbe0658c451",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
index 4983874290..f40e548576 100644
--- a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
+++ b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b7ce4f0-a2fd-4452-a354-a147bf9d7c7a",
+    "id": "bundle--448185e1-287d-4eee-9689-c8a14bf158ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
index 657c30d0e6..cbda6c5ce2 100644
--- a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
+++ b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07fc17cc-4f93-41d6-9bfe-191d8acd3863",
+    "id": "bundle--51cbbb31-37c1-4612-8fc7-83460717b811",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
index d665b2cf56..fd979e5279 100644
--- a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
+++ b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76f7072f-856a-4464-86ba-c6f94120f293",
+    "id": "bundle--10248b65-b492-4b61-a64b-e1241505575c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
index 2ac22b3451..e9c1ad56b0 100644
--- a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
+++ b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--213e4920-eea9-45d9-9c1e-ac53a4bbe6c7",
+    "id": "bundle--66db500f-5141-47d0-9b40-61ff199797c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
index 8e3ba79e66..97e5e29c41 100644
--- a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
+++ b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7ccfb23-e3e2-4465-9c3e-f7b6469b3555",
+    "id": "bundle--7c12f6d5-13e0-4aff-9b07-a3739904cbc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
index 6d032eb75d..424643d4b6 100644
--- a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
+++ b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f06c9a0f-5850-4454-9e8a-e2e48d6ffb6e",
+    "id": "bundle--83f12f3c-429f-494e-91a3-d89b5aad4875",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
index 0bada9836d..1ca9fcddbb 100644
--- a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
+++ b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f7ef119-a276-4a4e-9432-391c12719fee",
+    "id": "bundle--c2aee64b-aa09-42ef-aa0a-3143247ec603",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
index 656081b584..84d2f3dbd9 100644
--- a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
+++ b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2cadd42-d285-464c-8533-28668526cf9a",
+    "id": "bundle--8eb374c3-4281-4e97-b341-67ec71689bf3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
index 36769026f5..3e45b33c7d 100644
--- a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
+++ b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb89f281-7eb1-4d83-af0e-081862913dae",
+    "id": "bundle--f93e2bb8-01ad-4647-8d82-2d293b6c4ce9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
index c9930af137..6799cc3553 100644
--- a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
+++ b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a412b92-07d8-4e50-a176-6ee15a092560",
+    "id": "bundle--70e49af7-5a57-4869-a30b-9252586846e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
index aa1a77b0e7..71221d2e1b 100644
--- a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
+++ b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd698d6e-9894-4dc0-9353-ebd1a06ec50e",
+    "id": "bundle--ae1d97a9-7a2f-4db3-807b-3fd5dec2e054",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
index e3c57da66d..fc9a996d12 100644
--- a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
+++ b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ee9a8e0-232d-4802-8bf8-6bb3b439008f",
+    "id": "bundle--530dad0c-4a30-4c99-ac3e-ebe8e9cfb85c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
index 26a66836f1..8a0aca3eab 100644
--- a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
+++ b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--655068f9-b37a-49a3-b320-86b0807dae0e",
+    "id": "bundle--8e5a45d4-fd52-4fcc-9747-bdd76164d36b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
index f0aad100d9..80c5f16ee5 100644
--- a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
+++ b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--474cf3e6-5bc0-413f-9a63-2ba4a0d5af04",
+    "id": "bundle--f792f6df-e581-440d-9b78-f0f12c76dcd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
index 1bdd38625c..5343f6b049 100644
--- a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
+++ b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7281757c-8546-4866-b3b1-2650f8f714d5",
+    "id": "bundle--c1a229d8-696a-47bb-b572-687d5e57ca3b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
index bfc2d5b0a5..9b44113df2 100644
--- a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
+++ b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b13d2e12-c226-4fdd-9101-c5ec8775711d",
+    "id": "bundle--50f997ed-447c-4232-bc12-4f198510c9c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
index d3193e1947..27fa25bdd3 100644
--- a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
+++ b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73b85186-af87-4c58-bc6e-8f6a0901db9e",
+    "id": "bundle--d69bee00-41dc-4818-8309-3faff9eb328d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
index a084681dc4..63f08302fb 100644
--- a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
+++ b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--995f8016-8c98-4bd0-afd3-ab77057d9af1",
+    "id": "bundle--91322c24-4ec2-46ff-9486-f6da34b8e585",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
index 2ae1d6ed34..7c97e59ae0 100644
--- a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
+++ b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5aa51c63-e9a7-46ea-b24f-bc551d1211ea",
+    "id": "bundle--84a6b08e-dea9-4ca0-8b64-044c24a9efa5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
index c9b92959ec..1401d29bb0 100644
--- a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
+++ b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a601d1ec-30a5-4a6f-be1c-1159ca8d9c23",
+    "id": "bundle--71fe4129-6aa8-462c-b334-ec3680cc91fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
index 9e7f299205..8d9d9077b6 100644
--- a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
+++ b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bdf16fee-a11c-4c7b-a4a3-590fee21713c",
+    "id": "bundle--99b30f6c-772d-41ac-abf4-1903bfbd42e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
index 1485c3661a..c8dee47311 100644
--- a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
+++ b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dbb4f4cd-bb16-4d7a-9c6d-1d77d9d982a0",
+    "id": "bundle--c8a8e61f-0ed8-442d-9464-40dcc789cb2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
index 86c694249a..8116b35215 100644
--- a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
+++ b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9fee31e7-fdf8-4635-96fd-1db79ac37be3",
+    "id": "bundle--8c2697bd-a444-410e-a164-f5932faf2792",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
index 533bd9ca22..0bb5b6f763 100644
--- a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
+++ b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d1eca42-93d0-4ead-91cb-5a89fe15331a",
+    "id": "bundle--0a73cb83-37fc-4779-9dd6-efe595c10370",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
index 5ea8a352c0..f9cda1abb9 100644
--- a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
+++ b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b329c5ae-4ed3-4c77-b0bc-73b2a2d49f40",
+    "id": "bundle--4afbbc26-ab69-4e2a-8e01-404e7c95bc1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
index 494a4308aa..5d7c916978 100644
--- a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
+++ b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72317172-e412-4906-8afc-248b8bdca888",
+    "id": "bundle--fb613963-0bf2-44d1-a7c6-355400c0f43c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
index 41cdcbc424..0306f4412d 100644
--- a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
+++ b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76a00943-dc05-4d92-bb1e-307f018ffc00",
+    "id": "bundle--fd93409b-d408-446b-96e4-8e141a18d37c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
index decfa6b42d..d9127fda86 100644
--- a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
+++ b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c06f8a8-e349-4532-868c-121342647c8f",
+    "id": "bundle--e1fffc4e-1bf8-4bce-bfb3-caa106464d09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
index 1d78427b74..25a27156d5 100644
--- a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
+++ b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7fe2bcc5-ec71-4483-bb18-f07ba51273fe",
+    "id": "bundle--2ada6200-5cc3-42b3-aca9-9add4a1d5f95",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
index 047b94b61b..418e59b1db 100644
--- a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
+++ b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbf872ff-e200-40e0-9e74-0a1d081cf9a3",
+    "id": "bundle--f2fdd40f-bd69-4896-b281-b488da88e957",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
index c1e9813556..ca15a57acd 100644
--- a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
+++ b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bc24e52-c1e5-46f7-82f3-c32186dd8590",
+    "id": "bundle--b3296e81-850d-4976-9a0c-a94254329d66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
index 2f28d2fc67..9992d78683 100644
--- a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
+++ b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52169988-fbb3-41d2-b0b2-dcc02bc0f593",
+    "id": "bundle--6e7340e7-1152-4573-a212-4054005cca34",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
index e85dcba09c..6749d30f45 100644
--- a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
+++ b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adf6847e-f122-49ef-9ffa-9b48e579fbf6",
+    "id": "bundle--4a4f9c89-d3a9-48d9-864f-f2fd55500def",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
index 2b15aca7bf..2348ef4735 100644
--- a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
+++ b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5234a9d-e964-4453-a9d6-26e094651d08",
+    "id": "bundle--b02d3b68-ca15-49e8-8f85-34ee4c84b327",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
index b81d485068..7c7bf9034a 100644
--- a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
+++ b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dfbe9a96-1df3-4ad7-9b0e-9733033a13d7",
+    "id": "bundle--f0667911-aff2-4119-916a-3b83a617bd52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
index ba196b938f..617d610e6a 100644
--- a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
+++ b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84b71bb2-582f-4384-9ac9-a313ac26c2ce",
+    "id": "bundle--c6774fbd-2953-41ec-882e-d2a311d402af",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
index 23560dac7f..0cafb04e79 100644
--- a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
+++ b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6c25944-feb0-428b-9dbf-f0a320619352",
+    "id": "bundle--4ea0a31b-ae58-44a1-b04e-87c115890d21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
index 411bdf8003..3b19cdc985 100644
--- a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
+++ b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--424b3dd8-f64a-4bf7-a925-2d78bf3d3268",
+    "id": "bundle--b5e64231-b047-475a-9200-9316108b5971",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
index fcad3f77ed..a7ca24fcef 100644
--- a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
+++ b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--10656351-20c7-4174-8970-e018cfb4934c",
+    "id": "bundle--95e46112-71aa-45d9-8337-5c7232ca6617",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
index 46d3c29ae4..ba99f83159 100644
--- a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
+++ b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59a645cf-bd8c-43e4-bea3-79c0a5b7be4a",
+    "id": "bundle--13fbf0dc-761a-4747-ab70-b5f216a9fe57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
index e04aadade6..eb9f2e178a 100644
--- a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
+++ b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ee5c7701-eebb-407e-9603-f503d0d355b1",
+    "id": "bundle--64c77e50-a9ed-4b0f-9e10-696a599a4e01",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
index 7083895f2e..5b60f4aab3 100644
--- a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
+++ b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35066da5-22c6-48f4-aad8-cee27f48e511",
+    "id": "bundle--026a3fd1-3522-41b3-9e4a-0c73d20c79db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
index ff5fc8ca24..be293a26a7 100644
--- a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
+++ b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4a0709c-976c-4f77-8fa8-01cfe534159e",
+    "id": "bundle--ace3c811-0300-4db7-a799-984c7313d004",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
index 4e9e0a0c09..04c2a06ba0 100644
--- a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
+++ b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96cdc540-f35c-4c86-a0b3-c29ce2b05e10",
+    "id": "bundle--59a536a7-4442-4a28-96c9-870c6453431f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
index 161a00c72a..6e5a55ecd3 100644
--- a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
+++ b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18cba0b8-82de-442d-b766-b6ef60fb6fac",
+    "id": "bundle--24044925-0c77-47ea-9eae-b948a130d364",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
index e02bed5a09..194588c257 100644
--- a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
+++ b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--463a5e68-357e-49c2-9737-da1cbdd4241b",
+    "id": "bundle--967a107e-b486-4cbe-a3a9-a5f8cde18aac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
index d6c3599348..699f6ac0ed 100644
--- a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
+++ b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ee863f0-1069-4c0b-9a6e-6f4a14e83834",
+    "id": "bundle--3c330c62-b6ed-4442-9456-511c0f2fda1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
index a504f093bb..9909bdd956 100644
--- a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
+++ b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c874c3c-828c-437a-9fc1-fe3798ce79b0",
+    "id": "bundle--e911cbda-a959-4169-b577-0a5c38fdfb01",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
index 65c7e8fa61..6f835dcaef 100644
--- a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
+++ b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e5586a4-6c95-4554-bfd4-339a36023b66",
+    "id": "bundle--a13d225b-1b41-42ae-ab44-34b4832dc2db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
index 0ee5e0eb82..60722ce9f0 100644
--- a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
+++ b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--191cadc9-d9a6-455b-9fa4-8e659f3e5abe",
+    "id": "bundle--5f17363e-a0c8-4f3f-9a9c-0127fe63eb47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
index 75816eee23..7aa60f4ef8 100644
--- a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
+++ b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90bea966-fd05-4b3f-b33c-87494699b15a",
+    "id": "bundle--46bb3446-fb8c-4d71-8b56-9534dbee3249",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
index 1c22901acd..95dff3e3bf 100644
--- a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
+++ b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e834058-e699-45fe-8338-53c22b1d391d",
+    "id": "bundle--70d7d1db-56eb-4da0-91f0-1a4554b960a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
index 3be012e48a..66030a9b4f 100644
--- a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
+++ b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0effa48d-466f-4feb-a7c6-114fa2fdf2d5",
+    "id": "bundle--790d6d95-117b-43fb-ace0-ded5be501dc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
index b2f86f0835..69716bace4 100644
--- a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
+++ b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d397b743-caea-4aac-97e6-a84ca6dfe0e5",
+    "id": "bundle--27005fa3-ac95-4271-811d-f4616896a462",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
index 31945d849d..0e5a508653 100644
--- a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
+++ b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d10c5624-2ded-4762-9e5d-dd60f435678f",
+    "id": "bundle--24b1d1fd-e886-4731-9710-a5a91e432beb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
index dc3191904b..1ec369244c 100644
--- a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
+++ b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53ca00a3-eb7a-44de-8562-04930acfe084",
+    "id": "bundle--f4ebe3bc-af19-4332-9e02-c18b5f0377e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
index 93ab1789b9..789b4dcefa 100644
--- a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
+++ b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b909f56-a3b3-419d-826e-a71c4f7ac474",
+    "id": "bundle--d770b9e0-593a-4a79-9191-720dca851d80",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
index f1136ee724..f39f603408 100644
--- a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
+++ b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca6b66a9-cba1-4f64-a554-d8364b9cdf6b",
+    "id": "bundle--ff5814cf-1eb2-41ad-9513-f0c9dcc958c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
index 289aa2e3d1..6ab2726560 100644
--- a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
+++ b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4483aa3-762d-4821-bc94-47b0fcb2ec0a",
+    "id": "bundle--18b01cb1-0e44-465c-b4ba-a739f5d9c43c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
index 14e6d1a25c..51164fae13 100644
--- a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
+++ b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34b9a3dc-5b31-4b72-a967-a0a0877716dc",
+    "id": "bundle--8e8e6077-3a8c-42ee-a0ab-f2485dfe7e66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
index a05fe903f6..e0c275cdd8 100644
--- a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
+++ b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25cd3d34-da82-4edc-9bd5-598d43d0036c",
+    "id": "bundle--55b59baa-878e-4fa9-ae81-388dcc87fe26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
index a3d8109fcb..2c988f1207 100644
--- a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
+++ b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a962a428-0cb6-4e26-b8ed-bb0b0ae4df90",
+    "id": "bundle--ca90db14-8130-4034-9ef4-5ff7c8236f13",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
index 83e47dcd38..3117b2269f 100644
--- a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
+++ b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ae7fd1e-4920-435b-a745-5764a31c9925",
+    "id": "bundle--d1f58bd2-fee9-488a-b0ee-0de3a2d7cc62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
index 5df04aebfa..a2c68333a8 100644
--- a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
+++ b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0378f497-939f-4fec-afa3-83760064d9c1",
+    "id": "bundle--27cf8c5e-ce02-4c26-a6fe-aaa78aa4e8e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
index fd8b4872dd..526649acc2 100644
--- a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
+++ b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b96d1a8-2c3a-407d-817e-35294acc1cb8",
+    "id": "bundle--7f9ed41e-49ed-4e6c-87cd-a87cd39527b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
index 6b3b31a446..6d9c48c0f6 100644
--- a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
+++ b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a946667-2ba2-44a8-b09b-d52943ecd079",
+    "id": "bundle--6858b670-305a-4da0-a846-0a9c3bf07589",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
index b7e326a6c1..6cdfe6b6a5 100644
--- a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
+++ b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c0eb14e-b7b0-430c-b946-8d10158cac63",
+    "id": "bundle--31cd6d86-6737-4445-aab1-ffcf2cec97e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
index a5f54325e3..d934d5182d 100644
--- a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
+++ b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af0ebae5-4c97-4c44-b47d-87950e0aa2d3",
+    "id": "bundle--962eda6d-ece5-4efc-9212-183517a17c96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
index 7c1e01b71f..139ee1dbc8 100644
--- a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
+++ b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e4c330a-ef5c-497e-9770-95c5c0377a3f",
+    "id": "bundle--6529ed14-21b1-43be-bd8a-607dd6607d34",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
index 732cca5af5..4173085e6b 100644
--- a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
+++ b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02d8ddac-538f-4acd-9d85-bee64327ebf8",
+    "id": "bundle--20ee7e67-25a9-4e84-9398-8e83f6ce3fc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
index 7683dc58a5..28a215bb2f 100644
--- a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
+++ b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5ee6c33-7f24-479f-8517-656aaf74b014",
+    "id": "bundle--20469903-18ca-4940-8a27-f0c0983bf827",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
index d16bfe57ea..bf95562dca 100644
--- a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
+++ b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--42908e01-e1ba-494b-b8d7-0ed898681f8b",
+    "id": "bundle--8750c4a9-e573-486d-a67e-a3dbf96f715b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
index 81f74d196b..c401e07be1 100644
--- a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
+++ b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e98208f-d264-463e-9f6b-05fb043128b2",
+    "id": "bundle--b9e96375-2572-489f-9171-40a1d6b7a0c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
index acf5474476..dc688228cf 100644
--- a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
+++ b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f58e6467-ed74-4577-a531-ce95b65e46d0",
+    "id": "bundle--60d8ef70-c68c-4aff-8a1c-2595f26ca8a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
index e5e9e922ea..0fb14efe66 100644
--- a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
+++ b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c9af37a-8186-4e25-a93b-333628d1572c",
+    "id": "bundle--b2def877-9732-4d76-a815-da798db98b57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
index 3c0f256a91..f65b78451c 100644
--- a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
+++ b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdbd0018-a74f-45e5-b745-a0ae8cd48c8e",
+    "id": "bundle--35d870e0-0ede-4bfc-9873-4a47c65ede2b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
index 69a5f61305..12d99ba510 100644
--- a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
+++ b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f81c746b-1cbd-433d-aa8a-b8f979dc4a2e",
+    "id": "bundle--9780fba8-97d2-4a31-b9a4-8b79e4f8d96d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
index ad67c8a543..e364c0ed87 100644
--- a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
+++ b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6c6a39e-a8c4-46d6-a481-1e1bc6a63fc4",
+    "id": "bundle--db896af7-0d86-4eb9-9dfd-2dbcaf1ab083",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
index 8d611a0dc0..89e8ab61ec 100644
--- a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
+++ b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30a6bba9-bc8d-4813-b600-5b6bdfa131c9",
+    "id": "bundle--87cf197a-db51-4581-b316-e43bd7947601",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
index c562efb4e9..411cfc9f7e 100644
--- a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
+++ b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebcf4c7b-a31f-4273-b2ca-78ff974ccf80",
+    "id": "bundle--7e17045f-8026-476b-8c00-f4d909bffb1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
index 4413dc8a11..f2504d8dbf 100644
--- a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
+++ b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b53448d-9b82-4ec7-8751-d756fb4d980b",
+    "id": "bundle--c46ed8cf-ad56-46db-be9d-28c8d0dfb459",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
index 2fdb188c5a..158d10cb77 100644
--- a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
+++ b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96c3a8a4-2bc0-4d2d-b3d2-5fb1aa89c6c7",
+    "id": "bundle--f143a6dd-c5d9-43e1-8bb6-7640fc295397",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
index 1846757612..15b24dabb7 100644
--- a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
+++ b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67da30c9-e55e-4d9f-b1c6-61da6ee84e5a",
+    "id": "bundle--9159ba33-96b4-4012-9243-8f91dbce2ee7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
index f11e5624b9..bd2cdcb05b 100644
--- a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
+++ b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5796333-ff9c-425a-9212-786a226137fe",
+    "id": "bundle--09cf708a-217e-4062-bf24-3f7a0d2f7b37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
index c815c95908..38cf720eb2 100644
--- a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
+++ b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5d24076-d0ef-4e39-93fc-5e4c227fff31",
+    "id": "bundle--93c03cee-803d-4fcf-8a35-f3534b717600",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
index 55b5b1f3a8..df4d0cfb2a 100644
--- a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
+++ b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3cbbfc5c-110d-4284-89fb-4855fa3b1ce1",
+    "id": "bundle--2274557e-578a-459f-9100-473c4941941c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
index 479a24c21f..a9a8a945a0 100644
--- a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
+++ b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5a8009c-a4cb-4c0b-a500-eb612ef56294",
+    "id": "bundle--7809c837-6e1c-420a-8f60-c8e1fcd9f184",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
index 7e70a88a65..31b651db20 100644
--- a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
+++ b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4618fe71-cfe7-465d-ae6e-c0a2d11993f9",
+    "id": "bundle--de203a52-9791-4c1d-9690-0fce648485c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
index f1615d7bef..75c61373eb 100644
--- a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
+++ b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b099925e-6407-4a10-b887-d2f2b728656f",
+    "id": "bundle--d121ff38-46fd-40b0-8f59-c5970c4c991e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
index 6d9fedaa35..35b5464acf 100644
--- a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
+++ b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea120c7b-6124-4928-9e11-d9348c65454c",
+    "id": "bundle--137111f5-6db2-4030-90c2-6c5e418ceeb7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
index 262ffbf5dc..f2571d8723 100644
--- a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
+++ b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ab874d4-f5aa-4eac-a47d-5b2d7d9bbba1",
+    "id": "bundle--20046849-d17a-4956-b66f-98db0b0ee8aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
index 26b04fd033..73c7f6d7f2 100644
--- a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
+++ b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e801de8-48a8-4d57-a3c2-679150cfb20a",
+    "id": "bundle--a72b989e-1456-45b7-8051-01ce4cf902fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
index 16a685903a..cb85b71580 100644
--- a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
+++ b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b521307b-8e44-4f3b-b133-a4bc79835179",
+    "id": "bundle--9d75086c-e957-4588-a8b0-40624849bb8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
index 90a153f75e..aa810c1522 100644
--- a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
+++ b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--593f4015-f1b2-4567-8647-9a81340b6b51",
+    "id": "bundle--6251478c-cd0f-4d0c-9671-a14614884bf7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
index dcff39f8fa..ef62f5b2a4 100644
--- a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
+++ b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b4dd6c45-4050-4ff0-af54-eb0a73dda101",
+    "id": "bundle--848c2b9e-5e4b-42f8-adff-c8d61e8efe65",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
index 46347ade9f..96ea4d346b 100644
--- a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
+++ b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87d77a03-244a-4212-af85-bae4bdc8f439",
+    "id": "bundle--e8c7b5dd-59f3-4798-b832-4667c0cc1ab4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
index 53196053e3..1018926e00 100644
--- a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
+++ b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac09ca9b-583c-405f-a143-e3c951170efa",
+    "id": "bundle--53c9e217-4848-4878-8c3b-ed36dcec4fbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
index 30771c4413..f2ea5eed48 100644
--- a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
+++ b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20b789ef-1fd6-40df-ae5e-120802af8760",
+    "id": "bundle--a1f3e0e9-7420-40b0-a37f-8a7cc19e65c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
index 5c5c6bc627..66dc4aeb01 100644
--- a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
+++ b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a31646f-bdf7-4212-8a49-0bf494c86a5e",
+    "id": "bundle--98f7bbc0-19b0-4698-a392-01427a53a79a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
index 76de63b866..1ea1f2faa8 100644
--- a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
+++ b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1888e957-2beb-4c51-8839-b6049e969c76",
+    "id": "bundle--e288e238-ea26-4cc8-b4b7-6de741471466",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
index b0d6ce2bc9..b7e322ef27 100644
--- a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
+++ b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3834c3a5-bf63-4c96-8585-d666d7078b31",
+    "id": "bundle--33e0a23e-d978-4565-b015-c8ab2f1820c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
index af12e9fb4f..2cbc1ea123 100644
--- a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
+++ b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e9ce00d-d875-4120-8e92-9c8436571241",
+    "id": "bundle--65ad5e2c-9de2-4e4d-af61-d6470eb08020",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
index 568450b641..8972567f4c 100644
--- a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
+++ b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d399385-e280-4d06-96ae-7c167052453d",
+    "id": "bundle--c91552f4-144a-4122-8c87-3e8d8582b43d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
index 2c6860ebc8..2aa0a2e20f 100644
--- a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
+++ b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5dc589c-7d89-4eb8-b356-d6131e76a2a9",
+    "id": "bundle--23dbad52-7647-444f-b8c8-ef7f9df5e5d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
index 589e8b8e80..9a10ff3930 100644
--- a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
+++ b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aaf268e5-796d-42aa-a35b-24ce98316303",
+    "id": "bundle--e3e8061e-8bea-487e-9f38-6394ad689b83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
index dc319ecc4a..95716c60b1 100644
--- a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
+++ b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f45968f-558d-421d-b84e-4637f91abc0e",
+    "id": "bundle--63983f69-e5ba-4795-9012-435b4dc84f74",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
index 3f4a391cf8..711c4969ad 100644
--- a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
+++ b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5da51d63-f51c-45dd-8439-257664f89b31",
+    "id": "bundle--0fb4942f-632a-43f0-950b-8217b4e09742",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
index d6470afa5c..6e45e2a97f 100644
--- a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
+++ b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ede9e3c-721f-4dd5-9413-daf5a3971b71",
+    "id": "bundle--26c8eec8-0dcd-4552-951c-a5db00fdd94b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
index 6c398b8c87..e040d3ef9a 100644
--- a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
+++ b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--55cb18ce-e9f7-477a-9a89-025c2f1ebdc2",
+    "id": "bundle--67f211f3-a202-47ad-be37-e21abbf720af",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
index 3986c9f08a..75428e112b 100644
--- a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
+++ b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbb0f879-9cc4-4fb6-a807-90842ee7f576",
+    "id": "bundle--81db9990-c0ac-4855-ad6a-2c451dbd45d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
index 8ce64a602c..46ff9d0266 100644
--- a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
+++ b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b835aba-7e66-4a96-8d0d-1362d6c53d77",
+    "id": "bundle--dd81f938-209b-411f-8eef-1e64262fb36c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
index 71da7c6501..75b2747da5 100644
--- a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
+++ b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2fc7bb4d-6917-430e-855e-1bdea537aa55",
+    "id": "bundle--c7a4adb8-666c-4f25-ab46-2ada4f52618b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
index b5fb00eeb9..a9759090d0 100644
--- a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
+++ b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fbc34a51-25a0-4092-b581-dc69413acf0e",
+    "id": "bundle--38990d2e-ae22-4685-9c3e-5e4d971c5f10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
index 98a05fc81d..a91b81d3d5 100644
--- a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
+++ b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2d4f15d-8dde-42b1-abb8-c562226c349d",
+    "id": "bundle--e14e8e30-ced3-479d-8440-eb059bd3da89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
index cca3bcc50b..c2c1a9c4c7 100644
--- a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
+++ b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06009f80-d45b-4b28-ba02-c2777636e0f0",
+    "id": "bundle--cc4852a2-7cad-448d-8ad7-c9318e379997",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
index cc6dc5ea54..8eac4fa544 100644
--- a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
+++ b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec2c621b-5576-49cd-8fa2-f984b9e4761f",
+    "id": "bundle--b6a6666e-fc58-417a-82f4-35a69dbda7ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
index 24aee27afd..d00c71e040 100644
--- a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
+++ b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c3417a6-58a8-41da-a3a7-f30be0803d98",
+    "id": "bundle--8a3e83b9-0f6f-4318-8981-8edb952da258",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
index 1577c77818..929c9efa43 100644
--- a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
+++ b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ba2729f-b09e-4c25-bd48-eb3839404971",
+    "id": "bundle--b8a0661d-df5b-4c6d-9f20-db8ea197e951",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
index ee2ba20b25..a6f4e96f29 100644
--- a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
+++ b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ceb902a-8668-4aa2-a0e1-36d1e7539fe5",
+    "id": "bundle--f200a54e-d602-464d-a5a8-f8d7c247568b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
index ea3934b6ee..12172e6c94 100644
--- a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
+++ b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4924314-a4eb-481e-bf86-480ae0bbf346",
+    "id": "bundle--0c912fa4-48b4-46eb-aa15-99f82c403086",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
index 69df0dcf22..d1e729cc7c 100644
--- a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
+++ b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd93ed04-00ee-4e99-b955-09e2f09234be",
+    "id": "bundle--ea8dae9c-3ce5-4791-b77d-2eb272e48d05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
index cc45e437b0..aff89cb4a7 100644
--- a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
+++ b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--309ea3e7-4d9b-4d10-9fac-305f4511f646",
+    "id": "bundle--b074c28f-2a03-4277-9cdf-efdcd69abc74",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
index 0c9d007339..373572fbed 100644
--- a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
+++ b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5edc90be-76a2-4f13-aefe-d2c3ce7887f3",
+    "id": "bundle--d8e83bc8-5cd8-4a4b-8e0e-27187cb8d195",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
index 5ae43ed884..9ad73e3af2 100644
--- a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
+++ b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61e62760-1ff5-42c3-a6cc-178455db8256",
+    "id": "bundle--b21898fb-c5c8-4a34-8bd7-baa010e25766",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
index 0d24b15a1b..7ed1d0e361 100644
--- a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
+++ b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--270ff280-b771-4012-8030-641522beda3a",
+    "id": "bundle--bfcd6efa-ed5d-4619-bc0a-c6da2b17afa1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
index 3d63a8e12e..c5470dd973 100644
--- a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
+++ b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a97869bd-68b8-4b58-9df3-b0ed431b0679",
+    "id": "bundle--b7a5b825-0190-4ea7-939f-ccefe2b0b0de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
index 7144184492..219298a63d 100644
--- a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
+++ b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d25a69e-5492-4704-95e4-67b4df3e9e87",
+    "id": "bundle--432e8f39-32e5-4e55-81c2-4e67a363ca09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
index 90eb10c34e..6a4241d990 100644
--- a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
+++ b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aaea92f0-03d3-4b10-940c-b186a082a9d1",
+    "id": "bundle--a7c623f1-0b72-4489-a500-cbabf8b80fab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
index a04b6da2a1..617b4f0fd1 100644
--- a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
+++ b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2b73f8e-222f-4560-882f-3acf8dfc4257",
+    "id": "bundle--261dfcd6-e431-4191-a8c9-bcb41a35c1bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
index 4a2454a479..1d37b38456 100644
--- a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
+++ b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7923f498-af5d-4523-95bd-4d632a001f01",
+    "id": "bundle--c1367e6a-34c6-4efb-b88c-95404db7e54a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
index 9b01feebf6..e5b7dfd103 100644
--- a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
+++ b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--948e1214-e0d0-4354-9731-769ee90f3fb8",
+    "id": "bundle--5fceb0c4-901b-4dba-b4a4-5f2d73c1c1bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
index 72e655ab55..2fb0f45338 100644
--- a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
+++ b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0faf1a9d-9f9d-46b9-bb55-4e35b645a61a",
+    "id": "bundle--b04e2d1b-9755-469d-a426-ed0cd0698f7e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
index db2c9e779d..7a34124d22 100644
--- a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
+++ b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3a5e2a4-1d19-493a-a54b-9dc12693cc0b",
+    "id": "bundle--bdeb9657-0695-4aa8-9fb5-b81ce24f7026",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
index a053406034..0d24837d77 100644
--- a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
+++ b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70ecde28-4b35-4539-883b-ac4537f62405",
+    "id": "bundle--21fd6be9-4f03-4c38-a758-35f4a9cc7b08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
index 57794b0d99..f0807479fa 100644
--- a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
+++ b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0454d860-97f0-4324-936d-70c959a11e53",
+    "id": "bundle--487a6cb0-0386-4cec-817e-d1dc8b9b61d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
index aa25875514..4b00a685a0 100644
--- a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
+++ b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2cd7a5fa-def0-4254-8775-cc830d617d97",
+    "id": "bundle--7f54556a-11c1-4f6c-b8e7-234c801203b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
index 856cb6f570..7b7967d30a 100644
--- a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
+++ b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b330acb-4e99-4d6f-98e6-ab56eadc5297",
+    "id": "bundle--f541b202-31b5-4162-b512-0425453c012e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
index 5a2e027143..31ab5a4cd1 100644
--- a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
+++ b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--899e490b-a3b8-4c22-9b5a-792a858be2f7",
+    "id": "bundle--8e07b288-bfa6-4796-bb21-511a4bcf325b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
index 04894f71da..e1cf6c3032 100644
--- a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
+++ b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11a3ea33-6b3b-4307-a1f0-b548867c5f9e",
+    "id": "bundle--afabdb04-ac69-45d3-8025-e4194816f64a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
index 00695e1edc..a6986fcbb5 100644
--- a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
+++ b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2e2b6a4-cf30-4638-9cbc-d813c3af556c",
+    "id": "bundle--c5d71eff-c294-4e1b-8bc5-dd26e22f2410",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
index 9f36372f09..08c4bc711b 100644
--- a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
+++ b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e722296d-3ae0-49e3-a0c8-58d049516f55",
+    "id": "bundle--7efbfda7-3f13-4318-b49b-7e884a766f38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
index 7b13ca8881..72d116d1b6 100644
--- a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
+++ b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03f1ea48-7661-41d2-965b-301944e0cce2",
+    "id": "bundle--87d31f5b-286d-44e0-9ab9-21f66d8bf540",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
index ab9406acdc..4b908537e7 100644
--- a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
+++ b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--107b4958-a356-4d6e-823c-e55b8f07ad85",
+    "id": "bundle--626fc59d-5542-4888-89ed-e4dfc730911c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
index 0b1faa072a..293b1a27a0 100644
--- a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
+++ b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b5af35c-f5b7-449c-87e3-d7865ea43367",
+    "id": "bundle--ac3f32c4-8452-4388-b288-e64c0f3c4ef2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
index c7216d9f97..ee8ca35c80 100644
--- a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
+++ b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--92939c3e-70e5-4715-bba1-0258facd750f",
+    "id": "bundle--751a145b-f7dc-436a-9e33-7816c290b5d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
index 6b0be0b2db..c7505a3422 100644
--- a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
+++ b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--df647ac0-1083-4c34-9ff3-b9a4684cb00e",
+    "id": "bundle--79915a84-4495-4552-973d-d619d8caf1cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
index 95deb01641..99e8da4584 100644
--- a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
+++ b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--216e861c-eaf4-4643-9580-f94f660c1d8a",
+    "id": "bundle--4ccd3efa-787c-4c6f-a33d-3b017df51341",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
index 83baca6994..a29b16c637 100644
--- a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
+++ b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ccac259-9193-421d-b223-35a6b0765932",
+    "id": "bundle--ade4f041-fe33-4c32-a544-63037348a1e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
index 539f2e14b9..3626d89104 100644
--- a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
+++ b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--611f7bf2-b972-4229-88ba-5421bafd086e",
+    "id": "bundle--608db9fc-5168-4d1e-a816-dd12249d18c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
index 92100a7fdf..d8c359492a 100644
--- a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
+++ b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--82d96ce6-0c7a-4678-8e85-8b44e2176953",
+    "id": "bundle--c18a9bc7-de5c-4cfe-832b-094568359676",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
index 70f6d77b33..f3d6d863c4 100644
--- a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
+++ b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--80365e06-0cf4-4bf2-b7d9-9c9c956178ec",
+    "id": "bundle--850f6b94-d9a8-4575-81b8-e6ac81a84d22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
index a4eb6533db..4fff7f114b 100644
--- a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
+++ b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f058bef2-afbb-48da-93c2-72ccc0c3d0f3",
+    "id": "bundle--49689541-98d0-4f12-b393-b47885a9c7c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
index 0a587d81b4..ffc2babc25 100644
--- a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
+++ b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0cfc68fa-17d5-42d9-8b31-87c82191cd6a",
+    "id": "bundle--df9fc376-bf60-4430-8e32-ea5e2ab41e77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
index fd80c90f6d..27bb82479d 100644
--- a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
+++ b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da19d08a-7a5b-4a5b-a9f6-3c7d7f8fa78a",
+    "id": "bundle--fa39b4b7-9eb4-4404-a263-994ef9ec9c09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
index b65c6ed49c..fbd2a3fbe2 100644
--- a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
+++ b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f7cf9fc-c742-4d61-9319-8c0877a9c7ee",
+    "id": "bundle--05688708-4c62-4167-88d8-2d87d1cd23e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
index 328b46a203..9a6178d764 100644
--- a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
+++ b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a079bbd-5adf-4db1-ba2d-5d98ede3f977",
+    "id": "bundle--967c7030-4e7e-4e2e-9ad5-8f0ff3d810ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
index 1b1263f4c9..90eb5da0f7 100644
--- a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
+++ b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d195d9c0-f6c0-4dc9-9c6a-fc9a28a1f038",
+    "id": "bundle--06e52e9a-44a5-4200-8df3-d104809208ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
index 726a70ebc8..15265b55b7 100644
--- a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
+++ b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1da937e9-67a2-42cb-9f53-55592ae6f074",
+    "id": "bundle--ce3da636-efcb-44c3-a394-4dde2f634748",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
index 77e288ae27..c3bdc45b02 100644
--- a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
+++ b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f701d07a-cca2-4927-913a-247cd6776e10",
+    "id": "bundle--1b9557e1-f24e-4afd-9ce7-af3ee7028ed0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
index 3a1f28979a..9434b96aeb 100644
--- a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
+++ b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f560b752-6903-44d3-9223-2575781f64ad",
+    "id": "bundle--cf1d54cb-f570-4e77-b968-ef12d17a6484",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
index b507d6edbb..32e2913e12 100644
--- a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
+++ b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab56db23-64b3-432c-96e0-6be7a9b9964d",
+    "id": "bundle--25cec91b-cb32-4db8-9cc3-76679d0b11bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
index 13991c4833..ccff6932c4 100644
--- a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
+++ b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9084222-af6f-4925-97da-8f4d7ef8f7f1",
+    "id": "bundle--54b2eba4-b82e-4e4b-8dcf-7947a03446ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
index e8cdf78637..876adf191d 100644
--- a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
+++ b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dca9b49-a713-4c14-afe0-62b6d1b46f6a",
+    "id": "bundle--e2e31c01-7cd1-47ed-b94c-11addca0b7c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
index 1f2e3b8b2c..70f311b542 100644
--- a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
+++ b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9fb226f-da6d-4618-9d5c-ae5908a527c0",
+    "id": "bundle--4883a1de-6848-4a3e-a71a-123cb30700a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
index d53528b5e3..1611aa508e 100644
--- a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
+++ b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70663f37-289d-469d-af65-38dd7991fb50",
+    "id": "bundle--be90d604-b27f-42c4-8544-9c511119c7e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
index cbc0f27bad..c5f1c38a8b 100644
--- a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
+++ b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ade37369-3114-43fe-9713-7540c175a418",
+    "id": "bundle--ed364393-80f7-4483-a4ba-0f753cbb6536",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
index af680471f4..cc76c04983 100644
--- a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
+++ b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c4b662d-73af-4c19-a253-b9fd72b5530f",
+    "id": "bundle--639a2355-f01d-4af4-8e5a-8c5ecfdbda5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
index 0182200a47..e0ddeb3ece 100644
--- a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
+++ b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6eea40af-7ae2-49bb-b287-faf4c8655d91",
+    "id": "bundle--fdad3e53-d036-4c52-9894-1be497f87dc7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
index a62be9e422..d854e97173 100644
--- a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
+++ b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--219a7fb1-e2b8-47ef-999b-28e2ee8f8654",
+    "id": "bundle--21dc7160-21d3-410c-b885-1e3f37b18f62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
index 1a75d8cbd8..abc9324403 100644
--- a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
+++ b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39c158be-34c0-4b66-aa67-e1230b287635",
+    "id": "bundle--e32b01e6-7948-45f7-ab21-7c528bd76aa7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
index 460ee77b28..01e387dd1b 100644
--- a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
+++ b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ce3d0e4-12ed-4a00-b484-ebf4b41f45a2",
+    "id": "bundle--114a3478-5535-4287-93d6-8433a7bbcd92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
index dc6780f0ea..6d1984ebf5 100644
--- a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
+++ b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e05bb150-e5e2-4cbe-85f4-530484da1eab",
+    "id": "bundle--74ad7928-b1d4-438b-8524-80c11316e7bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
index a11a04f79b..e70ff8f4e9 100644
--- a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
+++ b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb7fee73-733e-4592-9b32-ee64daee55ea",
+    "id": "bundle--34ca65e7-a8ae-4c0e-ab55-e628cfa88709",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json b/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json
index 8e45bfec22..33513cb877 100644
--- a/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json
+++ b/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--32a3c414-0337-4e2e-a7c5-5b0bb06cbdaf",
+    "id": "bundle--af75bd8f-cdf8-4f08-b80f-e50f86e60c27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
index 6586496fc6..f4658679e4 100644
--- a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
+++ b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d89391a9-159a-4145-95bc-d580e5e547fb",
+    "id": "bundle--61770687-0113-430d-a60d-35522a241689",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
index f49befc62e..9f2d9528af 100644
--- a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
+++ b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d1755cf-de49-4269-a4bd-8f3c7d3216fa",
+    "id": "bundle--6718f2c9-4f05-40a6-853c-e40b8311e553",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
index 55f5bff01a..160ab88859 100644
--- a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
+++ b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59e1f392-e027-4f6b-bc7e-a4bf45fd175e",
+    "id": "bundle--0439bd06-1ba7-4796-9aba-175249622ffc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
index 6f5917dfeb..2304d45f11 100644
--- a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
+++ b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b969d6f-fe32-4f5d-84a2-f50b319ba14f",
+    "id": "bundle--545dc8cb-f6c7-4bb8-be7c-0d0c91b45e84",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
index 1f3c67d56e..cd31b3423d 100644
--- a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
+++ b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fdf5adc-765c-45bb-86eb-b2b2bd30f2a9",
+    "id": "bundle--bebc1cec-484e-471a-876b-039345806702",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
index 81f4a10e49..d6b2471180 100644
--- a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
+++ b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--706e36d9-dd19-48ef-a14a-43d049213423",
+    "id": "bundle--e2022e9c-27e5-472c-b117-923328a27302",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
index 8fd18c4beb..6a0eaa3d81 100644
--- a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
+++ b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bae0c5d-d24a-4da0-88f9-15bd3365fbb4",
+    "id": "bundle--e05ec4de-7818-4e03-9457-5cd135a592b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
index fe8090aa40..4a1e4156ae 100644
--- a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
+++ b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6546a85c-527b-462d-99f6-9bcc577f3dc1",
+    "id": "bundle--85113224-2a2c-44ce-937c-793378795651",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
index 2f2b789abb..8d4598e65f 100644
--- a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
+++ b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70a30d85-450e-4b82-bdca-563deb57f9c5",
+    "id": "bundle--d2dfc58a-f646-4b25-b96a-f5cd73a3278f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
index 5e4a9d8fce..d5e252e17d 100644
--- a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
+++ b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a8a1f1e-5b48-464e-a0f8-322c5aa5b1a9",
+    "id": "bundle--c7a6c2ad-347b-4310-a6ce-2310ac55db47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
index 6cdbd1eedd..fade7aef8c 100644
--- a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
+++ b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--451ebaa6-5a2a-419d-889b-def053957e62",
+    "id": "bundle--121079f4-b5d6-4c11-9cc3-46067856725d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
index f768ba787a..464562cd02 100644
--- a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
+++ b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3e7cce6-8ac3-4e7e-9793-fef3b65c619e",
+    "id": "bundle--b30bcbb7-5bf7-44da-8656-191a449f94f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
index 191b4fd145..3a940629fb 100644
--- a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
+++ b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb0daf96-3ec0-4543-b221-1d58d31e7d63",
+    "id": "bundle--cd2b2f69-3902-4fcd-aaf3-b852f4bea7c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
index 9ffa046360..ed766211d6 100644
--- a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
+++ b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7420917d-ac33-420d-b6f6-b78b468d9496",
+    "id": "bundle--63d3cf00-f92a-4224-9409-e4c2076b218c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
index 2980b3b2d1..dae214ecd6 100644
--- a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
+++ b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b18b1c2-d355-4b3d-b3d4-28703642172f",
+    "id": "bundle--a8adde51-f7b1-4692-a6b2-8d0cf44d06d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
index d37c4980bb..31c5788a58 100644
--- a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
+++ b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d1c26c6-da70-4250-ad09-0363545a111a",
+    "id": "bundle--98ed66e3-60ab-4954-afe8-55b991bd395c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
index 6d8615f119..78efbaff2e 100644
--- a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
+++ b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a91091b9-4098-49ca-bc2a-3f0514b4d312",
+    "id": "bundle--e8ad2304-90f9-4c35-99cb-a4974651e57a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
index fdf6e01830..7a81a6d7da 100644
--- a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
+++ b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--231f50bf-6d7a-442b-a3fe-69c5a64cc408",
+    "id": "bundle--9c62f88b-ecac-4500-8e71-e6d706c585cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
index abfb36e057..9a181022f6 100644
--- a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
+++ b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--edbd1e4b-91cc-4136-8cdc-cef760ed83ce",
+    "id": "bundle--a467160f-245d-4b34-b5d6-67027adf255c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
index d25d2f83ea..a2437a66bc 100644
--- a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
+++ b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1ddc972-b3c6-4230-bd2e-439f04b46320",
+    "id": "bundle--f8db4e07-3b54-45f0-8f58-cd2db3d4fdd4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
index 06685020d2..8eb302bf82 100644
--- a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
+++ b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f30b9ad2-7b17-498a-a944-7f96d92f2dce",
+    "id": "bundle--8d1069af-44e7-4c14-8c41-87b98a43dd87",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
index 4a93a0ea98..e790706b1d 100644
--- a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
+++ b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aee2ea45-ffba-4c79-8e1f-fc5c92bf4a97",
+    "id": "bundle--50512112-a7e7-40a1-97a3-b03c924e77a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
index 312a39ca56..c538d42710 100644
--- a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
+++ b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e948c00e-16d4-49fa-a942-934254863d7c",
+    "id": "bundle--2246a55e-3437-4c29-9ab8-6f0bbfa7de94",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
index 9367fca6b6..a921ee646d 100644
--- a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
+++ b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24509cdb-83b2-450b-842b-669620227113",
+    "id": "bundle--555b6c8b-5971-451d-90b0-eb264ba8b60a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
index aee49aea0b..ce4900f3d2 100644
--- a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
+++ b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e96bd888-95bb-4698-919a-aee974936691",
+    "id": "bundle--8a4737d6-6ca1-43cb-9e24-4deaa2f3ec61",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
index f11083cc01..09fb2cd39e 100644
--- a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
+++ b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2240620f-ec91-4854-aff1-b9ecfc6d345a",
+    "id": "bundle--a871c13f-876a-4718-a433-22d8d27ffe88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
index 5811f6b807..483cb49328 100644
--- a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
+++ b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc46557b-081f-472b-a0ed-bcbe363247ed",
+    "id": "bundle--cd5558b5-def5-489c-8fff-25a000f26548",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
index 6491f61ff4..9728108075 100644
--- a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
+++ b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7dd1a3c4-37e6-4cef-adee-c8f0fc6bc40b",
+    "id": "bundle--6b6aa26b-0afa-4e88-a718-516b3d9ac0f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
index c5d770510c..61a3174bb8 100644
--- a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
+++ b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--574c519e-c5fc-4d5b-8d68-00f0f6af1421",
+    "id": "bundle--c11faa1a-3bfa-479d-8eef-697e3e890f54",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
index 10d8c4f353..d536227301 100644
--- a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
+++ b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fc0077f-5a24-4a7a-9248-1eda146b5049",
+    "id": "bundle--1432db03-5814-4f06-a52b-eecd81395b69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
index d8ccd06f09..8ce0adb36f 100644
--- a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
+++ b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb331a1e-b56b-401c-9565-1504b9bf2409",
+    "id": "bundle--cfef3474-d333-445c-ae1d-191ce179bdf1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
index c15ccbb0ff..4294df5e03 100644
--- a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
+++ b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--322213ce-bcf2-418b-8009-fa05331b3006",
+    "id": "bundle--bccf021b-f220-4a76-a372-558801687fd8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
index ce8bc5c938..bf573fd28e 100644
--- a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
+++ b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0073c68-3ac8-4451-90bb-2d42546bc371",
+    "id": "bundle--f3daebd5-b4eb-46ca-9267-c7c4ef9c7b0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
index 00eddfdaeb..397145c630 100644
--- a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
+++ b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e304a9c5-bbc9-4a6f-9601-5328ff4c6482",
+    "id": "bundle--0ae18061-8383-4831-9810-0f522ca2d001",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
index 5310506a9c..77127d770a 100644
--- a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
+++ b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4de18cc7-4b95-48c1-8345-304068aaaea0",
+    "id": "bundle--f71a3377-9c76-4505-ade1-d387b04a786d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
index daaa21973a..5837c91e57 100644
--- a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
+++ b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b886649-c016-4e4c-a134-e3fe25f10927",
+    "id": "bundle--a9c0b2f8-8ac3-46cc-a33c-f982a77d3235",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
index 82c6b39b7d..ac631b3cc9 100644
--- a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
+++ b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2029d326-e2bf-466a-9aa7-521eb46c6bb8",
+    "id": "bundle--5716b9f2-d143-41ac-91d7-46291ea5c320",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
index e4ab49c7d9..54c7521759 100644
--- a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
+++ b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d5b1924-c970-4e7b-989d-ceb1ff008d01",
+    "id": "bundle--38ddb100-e845-4aa9-8d2a-3e830f4700d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
index 89ce49ff70..708fe5073e 100644
--- a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
+++ b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e31caf33-72c9-4f70-b25d-749f1cb188be",
+    "id": "bundle--80108736-bed7-4976-b4a6-032fabb10b19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
index 726a12ab96..1258d9a210 100644
--- a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
+++ b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5d90688-7e43-4f0f-a08a-d9a2bed260c2",
+    "id": "bundle--0a331188-c860-4067-8fd2-923b9af3cf60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
index 299bf9c52b..377a64362f 100644
--- a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
+++ b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c8ee0ba-7341-444e-ad4a-77d0720e24e2",
+    "id": "bundle--8a46f55c-da40-4739-869a-675e7f5c0c3e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
index 3bf91e21e6..efbcd86320 100644
--- a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
+++ b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68158ded-00ff-47df-812c-fc32396e444b",
+    "id": "bundle--ab105519-1482-488c-a3cd-8f77d46c0e94",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
index 87e1b6cbbe..234a553e7b 100644
--- a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
+++ b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd3cae8d-6ed5-4e97-ae2a-b2a6304e3d53",
+    "id": "bundle--365bd3ba-a8d1-4daf-84a3-9b688c9022a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
index e980ff01cd..85bbc1129a 100644
--- a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
+++ b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d655133c-12b2-4c0c-a20e-b750c6998785",
+    "id": "bundle--5a80d93f-4a4d-41cc-83dd-7232a5208627",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
index 53f9afb3b3..158d4818b7 100644
--- a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
+++ b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--460301a8-d003-4116-ab50-c91fa1ccd1c1",
+    "id": "bundle--94615b07-8c7b-42e8-9467-89018ae996a6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
index 3f91836e9a..9187f45527 100644
--- a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
+++ b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d46a4f4b-9cf3-4a68-b69b-e0e10fca8816",
+    "id": "bundle--a697dae4-1c52-477b-b39f-7d3be7eb6db0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
index ddf6f97af8..73a692a72c 100644
--- a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
+++ b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35098830-958b-4ad0-852c-5ace882f2895",
+    "id": "bundle--3c7d6d72-c53d-45c0-91c9-ef6d2dbc77d1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
index 4487a28f8d..f35ed9cceb 100644
--- a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
+++ b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1242e454-920e-4f01-9d6d-dd5a44c809e7",
+    "id": "bundle--59f4a1af-58d7-4904-b486-bd9c92dfdf0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
index 13d36d2150..170eb48966 100644
--- a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
+++ b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea9682f1-8bbd-43a1-9dcb-1957bf344d65",
+    "id": "bundle--55318727-bd08-434b-b724-e09bdd5af729",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
index 9fd97d2088..9f53f51984 100644
--- a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
+++ b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--738eb4e7-20fb-47c1-8e5e-28a1e06c7b58",
+    "id": "bundle--4429fca4-5e93-499b-af36-f257bf3115e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
index 0794770711..e6f0472dab 100644
--- a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
+++ b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7db353e0-2abc-45cd-a0eb-22248f0bc479",
+    "id": "bundle--c6baebcf-a0a1-49be-becc-5f613e6ac393",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
index 1f4dc59bc1..55f9209f22 100644
--- a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
+++ b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e886f47-43a4-4dc8-b761-ae9300ba6149",
+    "id": "bundle--ca443146-94e3-49af-a49d-c29e1f6b86b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
index dda419c479..1bde89b474 100644
--- a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
+++ b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7579d56f-e1e1-480c-a2d2-1f5bef5d6fe5",
+    "id": "bundle--b4578d7b-4997-4e3d-9b4d-175566180610",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
index 30d303fa84..7c66eba0d9 100644
--- a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
+++ b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0f4fdb0-b48b-4b2f-8c60-5546207e932d",
+    "id": "bundle--286dfe0d-b270-46bb-9fca-59903979d490",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
index dd20e12990..b0bf5989a0 100644
--- a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
+++ b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d86b898-e502-476c-9c3a-46e60c024b76",
+    "id": "bundle--fcc33e8c-9442-49ea-8103-12b5336aba48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
index 6b9f68d8ab..346cefda0d 100644
--- a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
+++ b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6745dd10-45f3-4d30-8ca0-33625bb2672b",
+    "id": "bundle--4689f9d9-e3a8-41c8-b5b2-c773627290d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
index 2b46549477..ea354b1831 100644
--- a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
+++ b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3058b3a-7543-43bb-8fda-0a422bc95bee",
+    "id": "bundle--42678dab-1535-4f13-9685-e4b158e829ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
index e0b0d4e6d4..7ec854854a 100644
--- a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
+++ b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4c7606f-18bd-42ef-ad97-6967ca875ac4",
+    "id": "bundle--ed5730b2-db52-4823-9891-9952950c2afe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
index 4e3408b910..1135721bda 100644
--- a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
+++ b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9385df7-d7d0-4fa5-83ef-07cbac1cd86f",
+    "id": "bundle--a114c468-c563-4b45-84f7-c8c782825767",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
index b2f3cafc2c..68ebb94591 100644
--- a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
+++ b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b730af0c-7da4-42ba-bb0a-9436804b8ad2",
+    "id": "bundle--0c41a04d-4d67-418d-9cb6-5d62eae330eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
index 9eb3c0c27a..9f3484c6c9 100644
--- a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
+++ b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61daa487-3f66-4a40-b79a-6748f7c51fd0",
+    "id": "bundle--f0b55f29-dd1f-4f64-8d0f-72337fe01262",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
index f7c23dcb02..3e3b196231 100644
--- a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
+++ b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b131640-33f4-4b5e-b3b5-e8fcb0e87c64",
+    "id": "bundle--768658d2-1656-4e25-9f97-d20de0038c6f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
index 11680a7e4d..a8ca1e0630 100644
--- a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
+++ b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0beaef5-675a-48ab-80f7-d0083eef7e5a",
+    "id": "bundle--078a23d4-b052-49f7-8502-e2559f1fb7a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
index d58d119b91..79c1c48514 100644
--- a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
+++ b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c629c32d-7eba-4b86-b1ac-da6cf6becea3",
+    "id": "bundle--a1b454a3-3f8d-4b5b-b7ed-d94a32352930",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
index 0b913c796b..d20463b8ce 100644
--- a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
+++ b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8155e639-2163-40c1-988a-fcfb5cb77590",
+    "id": "bundle--e65b08b5-ed94-4455-9238-fbc3dc2e37b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
index 5a949342e1..d03c376de4 100644
--- a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
+++ b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--369cfeb9-9acb-4649-b6f6-3681fdf60ace",
+    "id": "bundle--9c10e39f-b8e2-4f1c-b5fa-2b9441c8bf8f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
index 37812a3d45..5bb6e4a46c 100644
--- a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
+++ b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3e3ec88-0a04-4c7c-90f4-234dc2ba57f4",
+    "id": "bundle--06e4ed90-9406-45f1-8d92-69cd8633fafe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
index 2e304327f3..796e504d3a 100644
--- a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
+++ b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adb28ff6-5b47-458f-9972-16837298bcb7",
+    "id": "bundle--64298804-2bab-4c5a-9a66-70044898fea1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
index 4397382902..b955551182 100644
--- a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
+++ b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f82c59e-0f2f-4eaf-9560-d16166b6a9da",
+    "id": "bundle--8c67c431-3bba-4787-82ee-99cad85d46e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
index b861ace235..71a01d27f9 100644
--- a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
+++ b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6df31da2-cb3e-4107-80b7-df5e07d9cf43",
+    "id": "bundle--d4b1bc0d-3bf2-4ea1-addc-8cf092a1048b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
index 471a6d4a2f..bdf4500121 100644
--- a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
+++ b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30c060a7-f49e-4db6-ac13-cda173a52ea8",
+    "id": "bundle--1aa40ed6-46c8-4997-8644-8dc183c47e44",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
index fc41685aea..76a01c71f4 100644
--- a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
+++ b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65b2cf00-3259-47a9-95e8-3a9a9609d393",
+    "id": "bundle--5bb869b7-ad53-4748-bcd3-f90efb5cb8f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
index 5d85a62fa9..9ab33dafe9 100644
--- a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
+++ b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e450adf-002e-48af-a5c3-f12a0a455ea2",
+    "id": "bundle--04a4a103-fa40-48fd-9fc4-bd87518d7fcd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
index cea5f87974..fb6b332d0b 100644
--- a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
+++ b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4373899-f526-4739-9635-c5e3968ef32f",
+    "id": "bundle--79e5a982-2829-4bec-8ce8-8a7ef2e20a55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
index 20bbd442b8..f82946cf0e 100644
--- a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
+++ b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f57d2327-5287-4dba-9f10-c0f651e72e32",
+    "id": "bundle--deb0a34b-c214-4853-887b-87f591b30126",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
index 0a3f915433..d003f08af2 100644
--- a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
+++ b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--143a0256-291b-4be3-98b2-ef19770cf012",
+    "id": "bundle--809e8896-6b4d-4e88-b374-bab988933c63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
index 5af480112b..351b7bd4de 100644
--- a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
+++ b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e99e481f-93ae-4af6-899b-0c5e82453bb5",
+    "id": "bundle--21bfd58d-19b7-4322-b904-a3e8aa72bdea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
index f50f81b01b..17511eeb2b 100644
--- a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
+++ b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6831e290-0a45-4364-b72d-6bb9840b11a4",
+    "id": "bundle--39c75cba-bdbc-40ce-8754-39cb82accc84",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
index 1e8d208e82..b0725ac2eb 100644
--- a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
+++ b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9a935816-c11e-4988-9543-57a488eb5593",
+    "id": "bundle--30fa729a-888d-40de-8191-e78bc5afa2a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
index aaa20dc56f..1eacd03f7f 100644
--- a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
+++ b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8f348e4-4417-45e1-a9c2-2143e1357b30",
+    "id": "bundle--1d601b34-b4fe-4c8f-bdcd-1fc93d72d8d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
index acc8a6fa04..610a07fa66 100644
--- a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
+++ b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--728288ed-57ae-4014-ad5b-0b11ad39a9a9",
+    "id": "bundle--f7d4cd79-c3b0-462a-aa8b-6176055aa851",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
index f36d747f0e..466a94fcbe 100644
--- a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
+++ b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77f919c9-55a6-41b5-8228-7fb4f6bf83f6",
+    "id": "bundle--fdccb2a5-bf22-4a4d-a95d-3978e1486d50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
index e775962a43..82eb27d71d 100644
--- a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
+++ b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd7ae164-1664-4462-af70-d6787e13b3c6",
+    "id": "bundle--64792655-46c5-45a7-8df1-0fa51bfe82ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
index fcc1feb7dc..03eb0a1988 100644
--- a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
+++ b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20c4597e-9646-4622-a392-715ad50283b2",
+    "id": "bundle--9bb43da3-cb31-4156-8409-37d43e274ca5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
index b4fbc10fd5..45def881c9 100644
--- a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
+++ b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81a8b835-ab7b-4e38-9b10-8a340c47911b",
+    "id": "bundle--2c95a337-54a1-417d-9b1e-d77292906d11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
index 7c397e71ff..5affe1f600 100644
--- a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
+++ b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39b08720-3034-454c-8a54-37c77807eb55",
+    "id": "bundle--709a17c8-b855-4b42-a85c-aae44348b5a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
index 6a14fc1743..91ef1c901a 100644
--- a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
+++ b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9424d90f-9f8b-42c7-9700-16e2dc30345f",
+    "id": "bundle--9c2b9591-2ac7-49ee-ad95-ac524fd76758",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
index c528b610b8..cc7ee10928 100644
--- a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
+++ b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--17037615-aa65-43d5-84b1-420b538abe4a",
+    "id": "bundle--64d8ce0d-999e-4fb9-8c3e-2dd608b62799",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
index 2e6a02b3ae..174cecdd4a 100644
--- a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
+++ b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cedecd1a-199b-4bf7-b6f2-cc72b82d827f",
+    "id": "bundle--201a2820-ef7b-48fe-9ff4-803f5be87ea6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
index 76f597e844..a4ca5181d2 100644
--- a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
+++ b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--779fed7b-9e60-40a5-9858-02052886337c",
+    "id": "bundle--d0b307a4-0eca-43b4-b726-1d1037b23ccf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
index 28453b7b1d..5307bcfba7 100644
--- a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
+++ b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc71d7c4-2826-4d98-9f19-611813ae4e2f",
+    "id": "bundle--2c679260-a1e5-4feb-8d54-33b64b4a36b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
index f331c1180b..bdb1004f14 100644
--- a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
+++ b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e53e108-9723-4ca1-b697-ced38168703f",
+    "id": "bundle--c3f282b9-945f-49db-958e-fad600ca3de6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
index 27acf45fb2..73f942ca19 100644
--- a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
+++ b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bd01cb1-4b4a-44c1-aa16-33fa13d0fd73",
+    "id": "bundle--9b653c6d-1528-4f71-a05b-851132da3346",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
index e6460a4e28..e18ed97627 100644
--- a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
+++ b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4132ebb-8f62-4c4d-8cee-80c1608c5e35",
+    "id": "bundle--e8518af0-f278-44fa-a9cb-30292f95ecdf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
index 969fedad75..660e916f40 100644
--- a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
+++ b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd61c503-f949-458c-ae24-052f29980a77",
+    "id": "bundle--4c28866f-3779-4a47-8a54-bcb6b17b5a91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
index 511eb320c6..0b0daf6b0c 100644
--- a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
+++ b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4a13317-c99b-40ad-a2e1-182d27910f81",
+    "id": "bundle--4311a0fe-1f26-4c85-ab48-8692bf523ba0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
index de43b313ba..99c11e3571 100644
--- a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
+++ b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33ac8a81-d157-4637-bbce-1b1225c6c9fd",
+    "id": "bundle--6ad89381-ef2a-44e3-b652-cc0076987d99",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
index 7d1389d365..7f7d5ab9ca 100644
--- a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
+++ b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f80dda1-7ef2-46af-abe6-3ac81f3ea30d",
+    "id": "bundle--f5b553d0-9939-43f4-8835-2c90549f5153",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
index f5a561ee2f..9de12bf361 100644
--- a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
+++ b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ccc706ba-384a-41b3-93b0-fd007d654654",
+    "id": "bundle--627be0a9-c85f-4c5f-a222-ca0498f8f162",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
index 4f3ae3f052..1fd7fc2887 100644
--- a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
+++ b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5c7d38f-0ceb-4b6a-a360-fe623057c663",
+    "id": "bundle--45f1b670-8b23-421e-aed3-bc578b0675ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
index 8ec84d6e03..9d4302e2e2 100644
--- a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
+++ b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49269aff-5a14-4386-b423-238344a17264",
+    "id": "bundle--6b34b6ef-d0ec-466f-bd41-3d7582ee2c60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
index 5d4d43b577..2b3e3dead8 100644
--- a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
+++ b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06a1b6a4-a396-4875-96f3-9caa4d5c8c1b",
+    "id": "bundle--a7deb6fa-dbea-4f04-a280-a967f73a81a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
index 6e2e5183b5..855295d23e 100644
--- a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
+++ b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c331bd52-29de-4c4c-92bf-a0c7edf2e0b8",
+    "id": "bundle--a3ef89eb-1c7c-4cf9-a10d-d5eb9cb45d47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
index 05032cf48e..d54abcf75a 100644
--- a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
+++ b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4359ac08-f519-428a-b776-5f6f431a5722",
+    "id": "bundle--2dc477f7-3230-4343-a91c-98e119b700c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
index b5a7431e24..fc9fba43d5 100644
--- a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
+++ b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f343e34-830f-45d2-a854-2c6afc01f069",
+    "id": "bundle--e8fdc73f-92fb-4a94-a3d9-b3d569117c7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
index d03eb28fdd..28cfcb2cb1 100644
--- a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
+++ b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a92ffb5-cb9b-4c51-9fd5-48e6552825cb",
+    "id": "bundle--a0b6b2c2-4dbf-4b81-986e-0ee0fecf378b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
index 0e9057c832..fb97b0fa79 100644
--- a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
+++ b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77b6e351-482b-4936-8d45-237e9b480358",
+    "id": "bundle--9dfcfdc7-5907-4d0c-aa67-8d016ad94c8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
index 1d0ffc78c4..7b82024f16 100644
--- a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
+++ b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61196c53-0543-4306-98e5-b65b33fcbb15",
+    "id": "bundle--12262b19-6ca6-4d8c-a910-dcf2f8b23b1e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
index 286833ae8e..8c86874c5a 100644
--- a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
+++ b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18d7c0db-6cb9-47cb-bbd9-923430eb8d42",
+    "id": "bundle--4ae9f120-0430-4974-b4c4-da13e9100f37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
index 30e4297828..12b6ae34fc 100644
--- a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
+++ b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3aa193f8-8d6e-4707-b909-bc80dbc01359",
+    "id": "bundle--073f8fe7-3e78-474a-ad46-38fa53d5b077",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
index 7467d3d171..0fcc01c41f 100644
--- a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
+++ b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13b5e274-7d5e-4ef6-bc4e-86d609c4d9d4",
+    "id": "bundle--bd5b1edd-6524-45a1-b195-34f55128d7a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
index cc7845f8c0..ee88a32f61 100644
--- a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
+++ b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a3ede7a-214d-4c44-bcd6-8747cbeca67d",
+    "id": "bundle--d73f847d-b744-451a-a329-e9fe4867de79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
index e7f01a542d..ae6ba9ddb1 100644
--- a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
+++ b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d123f14-3165-481f-8f04-29d5cad0eae0",
+    "id": "bundle--a989faeb-440d-409b-a41d-8008f528fbb1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
index 83ee39d264..14b8b22640 100644
--- a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
+++ b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e51ff50-2a8c-4187-b36f-3cec34cf59ea",
+    "id": "bundle--c218c866-a0a5-42ae-b9fb-ebe7af74a95e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
index 00afb54756..49e88e8bfd 100644
--- a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
+++ b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb3f4cc6-1754-4c90-8526-d58e480140af",
+    "id": "bundle--3ba47809-b6b8-4677-a524-5d692bbaebff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
index e8ba78b159..060588fd75 100644
--- a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
+++ b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56486f44-9e0f-4c2d-84f4-d83c74ea42a6",
+    "id": "bundle--601caf1e-908f-4d7e-b282-bb621385ab2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
index 9acc1f3339..75981ada24 100644
--- a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
+++ b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b184f6d9-fa97-42b6-a4b4-832d3683b480",
+    "id": "bundle--7b9963d2-7c28-40bd-9580-2b5fd7f27e39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
index fca8a3e58a..298f9e9609 100644
--- a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
+++ b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc337a85-c2b8-4972-aceb-606c5a770210",
+    "id": "bundle--290c4eed-e0bb-4c12-9839-6ea66ce798fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
index cbafe5126e..4673de6794 100644
--- a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
+++ b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f69a4b78-b2bd-4a14-8b31-c62c16238629",
+    "id": "bundle--ba3d56b2-65b6-4a60-b149-07fd631af081",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
index 791beda036..7bc1b68cbc 100644
--- a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
+++ b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b3370b1-7cee-4958-8c8b-922cd2789888",
+    "id": "bundle--6295d43c-f2e0-46c2-bb80-6267ca5f8618",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
index 813c98a02d..107ff2f807 100644
--- a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
+++ b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e908e88-25c1-4746-b862-ad6784ed7515",
+    "id": "bundle--a9cb8c84-2c61-4722-8334-c8ed4653ebfe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
index f66cf2a3fc..67d9016357 100644
--- a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
+++ b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78976b9d-c8d4-4283-97de-35c29dc7cbda",
+    "id": "bundle--fee7c80f-ee20-4e7f-a7b4-8cba56cc7803",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
index f5516ea762..10cc2b12ff 100644
--- a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
+++ b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa8316a3-8c78-4e0c-9c17-72474c659844",
+    "id": "bundle--57b619e4-64fd-4fc3-b7d2-2e04e4acdfd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
index e1b1fa40a7..7222439968 100644
--- a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
+++ b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--844f148e-7078-4f75-875a-338176f2c261",
+    "id": "bundle--3eb266dc-17a0-471d-aba1-88a1e18a27dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
index 15511effd1..e540d094f7 100644
--- a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
+++ b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--19991345-d7bd-4ff8-a445-91dad3d7bab6",
+    "id": "bundle--09478150-3fef-40bf-91a9-d88af300d9ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
index 6956e20f67..11dab16cf2 100644
--- a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
+++ b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59ca6316-5f82-441d-af49-2cc0b9adce13",
+    "id": "bundle--f9d65d01-535f-4e70-8843-c0927c9562eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
index 6ff58f5aaf..21219c6bb8 100644
--- a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
+++ b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0cac23d2-6a6b-4697-ac0b-b7cf8bec3c49",
+    "id": "bundle--6750436c-8d87-467c-bfa7-5c50b3a6b149",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
index 349cd4bf4e..c79e845f0a 100644
--- a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
+++ b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b061938f-0b53-485e-b4d6-4a6e9a433c40",
+    "id": "bundle--b11094db-e19b-4298-a5f3-c0c36bd9d20e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
index 4cfa9cb512..5987387a49 100644
--- a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
+++ b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14c2049f-8d69-4465-8543-9279247df392",
+    "id": "bundle--568fb805-75a6-4883-9dfb-8ceb65716a5e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
index cb7695a511..20401e13a1 100644
--- a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
+++ b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dd39e22-6f7c-4906-82e6-44e11065cdab",
+    "id": "bundle--621f4215-25f2-4399-8288-6cd0b2346493",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
index 2552d9967b..77aaf283a8 100644
--- a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
+++ b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f19bf552-8dcf-4604-a717-22217726b168",
+    "id": "bundle--cfde2819-c8e2-41fb-a4d3-20754a73fdfc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
index 4fe6c0aea4..957aab0ea2 100644
--- a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
+++ b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f6b76c4-db92-4fe6-bade-70cf03cd63f5",
+    "id": "bundle--d7f8fadf-f2b7-4f0a-8c11-b8137636fff1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
index 66a789787e..65a7a2c354 100644
--- a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
+++ b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--92dcd354-4534-426d-a37e-5d3f1bebe718",
+    "id": "bundle--e487ee60-0bb2-4897-af9d-8ff5a6b68d91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
index 87bc06c3ba..e7b4f543dd 100644
--- a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
+++ b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa7d29a4-55a7-4297-ab99-17cc1a9c18c2",
+    "id": "bundle--0cddfc7e-9af7-419a-9278-47d2bd4f2aca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
index 542bc6bd03..3de76cc39f 100644
--- a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
+++ b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0742fd2c-c9a8-432c-8d32-30fe0f703e15",
+    "id": "bundle--62b1b537-d80a-4f33-b40b-32d25dc9ad96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
index db3d024799..a907fbeb94 100644
--- a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
+++ b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--025a26ee-8d66-4396-bbd6-256c445d68ed",
+    "id": "bundle--0182eec5-0821-45d5-88da-197449f7149c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
index 61cbc278fb..4f9c8a4a20 100644
--- a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
+++ b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8306434d-f6c3-4316-b8de-acc8555dfff1",
+    "id": "bundle--a263a78b-36f1-483b-b0b8-9d529b993ea3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
index f3e8be4bc2..962a2fa879 100644
--- a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
+++ b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9232950f-7b83-493d-81d3-cb97cbc1c0ea",
+    "id": "bundle--072cf4d0-6abc-4100-8a01-b987a0a2a530",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
index a081772e95..c028812423 100644
--- a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
+++ b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c13fd574-0001-4c36-92b3-4e3bf57e4e30",
+    "id": "bundle--0f97b480-87de-4a1b-811b-bbb8ef294c2b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
index ec5b9e0e78..d848f4e94e 100644
--- a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
+++ b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a7836fb-188f-4d0b-b9b5-21c2408d43f5",
+    "id": "bundle--33807f48-286b-4649-a3e9-7e30370423da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
index 9a1932b6c1..6477fcf72d 100644
--- a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
+++ b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b85db25d-e31f-4e69-924f-a0c12c80f563",
+    "id": "bundle--93396354-720a-4c65-99a6-37a8396032c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
index f026657757..34052e82c0 100644
--- a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
+++ b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f0a893b-241b-4529-8292-88268b4d3d67",
+    "id": "bundle--c1fff793-3278-4250-b6a5-38f0890bde2a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
index 5b45ea420b..a5e994e080 100644
--- a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
+++ b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23969800-1351-4d85-87f2-716fb051e288",
+    "id": "bundle--ea8ae61f-fc89-4635-a540-a65e2f7e5bc9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
index dd842e6e30..acdcc8185d 100644
--- a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
+++ b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--166e3dba-a56a-4d93-8299-04ce7b224415",
+    "id": "bundle--6f2f4eab-b8fc-4d88-9492-b717644833c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
index 64917fd92c..27355c5c5b 100644
--- a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
+++ b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a70f0f4-7311-41f6-b6ab-ae5428368d5f",
+    "id": "bundle--ed50241f-6c18-4d47-bdab-eb77b5f37974",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
index 2f11113540..fbb48bb0db 100644
--- a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
+++ b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38d15d34-cc3f-44d0-ad75-f0de6b6a7c36",
+    "id": "bundle--bdb24bb6-fd15-4faf-a867-6c2f1551c049",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
index 15335041e3..06a99c1872 100644
--- a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
+++ b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16d96438-41ee-45e6-8cb1-d7d0a9ca61f9",
+    "id": "bundle--9a9b5fb4-3dd7-4b67-86b3-b8f68f222663",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
index a150591560..3b6f8786d8 100644
--- a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
+++ b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a661d08-d063-46b3-80d4-4fc23a7fc925",
+    "id": "bundle--e315e176-85b4-4ba5-bdcf-dd65c7dc7f64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
index 80b08a0963..c95f3bf259 100644
--- a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
+++ b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5494b55a-68db-4564-8d6e-cb526bf3adec",
+    "id": "bundle--ce1e8783-2d4f-4b6f-8c72-4511ea783fea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
index b298596d8d..b223caab0d 100644
--- a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
+++ b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27039665-b90d-4857-9cd9-eaadbd299472",
+    "id": "bundle--f5c09bb8-e8fd-4c38-887b-c549fe1df904",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
index 9b51eb666a..f28c36601d 100644
--- a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
+++ b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--69c1cb39-3778-4251-9cf5-62b3c6db878a",
+    "id": "bundle--f7835414-9d0f-4f3f-8b76-2611a23e5928",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
index 23bb5cb865..c425afeca0 100644
--- a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
+++ b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2cf3bea-9fd6-4565-a7a1-f702d339082b",
+    "id": "bundle--4daf376c-ddd2-47a9-ac53-3b1e874fbe0a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
index 56eef01ad7..7b7c204a78 100644
--- a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
+++ b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d144f0b4-1f49-4e3e-bd71-2982ae426295",
+    "id": "bundle--a5c9dbaa-5daf-4a10-841e-a4af3b9ace30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
index fd26231a61..da9041dbf9 100644
--- a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
+++ b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d63b9d2-c8fc-4df8-9f1d-9c03ec7aee8e",
+    "id": "bundle--4178f7c5-b4cb-4335-bd14-9a472063f552",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
index 363e7d7af9..ba315bd927 100644
--- a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
+++ b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71d3e0d8-9992-473d-9eae-12d28369dc9a",
+    "id": "bundle--58838d5b-2b7b-4c9d-ad74-60c6f4fec34a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
index 6a7c5e6c5a..e06946ae77 100644
--- a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
+++ b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9b91837-a335-4976-be92-deed513d2bb8",
+    "id": "bundle--5ba0de27-65c6-4f30-a8d9-d3756e205874",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
index d8d94f00f3..0eaea07b54 100644
--- a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
+++ b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--850b7f74-2eac-4cfe-8b95-0f9e74c0b6f1",
+    "id": "bundle--16a264d7-29e4-4676-bb5c-713e18c51c4e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
index fcce0b3133..d7dfb78f84 100644
--- a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
+++ b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4f11afe-e35a-4295-8b64-6c20530454b6",
+    "id": "bundle--4de30db6-df32-4c94-8ab2-60ccdd7b4418",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
index a3155deada..d505d9ed99 100644
--- a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
+++ b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--caef1c59-09ba-4d27-b26c-44a5a2338935",
+    "id": "bundle--906fdb4d-58ac-4068-bd4d-1cfb34eb10e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
index eebe2f5313..1ec380492d 100644
--- a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
+++ b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f736888-3b05-4b34-aa55-c1596f613ed0",
+    "id": "bundle--cc1f35b8-f30c-44e4-aa07-4a12b5915e19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
index cd18a864c7..c0b4c30c2d 100644
--- a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
+++ b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1047b5d0-ee48-4b18-9306-e68164ebc969",
+    "id": "bundle--a053f4f6-d576-479b-b071-cbf60f2f5e48",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
index 9609cba0fa..48692575d1 100644
--- a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
+++ b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e55ca6e-a637-4897-a5b3-e0a0cea8aeec",
+    "id": "bundle--2049034e-d738-4eef-b8c7-d8923f2fe8c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
index ca36d2bc35..1a02c58f2d 100644
--- a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
+++ b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0a2707f-2d5c-4453-bf83-54620bc6500f",
+    "id": "bundle--e99697b3-837a-4d41-90d7-974c96a67767",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
index 50b35b2841..aa7344308b 100644
--- a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
+++ b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ed442f9-07df-4d55-b82c-3591d604f80d",
+    "id": "bundle--db56392c-4bf6-4096-ad8e-926af619cddc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
index 65f099441c..f8b0368eed 100644
--- a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
+++ b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eadb3040-62a4-4e0c-8c91-c100e86a41f6",
+    "id": "bundle--4f9e5f63-625e-4c99-9e0a-a6ebe13a3e7a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
index 95d129fec4..701e56d9dc 100644
--- a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
+++ b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bef79c55-3013-4923-8092-504d6fac6f18",
+    "id": "bundle--71790064-59e5-4aff-8774-50c1c5a2f942",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
index cb505e9491..3883c9b974 100644
--- a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
+++ b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eeafbfaa-3780-435e-910d-85ab56560c83",
+    "id": "bundle--df11a78a-d456-40bd-a420-f3cd34aad4ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
index ef3632b721..f1ad72568f 100644
--- a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
+++ b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9af4faf1-2f32-4616-bf96-9be7ad518b6f",
+    "id": "bundle--c4d2e028-e294-48ec-bdf9-6acd54303e57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
index afc765d0f4..9be389fbaa 100644
--- a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
+++ b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--700ce13f-77b3-4843-a4d1-b6a9326180d6",
+    "id": "bundle--9ce52181-933e-492d-9509-dd7bd6ed826a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
index 7f506594dc..1e9b3e8de5 100644
--- a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
+++ b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--512b0ebb-7dbf-4817-b7be-1413d94fdaf3",
+    "id": "bundle--57dccf47-f0f6-4700-a9fb-fd786cd78101",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
index 84f7dfb502..21a28fae6e 100644
--- a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
+++ b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9b2a4eb6-95e7-43e1-aabd-6d8a01fe5c78",
+    "id": "bundle--b8c128ee-b6a6-4e6c-92af-8189797d29dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
index 146f759fcb..8d84c7df5b 100644
--- a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
+++ b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e7368a7-6e19-4aaa-b7ff-77a575be617d",
+    "id": "bundle--609a301e-c348-4d60-9248-05b8b78c21b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
index a1db41a91e..925414cc06 100644
--- a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
+++ b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67432396-3dab-4af5-a199-9068f7a5cd01",
+    "id": "bundle--57a189f8-5646-4310-be8b-22e708ab9af0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
index 64ac041929..d6d04ec22e 100644
--- a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
+++ b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b7de5ae-0f23-433d-a8c6-72f70192d60a",
+    "id": "bundle--08907a4a-14b3-4f6c-95e2-26bcb203a00f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
index 17372f38de..c65fe04e5a 100644
--- a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
+++ b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b195432-8736-49c4-b13d-b4ac543fff4a",
+    "id": "bundle--5b8eaaaa-9ad6-4d99-b869-c594e259c3b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
index 9ff42238f9..6f46617a2e 100644
--- a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
+++ b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5590554c-adb3-4229-a7b6-79f718647796",
+    "id": "bundle--a48e9183-7ca2-430e-b17a-9d00e3e6d5b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
index a0e6a19c79..df76109272 100644
--- a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
+++ b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f64b69b9-2e24-4f40-9bdb-763f42c40fde",
+    "id": "bundle--c2488fba-3127-4ec1-bd45-58503e96ac15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
index 2b363a8548..3f8d126dfe 100644
--- a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
+++ b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cad3f3fe-9390-466d-9441-406f647998dd",
+    "id": "bundle--08baf22a-ac42-4a84-9c4d-c326fc95ef96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
index 21d47bb551..eeae83505c 100644
--- a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
+++ b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39c319ce-0398-4909-953d-d8c9b9e40ca7",
+    "id": "bundle--9777b2e8-19fa-46e3-bbb3-5c6a26399e88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
index 6867fbd482..fa64658175 100644
--- a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
+++ b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--347b9dab-d48b-47cd-87f8-a5e10271a43e",
+    "id": "bundle--b3b5aad2-5521-48a9-88a6-553b078158fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
index 28f688c0e3..735db93a5b 100644
--- a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
+++ b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2279ee29-8856-4f96-8ae6-2451f2e0cd4b",
+    "id": "bundle--5106068d-3636-4b58-bf20-b6486fe7d5f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
index 413e98a3cb..8c14f5ae59 100644
--- a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
+++ b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87ab473f-a7a5-4efa-b320-3c788f990e20",
+    "id": "bundle--0dff8682-bdd8-417d-a5f2-258d821f58bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
index 37d9ca49cc..44c7ca2322 100644
--- a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
+++ b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cd9483c-f7b0-43b7-833f-89ef8301e992",
+    "id": "bundle--fc5aefa6-f28f-448c-8ab1-a71617c3d25a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
index 83b787d044..d3283892bb 100644
--- a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
+++ b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20c772b3-0f1d-4da8-8ca4-ea668c822517",
+    "id": "bundle--6b0c42fd-a43a-488b-94a4-c7b469d0d758",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
index 476c80c0bc..743c78962e 100644
--- a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
+++ b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd73ccc8-0d18-403d-90a5-2be26e5bc59d",
+    "id": "bundle--58e623aa-e547-4fec-9b67-0f244cd06178",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
index da12fcc289..391a624236 100644
--- a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
+++ b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12079abe-91ed-4ead-8837-9dc3b283c129",
+    "id": "bundle--b55b15aa-ab30-4527-af8f-ccb9049d3a2e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
index 4f4f7b6c8a..3cc028b3d6 100644
--- a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
+++ b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1b0e9c4-c3e3-40e5-8dc9-007d17b9cac9",
+    "id": "bundle--c07f8348-2b1a-46a9-9286-70bb9ac7f965",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
index 0607f116f4..90183d20d3 100644
--- a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
+++ b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bbef0ec-fce3-438d-aabe-f68419f18d7b",
+    "id": "bundle--b4224432-e52a-4fa1-a076-e52f4d2f53f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
index 42a87f958d..36127d7ca8 100644
--- a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
+++ b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8bb09fc-76f3-444f-b5f2-4e7eebf82e48",
+    "id": "bundle--31fc1ecb-aab6-440d-8b41-fb8c13fd6e25",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
index 233d657e70..54113f3bac 100644
--- a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
+++ b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0506fd94-3207-45d5-8f67-4ef27e60a2a4",
+    "id": "bundle--2cfa7c51-adbc-4e32-8d8a-96a21de615fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
index b6333ca088..3c4ede4422 100644
--- a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
+++ b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37ee7cf7-b9cd-4b06-8fa4-c98255aa1168",
+    "id": "bundle--ce1478fc-cf41-4db0-9ca0-27892bd4c8fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
index 8a1a3680cd..34cd0355dd 100644
--- a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
+++ b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c51a00bc-5fca-466c-85d7-d0b66fc3bb27",
+    "id": "bundle--9ce3b516-b64c-4ba9-8bae-3599d29d192d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
index e04eaaae5b..f89a2cc08a 100644
--- a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
+++ b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25205a55-1732-4017-a5fb-08853b2cc623",
+    "id": "bundle--0fb09799-39d4-4c55-a75d-cafecd61af50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
index 6c01413a05..80016e9478 100644
--- a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
+++ b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5cc8ddee-8e9e-4983-b7cd-1c74a336c55f",
+    "id": "bundle--47d2aa33-6927-4e50-a9dd-a0bdd21b7e42",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
index 49c7eb51fc..76fbae2b26 100644
--- a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
+++ b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30a0e1a8-b7b3-4896-ae82-6c508fe46337",
+    "id": "bundle--ba7137b3-9d9d-4ad6-900e-fcbe7d999991",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
index f9b8d55bd3..7b2d545452 100644
--- a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
+++ b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--079f5f6f-47f1-4f55-a29d-e1de262b4793",
+    "id": "bundle--e39c009d-8749-4764-93da-96677e923915",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
index 391b827574..d683f4135b 100644
--- a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
+++ b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96b756cb-5049-4a74-bf97-fbeb5927eee1",
+    "id": "bundle--ad40ecae-8265-4ab4-ae19-dbaf8c547da7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
index bd08a6f6c6..02bfcaf5dd 100644
--- a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
+++ b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f81f35d5-0a6d-4531-bb53-0934cc8c0836",
+    "id": "bundle--5438a628-fc57-43c2-bddf-c7b90e7564d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
index e01bd485ac..fbc9b374c0 100644
--- a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
+++ b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b49b9cb-9be4-497a-905b-985ccff4719e",
+    "id": "bundle--49383739-1510-442d-b291-cf47c366e73d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
index 366ac1a21b..d4346eb61b 100644
--- a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
+++ b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66b5f1a3-93a0-49dd-8e20-a0324893858c",
+    "id": "bundle--bb29e7f9-0ac4-46d7-9c48-9558106f31d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
index d6cc2ef413..b7f3d48134 100644
--- a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
+++ b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13f7bb43-3c80-4bf0-a619-9bf204d888cc",
+    "id": "bundle--e17a2ffa-0105-4e16-9680-c9ebfe2f66dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
index 0d28f2bd2b..e97e16da61 100644
--- a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
+++ b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22871458-c51d-4523-8707-175613128b63",
+    "id": "bundle--3b12a560-9298-4c2c-8192-335ebac11084",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
index 500047c966..60416e24ef 100644
--- a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
+++ b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c7a54fe-e49f-4b16-aec8-cc5e3440f1a7",
+    "id": "bundle--a4d6452b-0c98-455b-8247-86b68458920c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
index d654e351a4..710331ab06 100644
--- a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
+++ b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44a59972-d3e3-4633-b218-1b25a2a8312f",
+    "id": "bundle--7798125b-4757-4fbf-80d1-33ab3056de7e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
index bc1697a296..484ecf0d1a 100644
--- a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
+++ b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c052ddb2-0325-4a30-8672-e5c8a5ce9ed4",
+    "id": "bundle--4a728f88-a50e-4e12-8051-9a6bcd0dce0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
index 933875deaa..09265fb637 100644
--- a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
+++ b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97a25d88-308a-410c-aaf6-6bac8789a072",
+    "id": "bundle--a9955d76-5184-489d-a1af-72475373f32c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
index 995450f5c8..59f5acd7f1 100644
--- a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
+++ b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd6a756f-4667-41b7-8637-ddefe37abe39",
+    "id": "bundle--02a80582-2ad5-4775-a60b-c1e7aef5457d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
index 80f088496e..5ccf76249c 100644
--- a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
+++ b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a435bf1-d27e-48bd-ab45-d06ce8451e90",
+    "id": "bundle--10e4dc83-5718-454d-95f3-baed4bf2ffa5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
index 0beb7a1c80..10a08fc5ec 100644
--- a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
+++ b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0833f4b1-7d17-4113-b08e-f7aa6ff0a304",
+    "id": "bundle--d98fdd9f-c211-4818-b4e6-62f6abbddb6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
index 29ae3de7e0..4a5d2f3720 100644
--- a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
+++ b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0047848b-3000-4463-b343-8fea953f76d2",
+    "id": "bundle--69356f77-0532-412f-8309-3fb4e08c4d67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
index be1e822c88..39c018809d 100644
--- a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
+++ b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c595474-9100-470a-8335-9d77c87d39c4",
+    "id": "bundle--4745de68-ee3d-47f1-9b9b-da773869c707",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
index 6159c3265a..47e579f0ed 100644
--- a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
+++ b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dfdbb3b3-6ffb-4a53-a2ae-58cf3dd19ed5",
+    "id": "bundle--d451c131-a734-4ad9-9a34-a560090e47e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
index 2d6c67f2af..a6b904c22a 100644
--- a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
+++ b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1e73ea28-8da3-49fe-b306-11a61e4b51f8",
+    "id": "bundle--8ec30ba9-6fc1-4ddc-aaaa-65dbd223887f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
index 5908f24227..2b516219bf 100644
--- a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
+++ b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b530c201-84c0-48b2-9658-4fcba44d839d",
+    "id": "bundle--c9b27ecf-d415-4ca8-8429-f5c4f28aac78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
index 48c60a6f6c..724a70e25e 100644
--- a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
+++ b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--508e254b-000b-4458-8eb3-6976e563bfb4",
+    "id": "bundle--11470dc1-0b59-4759-a25c-63a39e72bfa1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
index 8f8754db34..1a06466c06 100644
--- a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
+++ b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78c5889f-db64-41a7-b7eb-943deab0e125",
+    "id": "bundle--58f29288-810e-490e-8be0-54926e599b3e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
index f9b91c05d8..b770c53fdd 100644
--- a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
+++ b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac45895e-cba6-444e-ab97-0c82a2207cc5",
+    "id": "bundle--bc78fd52-9445-463f-ba1b-e4291734d4dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
index 3f8af8c14b..93414b0690 100644
--- a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
+++ b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4eca5421-6fb5-4878-bec0-628e0f3d6282",
+    "id": "bundle--7a088e7a-bda6-404e-83f3-b2689fb6a8ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
index 732ee1f740..7c33e58073 100644
--- a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
+++ b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3831285-dcb9-4af7-a9a4-8b832545096b",
+    "id": "bundle--3567bb11-ca09-48d8-b1f1-7da0c07209be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
index fc80b0c635..e759cdd4b8 100644
--- a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
+++ b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d4284bc2-fd91-4d90-8f29-d26a132a5357",
+    "id": "bundle--b2a27afd-3f87-4c23-8dac-cb60187a10a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
index 98ca51cc69..1c39ceeaac 100644
--- a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
+++ b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb2c453e-817b-4ac3-b961-c2bf20db185e",
+    "id": "bundle--58a6ef9a-8a70-4f7c-b63d-b0012421a30c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
index 37d81d4988..c6c1470a9b 100644
--- a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
+++ b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d2627ce-99f1-42a8-866d-fb63f52e0fcf",
+    "id": "bundle--ff64639b-d72f-4a26-b4ea-502df937bc31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
index 0cc8cdc3bf..0d425a02d0 100644
--- a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
+++ b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--df8c796d-9600-4261-881d-100e717d2b92",
+    "id": "bundle--9189f716-6234-4c6b-82cd-469087b5978b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
index 9b1a806088..e8033b8de6 100644
--- a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
+++ b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--953c1d7b-1701-45de-b394-8ee53e6b92b5",
+    "id": "bundle--3fcd2af2-00fe-42d9-9e76-92b614e55d27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
index b55314a061..0f1686cbfd 100644
--- a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
+++ b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22b9c5d2-6a81-4437-b94a-6a6e8068e4a0",
+    "id": "bundle--feb06ef6-2c92-4ff0-8e9b-28de530bca77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
index 058bdcce9d..c2299ceebd 100644
--- a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
+++ b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f409538-89c0-47ae-96ee-3d77abdf7f8b",
+    "id": "bundle--53ed1243-253d-4722-94be-86aa602fb370",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
index 9e64df7710..999dda46b8 100644
--- a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
+++ b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdb9a037-ea97-4c8a-a96b-71c06ce1de2f",
+    "id": "bundle--39dbd755-4dfa-4991-a359-ae5812f5f4c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
index a0a171e870..3eadff1761 100644
--- a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
+++ b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6cd40490-64eb-40d2-8469-9f5bc1f57bc6",
+    "id": "bundle--99041e88-1e70-4ed3-9ffd-0f3e53262d3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
index e776eb5e77..bf1af7ef30 100644
--- a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
+++ b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5c2a8f7-3b57-40db-b789-64e6171845aa",
+    "id": "bundle--7c32c0e1-5dac-4349-9747-36a2f82d2b8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
index 0ef2c4228f..bef0d95dd5 100644
--- a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
+++ b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8f5750e-be93-4a8f-bdc8-c27875ae951c",
+    "id": "bundle--d8879233-7599-4418-83bb-19f415ac0170",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
index b7845beacd..228ed0fd7e 100644
--- a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
+++ b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--905179fe-e56b-489c-a709-d8e22a3f68c0",
+    "id": "bundle--518165e8-f38e-4405-8835-4e8d5c5dd526",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
index 705b37f5a4..09c978cc98 100644
--- a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
+++ b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d116e4a-56d7-48ee-9c5f-01a3c316b8bf",
+    "id": "bundle--07f22e47-42cc-4abe-a8be-12cf26b2587f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
index 98f7a0e6fd..6e1f5f543e 100644
--- a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
+++ b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--58e88f52-7a6f-461d-a629-257d392fc213",
+    "id": "bundle--00e0cc2b-9da6-4abf-8006-35f02f856d5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
index 80c5a5202d..e298fa794f 100644
--- a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
+++ b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0dbd607f-fa2d-4f88-bdc6-427cc314bc25",
+    "id": "bundle--9b223455-9762-484b-a289-195bdfab6520",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
index a777c23d2b..81ddff254e 100644
--- a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
+++ b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1639367-9b7b-435a-a5bc-4c6ac5afd2f3",
+    "id": "bundle--f5d27957-8857-461d-9b5b-9b6c5ff7b3c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
index 6866714be3..9b4df8ff0e 100644
--- a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
+++ b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d46aa72-0b5a-414c-be70-b6313049f103",
+    "id": "bundle--9e7793b2-c9a5-433e-bd0f-09a6820a0b85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
index 087b7cc54c..b98fc80a73 100644
--- a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
+++ b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbf54182-9a5e-4b1f-b8e9-af759caad126",
+    "id": "bundle--6caf0ad0-d1e9-4f6d-ba57-cb280ad15cce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
index d167b3dd5e..c596a3ea3f 100644
--- a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
+++ b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81d797a9-a4b3-4db3-abc4-db3dbc9f863e",
+    "id": "bundle--250faa73-1420-494b-baad-8a0717bc0b5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
index 5864d4593d..5d36a1a95f 100644
--- a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
+++ b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c483c3ec-2a39-49d0-a65d-5ac325e8fc44",
+    "id": "bundle--82c80182-0b38-4e48-ab19-2a6ff8604b06",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
index 8aac5898e7..287861d7f7 100644
--- a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
+++ b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1b6afd9f-8ad2-4e05-af0e-56c3ac3f5278",
+    "id": "bundle--36d32e87-8ff0-4f60-8951-a2084bb6b11d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
index 76d1351cd8..572cbff7ee 100644
--- a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
+++ b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2dc2fdf-d570-494c-9724-6c4c22f24ce7",
+    "id": "bundle--cca09a36-e067-41d6-8750-b31718381681",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
index e5e59faa60..936ee08e7a 100644
--- a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
+++ b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f504597-fdc1-419a-952d-7e26ad5dabd2",
+    "id": "bundle--8cfe847e-51cf-4657-8f45-b9bf7590355a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
index e8a7abf842..82e97168c2 100644
--- a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
+++ b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07bd7734-7a64-45dd-b7b7-e9b9234a5a06",
+    "id": "bundle--cf2ec8f2-4da2-4529-aeb7-7b027aca552a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
index 2260e5999f..191362dc5d 100644
--- a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
+++ b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e0c1377-715c-4a73-8e03-5c48c324a4ec",
+    "id": "bundle--b8eec145-a53e-4309-ba86-d7515b4f9d45",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
index 1c4172d267..d5e92405d6 100644
--- a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
+++ b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f246ddc-2ba6-460b-bbf1-1aa6d47f53fa",
+    "id": "bundle--5104e430-5446-4b91-a48a-3fb908a12b07",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
index 35944f9350..8b21711511 100644
--- a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
+++ b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11a304e6-7516-42c7-b1be-033d2d31caaf",
+    "id": "bundle--e9cba48f-371a-4a2a-b1c6-d2c4d56f4753",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
index 487bfc4d8b..5b560a85ff 100644
--- a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
+++ b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--529094fd-0ac0-47da-96bf-7ab3f4cbf3e0",
+    "id": "bundle--37bb8671-474b-4be6-b773-0e476e9f5195",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
index fed091620f..e3bc61da33 100644
--- a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
+++ b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3d5d921-698f-4bd2-9d29-4b6a99823a8f",
+    "id": "bundle--949555f1-9b95-4321-960d-f7d4fc5b5bc4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
index 7b2ace3527..4bfd8da7e8 100644
--- a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
+++ b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--994fd2f7-e1e0-45e7-9485-7d35becdf338",
+    "id": "bundle--cfe19e07-e6ec-4ce7-af35-e55eb6f7cb16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
index aa79ecec3c..90eee60465 100644
--- a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
+++ b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa972bf6-b506-46e4-88ad-2f8e694479b9",
+    "id": "bundle--bff001ac-3772-4081-a34e-34d6dfa5d18b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
index 584fb63fc5..a153866017 100644
--- a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
+++ b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb1a877a-31a9-4ce2-b385-8baa88683958",
+    "id": "bundle--ed2847fb-9429-4363-8f6f-00c5d7141d0a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
index f47d04ad7f..34c8189d93 100644
--- a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
+++ b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bed83ab-5020-4817-9b82-d2e54554da45",
+    "id": "bundle--d278291b-8808-4d19-b4a6-e71e3c8f1dc8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
index 3a3f083228..9f7b0d134a 100644
--- a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
+++ b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bced2fd3-be25-402f-b490-075ae318661c",
+    "id": "bundle--24429e05-9695-4586-bdb2-2c160e0afd86",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
index 02351267f0..381cbea3de 100644
--- a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
+++ b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a81728b7-8a2b-445a-adfc-0f093810afaa",
+    "id": "bundle--93662974-216d-4a2c-9653-efe0c04fd956",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
index b1d6b417da..bb06b1e6ed 100644
--- a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
+++ b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--086b5302-bb44-48d2-980f-c0e2cda8211c",
+    "id": "bundle--fed8f2bc-26f7-438d-a96a-acc968975166",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
index e583dace26..66494cd785 100644
--- a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
+++ b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5ad570c-a857-4887-ae4b-c413404b4284",
+    "id": "bundle--11a90fe6-bcbe-4235-b520-3e96e70a5d4c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
index fff860c51c..4e126e3096 100644
--- a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
+++ b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1af26b2e-cebb-4ae2-a31f-04f3b092e81f",
+    "id": "bundle--0635f904-6237-4191-9d7c-1b991b24b12f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
index 0213c3134f..e679925d19 100644
--- a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
+++ b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84d08b96-c7ff-48d8-8383-b164c3d406ca",
+    "id": "bundle--e4e67908-9713-4527-b4dc-688b8d4aaf4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
index be9551b50d..9967548e0d 100644
--- a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
+++ b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d8e6823-d97e-4e7c-8a25-0aa44b02c818",
+    "id": "bundle--e9b4e142-25d5-46af-8fa9-85422edaa02f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
index 45667287e4..90dc006ee7 100644
--- a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
+++ b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b15450c-3ef6-4e5f-a377-858fab310d8d",
+    "id": "bundle--4934c86f-decd-4f15-b07f-c9d00f200ddd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
index a750d42c8a..90e4413d76 100644
--- a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
+++ b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c9923c35-c028-406b-8389-d2b9c33a383d",
+    "id": "bundle--8382f6a7-1b5c-4983-acca-7098b10aa486",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
index c6d12be3d3..09bc0e331c 100644
--- a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
+++ b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72883630-9f54-4314-b0eb-f11f67800f78",
+    "id": "bundle--e09ed4fd-b05c-482e-bf30-3f082ae9be5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
index 8138981f0d..74a98e58e5 100644
--- a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
+++ b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b4bf418-fc56-4ba4-a6b6-c107d1345ac5",
+    "id": "bundle--fe89895b-da02-4db5-822a-aaf642d9c421",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
index 840fe05309..9d7559de14 100644
--- a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
+++ b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f2d91de-fb9c-43d9-9221-f4c9f429a308",
+    "id": "bundle--9b1e6bb9-b797-49d7-8dd0-fe65bd3e6ba8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
index 6242a5acd9..97a227c31a 100644
--- a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
+++ b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0aff281e-e4a8-482a-be80-b0440c6a3bd0",
+    "id": "bundle--038f298b-0fff-4373-a8da-4d83e2283656",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
index 556dd44db6..0a0a3220ae 100644
--- a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
+++ b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b3b41e3-400d-490e-839e-3a36efcca0ef",
+    "id": "bundle--95058401-745d-4c96-bc5e-a56a1f155429",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
index cdaba2cad0..b568fa8f9e 100644
--- a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
+++ b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44bd655b-4da3-4d2d-8844-5b8de5d746b2",
+    "id": "bundle--36a40255-ee3c-4915-8543-91ebd6228b37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
index 71882fa7bb..2189c81032 100644
--- a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
+++ b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bceddeee-1c6e-4546-8ae2-2d89959e2479",
+    "id": "bundle--40dce7d0-2259-4a7f-a665-71199f2b4688",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
index 94f2272fae..933eab2f90 100644
--- a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
+++ b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a951f5e-16ef-4247-b073-422c875a6f70",
+    "id": "bundle--7eba11ff-c780-4765-ac5b-5f3bb5790fe9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
index 9cc1fa4c8e..636468ee36 100644
--- a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
+++ b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5cf1c17-28be-4bf4-b5c0-c84fb1e3c9dc",
+    "id": "bundle--20d2f304-0327-4d89-84c1-d3ebe1191c10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
index 658eda912d..ccff73bf4e 100644
--- a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
+++ b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--522f0063-406c-4372-b9d6-7202896feec3",
+    "id": "bundle--272f359e-80d4-4fe8-bf90-659ea997747d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
index 8d9402eedb..8cc25d5c2f 100644
--- a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
+++ b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2477a3e4-08d6-4878-982c-21f52dbbc1f3",
+    "id": "bundle--ba334787-d7b0-40f8-bc1b-47c531e4d114",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
index f6cde7959f..2edccd98e0 100644
--- a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
+++ b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb3bc2ed-4d1c-48bc-a73e-f7b28382aea9",
+    "id": "bundle--a4ffd192-6781-4b3e-8bdb-a28cefceccc6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
index 9893854148..a67bc01037 100644
--- a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
+++ b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cfe2f18-3585-468b-bc5a-d25bfb8b0e79",
+    "id": "bundle--da0755e3-8392-4089-9378-571f0b59aca0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
index 048d461bdd..26378a48f3 100644
--- a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
+++ b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3277a53f-7896-4780-b8a3-c4c5c3489565",
+    "id": "bundle--fff8c51d-4fb3-44c4-b900-73ab253f05b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
index 26c15a9aca..6b21aa52dd 100644
--- a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
+++ b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fcd3ab9-73c3-4d5c-83f8-491c374506be",
+    "id": "bundle--5e85bddd-ad14-4df1-aaf4-2dae724a5095",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
index 033289427f..c672020e1c 100644
--- a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
+++ b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--490c8867-bbab-4844-b272-bce2b17c348d",
+    "id": "bundle--216375ec-fa47-455d-8a79-a3d5e5faeeb6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
index e1056f85d0..2f1c9aaf71 100644
--- a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
+++ b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe5a5293-ab2b-4cbc-9702-7753ae35a295",
+    "id": "bundle--fb9e86dc-8c04-43d4-b90f-48e747806f64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
index bb8c014b6e..6f335d341a 100644
--- a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
+++ b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b64ebda-4eea-4a37-806d-6bdda88a16b7",
+    "id": "bundle--bb464b63-0f72-4acb-8f0b-db25a8114fd2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
index cf23924af4..c94c23228d 100644
--- a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
+++ b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e149d90e-6a8f-4f9b-bfaf-c0ff64027219",
+    "id": "bundle--23d131ed-aeb3-40d1-98ce-cedc5fb7c0f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
index 6de3cb3035..d8f1d8a4da 100644
--- a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
+++ b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e45ccd83-7c72-4a58-a875-86d9fe1a3549",
+    "id": "bundle--ba4b2014-b368-4095-885b-d2172debcb78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
index ccce47dc8e..f889f36c18 100644
--- a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
+++ b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23036bf6-5af2-4aac-9896-69d797cd1500",
+    "id": "bundle--83dc9401-ae38-4feb-94f2-ec7cd933cf91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
index e0070d9f22..f9667db3fe 100644
--- a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
+++ b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--439a1030-12a5-412c-bc93-e9c0bd9b80ce",
+    "id": "bundle--91ba0891-b65d-45a7-8b95-20b33fc04cdf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
index 8d402c0ef5..4bd8175f45 100644
--- a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
+++ b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f31b67b3-06ec-4327-aa87-60a5ffeaeeed",
+    "id": "bundle--8ba913e6-2845-45d9-a7e8-bcb82eb1ba38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
index 4c04cc7bc9..8f3e75043c 100644
--- a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
+++ b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--431ac6e9-f3dd-4a12-acef-38477174b91a",
+    "id": "bundle--a5408238-b112-49c0-8724-f45db4837d33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
index 101e058f20..fb7c003275 100644
--- a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
+++ b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8cb3deb-27ab-44d0-a8f1-e6ee160873f6",
+    "id": "bundle--92e8039c-5e9a-48cb-b82b-137313e3c4d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
index bf536c1a51..7cde5178ad 100644
--- a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
+++ b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00604f89-bba6-41d2-abd3-0b76936ce71e",
+    "id": "bundle--3fdc80f9-4281-4788-8de8-60f5e94f91e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
index 9da52db996..9b5a595b30 100644
--- a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
+++ b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5bac46e-be31-42b0-8952-c08581d3dedf",
+    "id": "bundle--c47bfd2c-4145-41ad-9f57-49314de2170f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
index c53670836c..b31012ed17 100644
--- a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
+++ b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7774be23-57b6-4275-b501-4ab317b55acf",
+    "id": "bundle--23b49e79-571a-473d-8a08-4326b106195b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
index 3450966210..b1571dcc7a 100644
--- a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
+++ b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b134248-0b7c-4d99-a087-467183c9ee56",
+    "id": "bundle--a2c4a3ae-0065-48cd-b280-a7747040d379",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
index 81618c1f82..ff8e58b61c 100644
--- a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
+++ b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8714ebf7-7015-4cd1-93f7-1b82051156ef",
+    "id": "bundle--350c2df7-e36b-492d-8977-d8efdb4a158c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
index 54859b523a..3f4c906334 100644
--- a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
+++ b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6968e92-4b45-4876-aaf3-e6c1db1ebb7d",
+    "id": "bundle--eb6b80e5-a95a-42d7-b4af-635e22913ce1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
index cdc060433f..a8ee489da3 100644
--- a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
+++ b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adf54853-119c-4d8b-b916-72d172e8cedf",
+    "id": "bundle--5bc53752-480a-40b4-b482-edc568512c96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
index db65520d24..8a09d8862a 100644
--- a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
+++ b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9fd5776-09d6-4c25-a09f-b8664b2120f8",
+    "id": "bundle--f75ac1dd-439b-4f36-bd21-560dcaa03e11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
index 77f4e01eac..f039e21f0c 100644
--- a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
+++ b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2059ac07-a38f-41b8-9bf7-ef522b8cc194",
+    "id": "bundle--8b8c3b36-d60f-4330-8cb0-65f46d6ba90c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
index c74831c31c..2a93ebc97e 100644
--- a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
+++ b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ced00cd3-d48a-4814-bbd3-8283c6e9651c",
+    "id": "bundle--7d8fc386-9f96-4153-b53a-d5d4b1a23778",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
index 0151f2a559..fb116e1e0f 100644
--- a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
+++ b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--144aa323-7be0-4cc5-860f-5b86b2d4c8c5",
+    "id": "bundle--cc77754f-d4b7-459f-9598-e17ecc88bbd0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
index 324868afe3..8e431e11d8 100644
--- a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
+++ b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d80dcec-7654-43b4-9f87-3399b4b4cba1",
+    "id": "bundle--b03e68da-84eb-495f-8561-6ad9dff920c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
index 730bcd05e2..f8fcfa3924 100644
--- a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
+++ b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c5a4d30-d590-418d-9632-f5be2a66d1b5",
+    "id": "bundle--203445cc-f95c-46f8-addd-d4725442ba23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
index 4e9e00103d..87af09959b 100644
--- a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
+++ b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--427b9d95-5078-4c78-a651-5e38dd86f19c",
+    "id": "bundle--73127fe8-2419-4de2-bb2b-894af10f7e3a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
index c565eff6fd..753e198d90 100644
--- a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
+++ b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab64ace1-09c8-419e-b6fe-2234c23b939d",
+    "id": "bundle--c07e196c-59a0-4b06-8ef1-308a3828afa0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
index 6b6ab87751..d53982ccfe 100644
--- a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
+++ b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81a53d92-3145-4a87-8f3a-fb88726a6a3b",
+    "id": "bundle--9bbfccfe-1569-4683-9d6f-ca95432b9319",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
index 8dad87f7e7..a11aaa1d1a 100644
--- a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
+++ b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e2ac0b1-6d36-4582-a432-56ed9aa612d0",
+    "id": "bundle--c5998cb8-efa6-424b-add7-7ed4d8f8da77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
index b09139f409..a36c894f33 100644
--- a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
+++ b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47a02d6a-aae3-401f-9478-281ac5fee69e",
+    "id": "bundle--78575758-d2e3-44da-ac1d-cc105c57e946",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
index aed75aabfa..9a418febf9 100644
--- a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
+++ b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8ba5dbdf-4094-48c1-8cd5-01483c3246e8",
+    "id": "bundle--4c60bfc6-7aef-4385-8ad5-e7410774fedf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
index d77a0d3ea0..21a5cd2c32 100644
--- a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
+++ b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d56b2e5-482e-4004-927f-e44ce7fb3f89",
+    "id": "bundle--1ed16bad-de98-4d1d-adc3-14242d621976",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
index b0f9047152..49a97db1b6 100644
--- a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
+++ b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13c82f3a-bb36-442c-84e5-bc4c9fde68fb",
+    "id": "bundle--5ad702cb-96bd-4f82-866e-47c46d882a4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
index e4eec55395..05ff14a32f 100644
--- a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
+++ b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--daf72052-c8ac-49b8-a910-cb5ec96de1d8",
+    "id": "bundle--8d4e090d-1a2d-4dfc-b8fe-ce5433b0b3ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
index e5a59b33e8..f80284ed4d 100644
--- a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
+++ b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f4c502e-51bd-4f55-ab61-44274a7e69cc",
+    "id": "bundle--e58928e0-5f5e-458f-9ab3-3d69f1957792",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
index a25ba67f7d..f273255e82 100644
--- a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
+++ b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52fbe9e8-f9a3-48d0-8cb7-8cfcf8bf734d",
+    "id": "bundle--00f089c5-a17a-4bb6-b82d-ef90df00d920",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
index c2e0d80064..73bcdf2cdc 100644
--- a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
+++ b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a98aaf51-192f-4d31-9831-28ff7f2709ce",
+    "id": "bundle--f8e9b7dc-609d-45d0-87ab-d7ab7e86a116",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json b/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json
index 1d56a9caad..e72d3def2b 100644
--- a/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json
+++ b/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2b6d3af-00d1-4a48-bab8-fc71d1a0bdbc",
+    "id": "bundle--f0f5dda0-c4f1-4414-a0ff-0561b0902e14",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
index a3eabd2388..39cd2be386 100644
--- a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
+++ b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c6b0d9a-6826-477b-9092-e47c8dcf4213",
+    "id": "bundle--fe1dbc7c-c054-49d5-a489-6c2e36633d79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
index f3ef3fe775..7989ee3609 100644
--- a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
+++ b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44e50b19-c9cf-4a79-bc0a-720e336e1d7e",
+    "id": "bundle--2f59d5f8-b60e-4dfd-b722-33c03e45ba02",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
index e4a98bcb11..5b1794bcbb 100644
--- a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
+++ b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6619cff8-d4c5-4e55-a010-ced6b301cc00",
+    "id": "bundle--ac4bf5a4-59aa-4882-8d13-4cbd9103501b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
index 1b4bf7994d..2d5066b2b1 100644
--- a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
+++ b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b280b5a-df66-42a9-968f-9b8d96886509",
+    "id": "bundle--66168cc8-eb6d-47de-ab98-92c7264308d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
index a87d3d5f72..c8907d9e20 100644
--- a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
+++ b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ef3b780-2dfd-45d8-84b3-ee07e0be766b",
+    "id": "bundle--0c130b04-3cbf-4f87-bd04-667a04bc0571",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
index 1bf9606141..85425870ee 100644
--- a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
+++ b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3863bc9e-023b-431b-ad14-eb6a4fac9892",
+    "id": "bundle--545138b6-846c-4deb-b28a-3358cc8a5d0b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
index db0881594f..4f716d2aaa 100644
--- a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
+++ b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--566c9066-1913-4117-9d4f-b51dd844a043",
+    "id": "bundle--94917e33-e894-4534-8a82-9884d2c4de38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json b/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json
index d3c48268c3..a884bfb664 100644
--- a/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json
+++ b/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--412cfb48-f646-412b-9ea8-c4f42a4e5869",
+    "id": "bundle--313c9f94-1220-4b16-9d3d-7cae13f40284",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
index 95d84fb78e..585c7a3a6f 100644
--- a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
+++ b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4d4866d-69d4-4d60-b962-8a07926649c3",
+    "id": "bundle--97a0b06e-6340-46ff-a27b-493d9fb56730",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
index f2e259edd7..790f1089ca 100644
--- a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
+++ b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0fe22b2-48c7-45bc-90ac-604f58e5b5c9",
+    "id": "bundle--b00e166e-9e48-48c2-8f80-ab95f2fa373e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
index d6616da3f1..9063d6d263 100644
--- a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
+++ b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c7dcb31c-db98-4024-8a77-ffa288c9fa42",
+    "id": "bundle--ea719c22-9d72-4248-a331-1d58e6af6dd9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
index 448dc6fcdc..37a9274fcd 100644
--- a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
+++ b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d08c55af-f609-424a-acb6-0736fb7330a8",
+    "id": "bundle--f6906155-cdd8-4e26-9109-a1bc3589b8bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
index cb834fb906..697b1cf9d4 100644
--- a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
+++ b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--32103678-75a6-400b-a0b0-c609980ba0d9",
+    "id": "bundle--ee7cfcc3-3790-4525-bddc-86c10398c388",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
index aefc139edd..5b5c023f1f 100644
--- a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
+++ b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71f19531-efc4-42fd-970a-03027343c206",
+    "id": "bundle--5d20f07b-abf1-4eda-b274-d5c4612af763",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
index 7f3e0c8ba2..17af0bbc82 100644
--- a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
+++ b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--369ca9c1-dc07-4815-a920-a481ce6d6efc",
+    "id": "bundle--7069c383-3ad6-4d93-86df-1cdeeb197648",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
index 2b651b3bc8..d07fe5fe09 100644
--- a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
+++ b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--852ac1b4-90d6-44a5-9346-ea7c2a976058",
+    "id": "bundle--988a798d-6a00-4347-a6eb-f1f49ed2cc6b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
index df4f492dec..3667fb09e5 100644
--- a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
+++ b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7e89b75-af1f-45a0-97ba-725dd3385218",
+    "id": "bundle--bef5f191-f69a-4c4f-9fda-ebdbbb79fb82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
index ac14554263..a405cbe8ec 100644
--- a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
+++ b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7520df7-b12a-495b-8666-c341215165c4",
+    "id": "bundle--215ee449-3337-4718-bf81-9ae6cc88ce15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
index 0efc32cdef..00e00baddd 100644
--- a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
+++ b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d901b01-68f6-4457-8d8e-5ba76f341a87",
+    "id": "bundle--172d1577-7920-4e38-97f2-17a86bfa83b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
index 21d7f379ae..b2cd021c54 100644
--- a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
+++ b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e2998c3-a578-46fd-9fd5-724e8338c265",
+    "id": "bundle--3393e884-0b6c-4a54-b9f3-58097a97853e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
index 3333d6f201..79c4f7fb7b 100644
--- a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
+++ b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5152624a-cfac-43f5-93c4-a43ba5277cba",
+    "id": "bundle--e47f5181-ac94-41c2-abb7-4cc415e5e9dd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
index ceb97aa9e9..59bf9d4b52 100644
--- a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
+++ b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4edf813-6b62-4e19-97b6-a637162e4695",
+    "id": "bundle--8893ccfa-198c-4429-867b-736c06508406",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
index 874bb104b5..98f1f52bfd 100644
--- a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
+++ b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f44722d-e360-4fe0-becb-5affbf56074c",
+    "id": "bundle--4533696c-d565-424b-8864-770ed8d7995e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
index 7a18bab9e0..962c542a3a 100644
--- a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
+++ b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a464686e-ab2e-476a-8f63-1ec058104d39",
+    "id": "bundle--e0cafa2c-abf4-4a03-9221-c695b4bd3d16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
index 363404931a..c7d270f50e 100644
--- a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
+++ b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e4f14c5-7f73-443d-899d-d48e2066084a",
+    "id": "bundle--520c074d-ae3b-4757-a002-06cd97974510",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
index dc77fb8b71..0de38e359c 100644
--- a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
+++ b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95d48799-dc6f-4e92-ad4c-e1d13cf551fa",
+    "id": "bundle--7d06ab5b-daeb-42d2-aa5e-74719a564a1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
index d83775ddf1..1c5a5cd993 100644
--- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
+++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20c87b1b-154a-4936-946c-1684b642b1bf",
+    "id": "bundle--9e039e0e-f271-4d1b-b4b8-fb08e12e984e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
index a7da5f4adf..7273724071 100644
--- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
+++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--542fbb28-677c-45ff-8642-4fe2ebdc993e",
+    "id": "bundle--5cb773dd-d4fa-41be-bb54-8a083d79f9a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
index 414de07b01..c452419a5d 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--663389f7-a210-47c7-9b6c-9b8c60743a1e",
+    "id": "bundle--d545d76b-33a0-4327-9739-c73f37ae5c33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
index 9ace857884..ed3db0fe26 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1e65552-a54c-4aa3-bb24-a0c4bf4eb759",
+    "id": "bundle--6ecb146e-6569-4114-925a-265f24986b43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
index 92c59e089f..2f3f1858de 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--462f0ef5-9a2c-414d-9ea4-2b5bf9b15f18",
+    "id": "bundle--225905a4-1b8d-4775-bb77-c9f39cb1faf4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
index 9653ef5de9..2b8216f14b 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1ba1d4e-2434-4093-983d-f973b4a97824",
+    "id": "bundle--b36d9131-0081-4f63-9c73-912f0ac1b5aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
index fa0d040c41..1b749ed913 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e7b093a-444a-4e08-8fef-0153ee376ad5",
+    "id": "bundle--a68880c3-15ec-4d70-a2fd-013e44c09cb1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
index 2792c63bb2..5fa70fa7a4 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--663f1ce0-ec69-4db5-8516-0c66b2da8b1d",
+    "id": "bundle--210fd722-b9c2-4ee4-b250-46f9dfb9e783",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
index 4c1720a3b2..d56f66af8f 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ac35650-e85a-48ec-a4d9-47f61587eb50",
+    "id": "bundle--fb7d8a9f-5936-4278-9d25-e92d941e8b38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
index 427098e305..5ca0ff9bf3 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12c26deb-e84b-463d-a416-42dd52ae155f",
+    "id": "bundle--9848f63b-052c-4f25-9567-a4c9b5accab9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
index 41badf6128..8a253594a2 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e451f386-37cb-4020-a2ac-40b567f1e1b5",
+    "id": "bundle--12783d12-2f82-4fde-b32e-bf9511dfd3f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
index cb357f9d74..a00e09024d 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03921816-2991-4118-b203-d72ad4b73b8a",
+    "id": "bundle--3e2ee230-c909-4b4b-8c12-b48f1a19fa95",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
index cf89a53e58..892211d067 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec61b709-6f2f-4059-99a1-1cabacfccd22",
+    "id": "bundle--60fc7f2b-1cac-49e6-aec1-7d7d4d324a1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
index fa4273a9f9..343ca48e43 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
@@ -1,33 +1,35 @@
 {
     "type": "bundle",
-    "id": "bundle--f18239f8-0441-437f-b69c-1291e4395bf1",
+    "id": "bundle--61154d72-de97-465d-b8d0-b313d93bc171",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2022-11-07T21:01:17.781Z",
+            "name": "Network Effects",
+            "description": "The adversary is trying to intercept or manipulate network traffic to or from a device.\n\nThis category refers to network-based techniques that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself. These include techniques to intercept or manipulate network traffic to and from the mobile device.",
+            "x_mitre_deprecated": true,
             "x_mitre_domains": [
                 "mobile-attack"
             ],
+            "x_mitre_version": "1.0",
+            "x_mitre_shortname": "network-effects",
+            "type": "x-mitre-tactic",
+            "id": "x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210",
+            "created": "2018-10-17T00:14:20.652Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/tactics/TA0038",
+                    "external_id": "TA0038"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "id": "x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210",
-            "type": "x-mitre-tactic",
-            "created": "2018-10-17T00:14:20.652Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "external_references": [
-                {
-                    "external_id": "TA0038",
-                    "url": "https://attack.mitre.org/tactics/TA0038",
-                    "source_name": "mitre-attack"
-                }
-            ],
-            "modified": "2020-01-27T14:07:12.472Z",
-            "name": "Network Effects",
-            "description": "The adversary is trying to intercept or manipulate network traffic to or from a device.\n\nThis category refers to network-based techniques that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself. These include techniques to intercept or manipulate network traffic to and from the mobile device.",
-            "x_mitre_version": "1.0",
-            "x_mitre_attack_spec_version": "2.1.0",
-            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "x_mitre_shortname": "network-effects"
+            "x_mitre_attack_spec_version": "3.0.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
 }
\ No newline at end of file
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
index 4d6f7fcf02..dbf1f930c6 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00b42b29-3162-4c21-b681-e9e170dd9757",
+    "id": "bundle--ae5b6cc0-068d-4db4-a36f-f95b6b3da7f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
index 61e4995a4b..203f13af66 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
@@ -1,33 +1,35 @@
 {
     "type": "bundle",
-    "id": "bundle--67f152eb-cde4-446c-884f-8650b8f05559",
+    "id": "bundle--35a0a231-267c-4dd4-b230-3a1a14b95364",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2022-11-07T21:01:36.112Z",
+            "name": "Remote Service Effects",
+            "description": "The adversary is trying to control or monitor the device using remote services.\n\nThis category refers to techniques involving remote services, such as vendor-provided cloud services (e.g. Google Drive, Google Find My Device, or Apple iCloud), or enterprise mobility management (EMM)/mobile device management (MDM) services that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself.",
+            "x_mitre_deprecated": true,
             "x_mitre_domains": [
                 "mobile-attack"
             ],
+            "x_mitre_version": "1.0",
+            "x_mitre_shortname": "remote-service-effects",
+            "type": "x-mitre-tactic",
+            "id": "x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17",
+            "created": "2018-10-17T00:14:20.652Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/tactics/TA0039",
+                    "external_id": "TA0039"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "id": "x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17",
-            "type": "x-mitre-tactic",
-            "created": "2018-10-17T00:14:20.652Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "external_references": [
-                {
-                    "external_id": "TA0039",
-                    "url": "https://attack.mitre.org/tactics/TA0039",
-                    "source_name": "mitre-attack"
-                }
-            ],
-            "modified": "2020-01-27T14:07:26.209Z",
-            "name": "Remote Service Effects",
-            "description": "The adversary is trying to control or monitor the device using remote services.\n\nThis category refers to techniques involving remote services, such as vendor-provided cloud services (e.g. Google Drive, Google Find My Device, or Apple iCloud), or enterprise mobility management (EMM)/mobile device management (MDM) services that an adversary may be able to use to fulfill his or her objectives without access to the mobile device itself.",
-            "x_mitre_version": "1.0",
-            "x_mitre_attack_spec_version": "2.1.0",
-            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "x_mitre_shortname": "remote-service-effects"
+            "x_mitre_attack_spec_version": "3.0.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
 }
\ No newline at end of file